UNPKG

@perfood/couch-auth

Version:

Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.

github.com/perfood/couch-auth

perfood/couch-auth

91 lines (90 loc) 2.93 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
// Contains middleware useful for securing your routes 'use strict'; Object.defineProperty(exports, "__esModule", { value: true }); exports.Middleware = void 0; class Middleware { constructor(passport) { this.passport = passport; } /** Requires that the user be authenticated with a bearer token */ requireAuth(req, res, next) { this.passport.authenticate('bearer', { session: false })(req, res, next); } // Requires that the user have the specified role requireRole(requiredRole) { return (req, res, next) => { if (!req.user) { return next(Middleware.superloginError); } const roles = req.user.roles; if (!roles || !roles.length || roles.indexOf(requiredRole) === -1) { res.status(Middleware.forbiddenError.status); res.json(Middleware.forbiddenError); } else { next(); } }; } /** Requires that the user have at least one of the specified roles */ requireAnyRole(possibleRoles) { return (req, res, next) => { if (!req.user) { return next(Middleware.superloginError); } let denied = true; const roles = req.user.roles; if (roles && roles.length) { for (let i = 0; i < possibleRoles.length; i++) { if (roles.indexOf(possibleRoles[i]) !== -1) { denied = false; } } } if (denied) { res.status(Middleware.forbiddenError.status); res.json(Middleware.forbiddenError); } else { next(); } }; } requireAllRoles(requiredRoles) { return (req, res, next) => { if (!req.user) { return next(Middleware.superloginError); } let denied = false; const roles = req.user.roles; if (!roles || !roles.length) { denied = true; } else { for (let i = 0; i < requiredRoles.length; i++) { if (roles.indexOf(requiredRoles[i]) === -1) { denied = true; } } } if (denied) { res.status(Middleware.forbiddenError.status); res.json(Middleware.forbiddenError); } else { next(); } }; } } exports.Middleware = Middleware; Middleware.forbiddenError = { error: 'Forbidden', message: 'You do not have permission to access this resource.', status: 403 }; Middleware.superloginError = { error: 'superlogin', message: 'requireAuth must be used before checking roles', status: 500 };