pandres95/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Instructions


Create a folder called middleware, below the project folder.
Add the middleware files.
Insert the dependencies on index.js
Modify the passport DAO to add the permissions in the user response.


## index.js
'use strict';

const Bool = require('bool.js');

let API = new Bool('com.example.api', [
    /* ... include other dependencies ... */

    require.resolve('./middleware/permissions-check'),
    require.resolve('./middleware/roles-check')
]);

module.exports = (API
    .setServerLoader('booljs-express')
    .setDatabaseLoader('booljs-mongoose')
).run();

## passport.js
'use strict';

module.exports = function (app) {
    const Bearer            = app.utilities['passport-http-bearer'];
    const ClientPassword    = app.utilities['passport-oauth2-client-password'];
    const HTTP              = app.utilities['passport-http'];
    const Client            = app.dao.Client;
    const Token             = app.dao.Token;
    const User              = app.dao.User;

    this.bearer = function (passport) {
        passport.serializeUser((user, done) => done(null, user));
        passport.deserializeUser((user, done) => done(null, user));

        return new Bearer.Strategy(async (accessToken, done) => {
            try {
                let token = await new Token().find(accessToken);
                let user  = token && await new User().find(token.user);

                done(null, user && _(user.toObject()).extend({
                    permissions: (_
                        .chain(user.roles)
                        .map(role => role.permissions)
                    ).flatten().unique().value(),
                    roles: _(user.roles).map(role => role._id)
                }) || false);
            } catch(error) { log.error(error); done(error); }
        });
    };

    /* ... */
};

## permissions-check.js
'use strict';

const API = require('booljs-api');

module.exports = class PermissionsChecker extends API.RouteMiddleware {

    constructor() {
        super('permissions-checker', 'mandatory', { checkPermissions: true });
        this.priority = 10;
    }

    action(_instance, router, route) {
        let app = _instance.getComponents();

        return function (request, response, next) {
            log.debug(request.user);
            if(_.intersection(
                route.permissions, request.user.permissions
            ).length > 0) { return next(); }

            return next(new app.Error(403, 'E_MISSINGPERMISSIONS', {
                'en': 'You have insuficient permissions to execute this action',
                'es': 'Tiene insuficientes permisos para ejectutar esta acción'
            }));
        };
    }
};

## roles-check.js
'use strict';

const API = require('booljs-api');

module.exports = class RolesChecker extends API.RouteMiddleware {

    constructor(){
        super('roles-checker', 'mandatory', { checkRoles: true });
    }

    action(_instance, router, route) {
        let app = _instance.getComponents();

        return function (request, response, next) {
            if(_(route.roles).intersection(request.user.roles).length > 0) {
                return next();
            }
            return next(new app.Error(403, 'E_INVALID_ROLE', {
                'en': 'The actual user\'s role is invalid',
                'es': 'El rol del usuario actual es invalido'
            }));
        };
    }
};
	'use strict';

	const Bool = require('bool.js');

	let API = new Bool('com.example.api', [
	/* ... include other dependencies ... */

	require.resolve('./middleware/permissions-check'),
	require.resolve('./middleware/roles-check')
	]);

	module.exports = (API
	.setServerLoader('booljs-express')
	.setDatabaseLoader('booljs-mongoose')
	).run();
	'use strict';

	module.exports = function (app) {
	const Bearer = app.utilities['passport-http-bearer'];
	const ClientPassword = app.utilities['passport-oauth2-client-password'];
	const HTTP = app.utilities['passport-http'];
	const Client = app.dao.Client;
	const Token = app.dao.Token;
	const User = app.dao.User;

	this.bearer = function (passport) {
	passport.serializeUser((user, done) => done(null, user));
	passport.deserializeUser((user, done) => done(null, user));

	return new Bearer.Strategy(async (accessToken, done) => {
	try {
	let token = await new Token().find(accessToken);
	let user = token && await new User().find(token.user);

	done(null, user && _(user.toObject()).extend({
	permissions: (_
	.chain(user.roles)
	.map(role => role.permissions)
	).flatten().unique().value(),
	roles: _(user.roles).map(role => role._id)
	}) \|\| false);
	} catch(error) { log.error(error); done(error); }
	});
	};

	/* ... */
	};
	'use strict';

	const API = require('booljs-api');

	module.exports = class PermissionsChecker extends API.RouteMiddleware {

	constructor() {
	super('permissions-checker', 'mandatory', { checkPermissions: true });
	this.priority = 10;
	}

	action(_instance, router, route) {
	let app = _instance.getComponents();

	return function (request, response, next) {
	log.debug(request.user);
	if(_.intersection(
	route.permissions, request.user.permissions
	).length > 0) { return next(); }

	return next(new app.Error(403, 'E_MISSINGPERMISSIONS', {
	'en': 'You have insuficient permissions to execute this action',
	'es': 'Tiene insuficientes permisos para ejectutar esta acción'
	}));
	};
	}
	};
	'use strict';

	const API = require('booljs-api');

	module.exports = class RolesChecker extends API.RouteMiddleware {

	constructor(){
	super('roles-checker', 'mandatory', { checkRoles: true });
	}

	action(_instance, router, route) {
	let app = _instance.getComponents();

	return function (request, response, next) {
	if(_(route.roles).intersection(request.user.roles).length > 0) {
	return next();
	}
	return next(new app.Error(403, 'E_INVALID_ROLE', {
	'en': 'The actual user\'s role is invalid',
	'es': 'El rol del usuario actual es invalido'
	}));
	};
	}
	};