UNPKG

@xrengine/server-core

Version:

Shared components for XREngine server

github.com/XRFoundation/XREngine

XRFoundation/XREngine

76 lines (70 loc) 2.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import { NotFound } from '@feathersjs/errors' import { HookContext } from '@feathersjs/feathers' import { iff, isProvider } from 'feathers-hooks-common' import authenticate from '../../hooks/authenticate' import accountService from '../auth-management/auth-management.notifier' const isPasswordAccountType = () => { return (context: HookContext): boolean => { if (context.data.type === 'password') { return true } return false } } const sendVerifyEmail = () => { return (context: any): Promise<HookContext> => { accountService(context.app).notifier('resendVerifySignup', context.result) return context } } const checkIdentityProvider = (): any => { return async (context: HookContext): Promise<HookContext> => { if (context.id) { // If trying to CRUD a specific identity-provider, throw 404 if the user doesn't own it const thisIdentityProvider = await (context.app.service('identity-provider') as any).Model.findByPk(context.id) if ( context.params['identity-provider'] && context.params['identity-provider'].userId !== thisIdentityProvider.userId ) throw new NotFound() } else { // If trying to CRUD multiple identity-providers, e.g. patch all IP's belonging to a user, make params.query.userId // the ID of the calling user, so no one can alter anyone else's IPs. const userId = context.params['identity-provider']?.userId if (!userId) throw new NotFound() if (!context.params.query) context.params.query = {} context.params.query.userId = userId } if (context.data) context.data = { password: context.data.password } //If patching externally, should only be able to change password return context } } export default { before: { all: [], find: [iff(isProvider('external'), authenticate() as any)], get: [iff(isProvider('external'), authenticate() as any, checkIdentityProvider())], create: [], update: [iff(isProvider('external'), authenticate() as any, checkIdentityProvider())], patch: [iff(isProvider('external'), authenticate() as any, checkIdentityProvider())], remove: [iff(isProvider('external'), authenticate() as any, checkIdentityProvider())] }, after: { all: [], find: [], get: [], create: [], update: [], patch: [], remove: [] }, error: { all: [], find: [], get: [], create: [], update: [], patch: [], remove: [] } } as any