Skip to content

Commit

Permalink
Merge pull request #195 from hicsail/tokenpermission
Browse files Browse the repository at this point in the history 
Tokenpermission
  • Loading branch information
@gregfrasco
gregfrasco committed Aug 21, 2018
2 parents 76f8db1 + 43c7db0 commit 6e916c4
Showing 1 changed file with 21 additions and 7 deletions.
28 changes: 21 additions & 7 deletions server/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,8 @@ const register = function (server, options) {
return { isValid: false };
}

if (!await confirmPermission(request,user)) {
throw Boom.forbidden('Need permission');
if (!confirmTokenPermission(request,token)) {
throw Boom.forbidden('Insufficient token permissions');
}

if (await Crypto.compare(password,token.key)){
Expand Down Expand Up @@ -152,17 +152,30 @@ const usersPermissions = async function (user) {
return permissions;
};

const pathToKey = function (request) {

const method = request.method.toUpperCase();
const path = request.path.split('/').join('-');
return method + '-' + path;
};

const confirmTokenPermission = function (request,token) {

const key = pathToKey(request);
if (token.permissions[key] !== undefined) {
return token.permissions[key];
}
return true;
};

const confirmPermission = async function (request,user) {

const method = String(request.method).toUpperCase();
const incompletePath = String(request.path).split('/').join('-');
const key = method + incompletePath;
const key = pathToKey(request);
const permissions = await usersPermissions(user);

if (permissions[key] !== undefined) {
return permissions[key];
}

return true;
};

Expand All @@ -176,5 +189,6 @@ module.exports = {
],
register,
usersPermissions,
confirmPermission
confirmPermission,
confirmTokenPermission
};

0 comments on commit 6e916c4

Please sign in to comment.