dino-express/dist/middlewares/impl/before/SecurityMiddleware.js

DinO enabled REST framework based on express

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecurityMiddleware = void 0;
const dino_core_1 = require("dino-core");
const AbstractSecurityValidationHandler_1 = require("../../../security/AbstractSecurityValidationHandler");
const before_handler_middleware_1 = require("../../before.handler.middleware");
class SecurityMiddleware extends before_handler_middleware_1.BeforeHandlerMiddleware {
    api;
    apiDocument;
    applicationContext;
    constructor(applicationContext, api, components) {
        super();
        this.api = api;
        this.apiDocument = components;
        this.applicationContext = applicationContext;
    }
    /**
     * Definition of the function that will handle the security business logic associated with this middleware.
     *
     * @param {import('express').Request} req Express request instance
     * @param {import('express').Response} res express response instance
     * @param {Function} next the next function that will be invoked as part of the express chain
     */
    handle(req, res, next) {
        const securityDefinitions = this.api.security;
        if (dino_core_1.ObjectHelper.isDefined(securityDefinitions)) {
            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
            for (let index = 0; index < securityDefinitions.length; index++) {
                // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
                const securityRequirement = securityDefinitions[index];
                for (const securityDefinitionName of Object.keys(securityRequirement)) {
                    const securityDefinitions = this.getSecurityDefinition(this.apiDocument);
                    if (dino_core_1.ObjectHelper.isDefined(securityDefinitions)) {
                        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
                        const config = securityDefinitions[securityDefinitionName];
                        if ('type' in config) {
                            // if type is not present means it is a ref, that case needs to be implemented
                            const handlers = this.applicationContext.resolveAll(AbstractSecurityValidationHandler_1.AbstractSecurityValidationHandler);
                            const handler = handlers.find((handler) => handler.canHandle(config.type));
                            if (dino_core_1.ObjectHelper.isDefined(handler)) {
                                return handler?.handle(req, res, next, config);
                            }
                        }
                    }
                }
            }
        }
        next();
    }
    getSecurityDefinition(document) {
        if ('securityDefinitions' in document) {
            return document.securityDefinitions;
        }
        if ('components' in document) {
            return document.components?.securitySchemes;
        }
        return undefined;
    }
}
exports.SecurityMiddleware = SecurityMiddleware;
//# sourceMappingURL=SecurityMiddleware.js.map