UNPKG

jsonapi-server-mini

Version:

Minimalistic JSON:API server for Node.js and MongoDB

github.com/Redsandro/jsonapi-server-mini

Redsandro/jsonapi-server-mini

184 lines (166 loc) 5.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
/** * @author Sander Steenhuis <info@redsandro.com> (https://www.Redsandro.com) * @author Stone Circle <info@stonecircle.ie> (https://www.stonecircle.ie) * @license MIT */ const { Error:JsonApiError } = require('jsonapi-serializer') const create = require('./pipeline/create') const findOne = require('./pipeline/findOne') const findMany = require('./pipeline/findMany') const fields = require('./pipeline/fields') const sort = require('./pipeline/sort') const deleteOne = require('./pipeline/deleteOne') const error = require('./pipeline/error') const updateOne = require('./pipeline/updateOne') module.exports = (options) => { const type = get(options, 'model.collection.name') const routeMap = {} if (!type) throw new Error('Mongoose model is missing') if (options.create) { routeMap.post = { [`/${type}`]: [ auth(options, 'create'), middlewrap(options, 'create', create), error(options), ].filter(Boolean) } } if (options.find) { routeMap.get = { [`/${type}`]: [ auth(options, 'find'), fields(options), sort(options), middlewrap(options, 'find', findMany), error(options), ].filter(Boolean), [`/${type}/:id`]: [ auth(options, 'find'), fields(options), middlewrap(options, 'find', findOne), error(options), ].filter(Boolean) } } if (options.update) { routeMap.patch = { [`/${type}/:id`]: [ auth(options, 'update'), middlewrap(options, 'update', updateOne), error(options), ].filter(Boolean) } } if (options.delete) { routeMap.delete = { [`/${type}/:id`]: [ auth(options, 'delete'), middlewrap(options, 'delete', deleteOne), error(options), ].filter(Boolean) } } return routeMap } /** * Execute all authn and authz functions. * @param {Object} options Route options * @param {String} method The CRUD method to use * @return {Function[]} Array of auth functions to use */ function auth(options, method) { return [ (req, res, next) => ( // Create namespaces req.jsMini = { query: {}, select: {} } ) && next(), middlefy(options, `${method}.authn`), // Method-specific authn middlefy(options, 'authn'), // Route-specific authn middlefy(options, 'args.authn'), // Global authn middlefy(options, 'args.authz'), // Global authz middlefy(options, 'authz'), // Route authz middlefy(options, `${method}.authz`), // Method authz ].filter(Boolean) } /** * Wrap CRUD-function in pre- and postmiddleware * @param {Object} options Route options * @param {String} method The CRUD method to use * @param {Function} fn CRUD method function * @return {Function[]} Array with middleware functions */ function middlewrap(options, method, fn) { return [ middleware(options, method, 'pre'), fn(options), // middleware(options, method, 'post'), // see beforeSerializer //TODO: Move before- and afterSerializer here ] } /** * Return all middleware functions. * You can now use middleware() or middleware{pre(), post()} in your route or global options. * @param {Object} options Route options * @param {String} method The CRUD method to use * @param {String='pre','post'} order Is this pre or post middleware * @return {Function[]} Array of auth functions to use */ function middleware(options, method) { return [ middlefy(options, 'args.middleware'), middlefy(options, 'args.middleware.pre'), middlefy(options, 'middleware'), middlefy(options, 'middleware.pre'), middlefy(options, `${method}.middleware`), middlefy(options, `${method}.middleware.pre`), ].filter(Boolean) } /** * Middleware-ify - Return middleware function if only one argument was passed. * Normally you use e.g. `authz` with one argument (`req`) and return a query object. * But this will allow you to insert complete middleware if you so wish, for example if you wish to `await` something * before calling `next()`, or throw custom errors. In this case you need to add the `req.jsMini.query` object manually, * which will be merged with the mongoose query. * @example * ```js * // Assuming user.id is defined by your authentication function: * authn: (req) => ({ author: req.user.id }) * ``` * @example * ```js * // Assuming `options.getUser()` is a user returning function: * async authn(req, res, next) { * const user = await options.getUser() * if (!user) return next(new Error('User not found!!1')) * req.jsMini.query = { author: user.id } * return next() * } * ``` * @param {Object} options Route options * @param {String} path Property to fetch from `options` * @return {function} Middleware function */ function middlefy(options, path) { const fn = get(options, path, null) if (typeof fn == 'function') { switch (fn.length) { case 3: return fn case 1: return (req, res, next) => { const { query } = req.jsMini const result = fn(req) // If authz returns a boolean, it means access granted|denied if (typeof result == 'boolean') { if (!result) return res.status(401).json(new JsonApiError({title: 'User not found.'})) return next() } // If fn returns an object, add it to the query. req.jsMini.query = {...query, ...result} return next() } } } return null }