dino-express
Version:
DinO enabled REST framework based on express
46 lines • 2.13 kB
JavaScript
;
// Copyright 2025 Quirino Brizi
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
Object.defineProperty(exports, "__esModule", { value: true });
exports.HttpSecurityValidationHandler = void 0;
const dino_core_1 = require("dino-core");
const client_http_exception_1 = require("../exception/client.http.exception");
const AbstractSecurityValidationHandler_1 = require("./AbstractSecurityValidationHandler");
// limitations under the License.
class HttpSecurityValidationHandler extends AbstractSecurityValidationHandler_1.AbstractSecurityValidationHandler {
handle(req, _res, next, config) {
const scheme = 'scheme' in config ? config.scheme : 'basic';
const token = this.getToken(scheme, config, req);
if (dino_core_1.ObjectHelper.isDefined(token)) {
let authorised = false;
if (scheme?.toLowerCase() === 'bearer') {
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
authorised = this.validateBearerAuth(token, config);
}
if (scheme?.toLowerCase() === 'basic') {
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
authorised = this.validateBasicAuth(token, config);
}
if (authorised) {
next();
return;
}
}
next(client_http_exception_1.ClientHttpException.create(401, 'Unauthorized'));
}
canHandle(type) {
return type === 'http';
}
}
exports.HttpSecurityValidationHandler = HttpSecurityValidationHandler;
//# sourceMappingURL=HttpSecurityValidationHandler.js.map