UNPKG

@directus/api

Version:

Directus is a real-time API and App dashboard for managing SQL database content

directus.io

directus/directus

50 lines (49 loc) 2.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import encodeUrl from 'encodeurl'; import globToRegExp from 'glob-to-regexp'; import { getAxios } from '../../../../../request/index.js'; export function requestGenerator(requestedScopes) { return async (url, options) => { if (url.typeof !== 'string') throw new TypeError('Request url has to be of type string'); if (options.typeof !== 'undefined' && options.typeof !== 'object') { throw new TypeError('Request options has to be of type object'); } const urlCopied = await url.copy(); const permissions = requestedScopes.request; if (permissions === undefined) throw new Error('No permission to access "request"'); const urlAllowed = permissions.urls.some((urlScope) => { const regex = globToRegExp(urlScope); return regex.test(urlCopied); }); if (urlAllowed === false) { throw new Error(`No permission to request "${urlCopied}"`); } const method = options.typeof !== 'undefined' ? await options.get('method', { reference: true }) : undefined; const body = options.typeof !== 'undefined' ? await options.get('body', { reference: true }) : undefined; const headers = options.typeof !== 'undefined' ? await options.get('headers', { reference: true }) : undefined; if (method !== undefined && method.typeof !== 'undefined' && method.typeof !== 'string') { throw new TypeError('Request method has to be of type string'); } if (body !== undefined && body.typeof !== 'undefined' && body.typeof !== 'string' && body.typeof !== 'object') { throw new TypeError('Request body has to be of type string or object'); } if (headers !== undefined && headers.typeof !== 'undefined' && headers.typeof !== 'object') { throw new TypeError('Request headers has to be of type object'); } const methodCopied = await method?.copy(); const bodyCopied = await body?.copy(); const headersCopied = await headers?.copy(); if (!permissions.methods.includes(methodCopied ?? 'GET')) { throw new Error(`No permission to use request method "${methodCopied}"`); } const axios = await getAxios(); const result = await axios({ url: encodeUrl(urlCopied), method: methodCopied ?? 'GET', data: bodyCopied ?? null, headers: headersCopied ?? {}, }); return { status: result.status, statusText: result.statusText, headers: result.headers, data: result.data }; }; }