wassname/talk
1
0
Fork 0
mirror of https://github.com/wassname/talk.git synced 2026-06-29 03:05:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
927a3fcd83442facb170de4eae278c1bb9cbcd25
talk/middleware/authorization.js
T
Wyatt Johnson 325162cb3e Added authorization pieces + test functions
2016-11-22 17:15:14 -07:00

64 lines
2.1 KiB
JavaScript
Raw Blame History

/**
* authorization contains the references to the authorization middleware.
* @type {Object}
*/
const authorization = module.exports = {
middleware: []
};
const debug = require('debug')('talk:middleware:authorization');
/**
* ErrNotAuthorized is an error that is returned in the event an operation is
* deemed not authorized.
* @type {Error}
*/
const ErrNotAuthorized = new Error('not authorized');
ErrNotAuthorized.status = 401;
// Add the ErrNotAuthorized error to the authorization object to be exported.
authorization.ErrNotAuthorized = ErrNotAuthorized;
/**
* has returns true if the user has all the roles specified, otherwise it will
* return false.
* @param {Object} user the user to check for roles
* @param {Array} roles all the roles that a user must have
* @return {Boolean} true if the user has all the roles required, false
* otherwise
*/
authorization.has = (user, ...roles) => roles.every((role) => user.roles.indexOf(role) >= 0);
/**
* needed is a connect middleware layer that ensures that all requests coming
* here are both authenticated and match a set of roles required to continue.
* @param {Array} roles all the roles that a user must have
* @return {Callback} connect middleware
*/
authorization.needed = (...roles) => [
// Insert the pre-needed middlware.
...authorization.middleware,
// Insert the actual middleware to check for the required role.
(req, res, next) => {
// All routes that are wrapepd with this middleware actually require a role.
if (!req.user) {
debug(`No user on request, returning with ${ErrNotAuthorized}`);
return next(ErrNotAuthorized);
}
// Check to see if the current user has all the roles requested for the given
// array of roles requested, if one is not on the user, then this will
// evaluate to true.
if (!authorization.has(req.user, ...roles)) {
debug('User does not have all the required roles to access this page');
return next(ErrNotAuthorized);
}
// Looks like they're allowed!
return next();
}
];
Reference in New Issue View Git Blame Copy Permalink