@universis/janitor
Version:
Universis api plugin for handling user authorization and rate limiting
27 lines (24 loc) • 931 B
JavaScript
import { ScopeAccessConfiguration } from './ScopeAccessConfiguration';
import {HttpForbiddenError} from '@themost/common';
function validateScope() {
return (req, res, next) => {
/**
* @type {ScopeAccessConfiguration}
*/
let scopeAccessConfiguration = req.context.getApplication().getConfiguration().getStrategy(ScopeAccessConfiguration);
if (typeof scopeAccessConfiguration === 'undefined') {
return next(new Error('Invalid application configuration. Scope access configuration strategy is missing or is in accessible.'));
}
scopeAccessConfiguration.verify(req).then(value => {
if (value) {
return next();
}
return next(new HttpForbiddenError('Access denied due to authorization scopes.'))
}).catch(reason => {
return next(reason);
});
};
}
export {
validateScope
}