Skip to content

devinivy/loveboat-nested-scopes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.npmignore

.npmignore

 
 

.travis.yml

.travis.yml

 
 

API.md

API.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package.json

package.json

 
 

Repository files navigation

loveboat-nested-scopes

support nested auth scopes in hapi

(a transform written for loveboat)

Build Status Coverage Status

Lead Maintainer - Devin Ivy

Usage

See also the API Reference

This loveboat transform allows you to define hierarchical auth scopes on routes and to leverage that hierarchy when writing your route configurations. The core idea is that allowing unprivileged scopes on a route should also permit the higher-privileged scopes.

Imagine a basic-user scope and an admin scope. Every admin is naturally allowed to perform the actions of a basic user. So let's make our app aware of that and start writing this,

// Scopes can be smart!
server.loveboat({
    method: 'get',
    path: '/my/file.gif',
    handler: handler,
    config: {
        auth: {
            access: {
                scope: ['[basic-user]']
                // Becomes ['basic-user', 'admin']
            }
        }
    }
});

To use this transform,

  1. Make sure the loveboat hapi plugin is registered to your server.

  2. Tell loveboat that you'd like to use this transform by calling,

    server.routeTransforms([{
    transform: require('loveboat-nested-scopes'),
    options: {
        scope: 'admin',
        subscopes: ['basic-user']
        // Define your nested scopes
    }
}]);

    and possibly listing any other transforms you'd like to use.*

  3. Register your routes using server.loveboat() rather than server.route().

* There are other ways to tell loveboat which transforms to use too! Just check-out the readme.

const Hapi = require('hapi');
const Loveboat = require('loveboat');

const server = new Hapi.Server();
server.connection();

// 1. Register loveboat
server.register(Loveboat, (err) => {

    // 2. Tell loveboat to use this transform, providing info about your nested scopes
    server.routeTransforms([{
        transform: require('loveboat-nested-scopes'),
        options: {
            scope: 'admin',
            subscopes: [
                {
                    scope: 'super-user',
                    subscopes: [
                        'api-user',
                        'files-user'
                    ]
                }
            ]
        }
    }]);

    // 3. Configure your routes!
    server.loveboat({
        method: 'get',
        path: '/my/file.gif',
        handler: handler,
        config: {
            auth: {
                access: {
                    scope: ['[files-user]']
                    /*
                     * Use '[]' to indicate that the
                     * scope should be expanded.
                     *
                     * Scope becomes effectively,
                     * [
                     *    'files-user',
                     *    'super-user',
                     *    'admin'
                     * ]
                     */
                }
            }
        }
    });

    // The route above will allow users with scope 'files-user'
    // as well as that scope's parents, 'super-user' and 'admin'
});

About

support nested auth scopes in hapi

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages