UNPKG

json-server-auth

Version:

Authentication middleware for JSON Server

jeremyben/json-server-auth

55 lines (54 loc) 1.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.forbidMethod = exports.forbidUpdateOn = exports.goNext = exports.errorHandler = exports.bodyParsingHandler = void 0; const express_1 = require("express"); /** * Use same body-parser options as json-server */ exports.bodyParsingHandler = [express_1.json({ limit: '10mb' }), express_1.urlencoded({ extended: false })]; /** * Json error handler */ const errorHandler = (err, req, res, next) => { console.error(err); res.status(500).jsonp(err.message); }; exports.errorHandler = errorHandler; /** * Just executes the next middleware, * to pass directly the request to the json-server router */ const goNext = (req, res, next) => { next(); }; exports.goNext = goNext; /** * Look for a property in the request body and reject the request if found */ function forbidUpdateOn(...forbiddenBodyParams) { return (req, res, next) => { const bodyParams = Object.keys(req.body); const hasForbiddenParam = bodyParams.some(forbiddenBodyParams.includes); if (hasForbiddenParam) { res.status(403).jsonp(`Forbidden update on: ${forbiddenBodyParams.join(', ')}`); } else { next(); } }; } exports.forbidUpdateOn = forbidUpdateOn; /** * Reject the request for a given method */ function forbidMethod(method) { return (req, res, next) => { if (req.method === method) { res.sendStatus(405); } else { next(); } }; } exports.forbidMethod = forbidMethod;