UNPKG

express-jwt-permissions

Version:

Express middleware for JWT permissions

github.com/MichielDeMey/express-jwt-permissions

MichielDeMey/express-jwt-permissions

87 lines (68 loc) 2.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
const util = require('util') const get = require('lodash.get') const UnauthorizedError = require('./error') const PermissionError = new UnauthorizedError( 'permission_denied', { message: 'Permission denied' } ) const Guard = function (options) { const defaults = { requestProperty: 'user', permissionsProperty: 'permissions' } this._options = Object.assign({}, defaults, options) } function isString (value) { return typeof value === 'string' } function isArray (value) { return value instanceof Array } Guard.prototype = { check: function (required) { if (isString(required)) { required = [[required]] } else if (isArray(required) && required.every(isString)) { required = [required] } const _middleware = function _middleware (req, res, next) { const self = this const options = self._options if (!options.requestProperty) { return next(new UnauthorizedError('request_property_undefined', { message: 'requestProperty hasn\'t been defined. Check your configuration.' })) } const user = get(req, options.requestProperty, undefined) if (!user) { return next(new UnauthorizedError('user_object_not_found', { message: util.format('user object "%s" was not found. Check your configuration.', options.requestProperty) })) } let permissions = get(user, options.permissionsProperty, undefined) if (!permissions) { return next(new UnauthorizedError('permissions_not_found', { message: 'Could not find permissions for user. Bad configuration?' })) } if (typeof permissions === 'string') { permissions = permissions.split(' ') } if (!Array.isArray(permissions)) { return next(new UnauthorizedError('permissions_invalid', { message: 'Permissions should be an Array or String. Bad format?' })) } const sufficient = required.some(function (required) { return required.every(function (permission) { return permissions.indexOf(permission) !== -1 }) }) next(!sufficient ? PermissionError : null) }.bind(this) _middleware.unless = require('express-unless').unless return _middleware } } module.exports = function (options) { return new Guard(options) }