UNPKG

mustbe

Version:

Authorization plumbing for Node+Express apps

github.com/derickbailey/mustbe

derickbailey/mustbe

99 lines (77 loc) 2.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
var RSVP = require("rsvp"); // helpers // ------- function handleOverrides(config, identity, activity){ var denierPromise = new RSVP.Promise(function(resolve, reject){ var denier = config.denier; if (!denier){ return resolve(false); } denier(identity, activity, function(err, isDenied){ if (err) { reject(err); } resolve(isDenied); }); }); var allowerPromise = new RSVP.Promise(function(resolve, reject){ var allower = config.allower; if (!allower){ return resolve(false); } allower(identity, activity, function(err, isAllowed){ if (err) { reject(err); } resolve(isAllowed); }); }); return RSVP.all([denierPromise, allowerPromise]); } // Verifier // -------- function Verifier(identity, config){ this.identity = identity; this.config = config; this.activities = config.getActivities(identity.type); } Verifier.prototype.isAuthorized = function(activity, requestParams, cb){ var that = this; var config = this.config; var identity = this.identity; var validators = this.activities.validators; var denyAllowConfig = { denier: this.activities.denier, allower: this.activities.allower }; var override = handleOverrides(denyAllowConfig, identity, activity); override.then(function(overrideArgs){ var isDenied = overrideArgs[0]; var isAllowed = overrideArgs[1]; // handle overrides if (isDenied){ // denied, isAuth = false; return cb(null, false); } if (isAllowed){ // allowed, isAuth = true; return cb(null, true); } // handle validation of authorization var validator = validators[activity]; if (!validator){ var noActivityError = new Error("Activity Not Found, " + activity); noActivityError.name = "ActivityNotFoundException"; return cb(noActivityError, false); } validator(identity, requestParams, function(err, isAuthorized){ if (err) { return cb(err); } if (isAuthorized){ // allowed, isAuth = true; return cb(null, true); } else { // denied, isAuth = false; return cb(null, false); } }); }).then(undefined, function(err){ return cb(err); }); }; module.exports = Verifier;