Just it, verify "is path in scope".
Checks wether a given path is covered by a set of scopes.
$ npm install @nxcd/is-path-in-scope
Verifies that user scopes have the required path.
// ...
const isPathInScope = require('@nxcd/is-path-in-scope')
// Given scopes
const userScopes = [ 'write', 'read' ]
// The path you are requiring access
const pathRequired = 'read'
if (!isPathInScope(pathRequired, userScopes)){
throw new Error('You have no power here!')
}
console.log('Run forest, run!')Verifies a deep path
// ...
const userScopes = [ 'something.read', 'anything.read', 'anything.write' ]
isPathInScope('something.write', userScopes)
// false
isPathInScope('something.read')
// trueGiven an admin user
const userScopes = [ '*' ]
isPathInScope('something.read', userScopes)
// trueGiven a user with full permission for a specific module
// ...
const userScopes = [ 'something.*' ]
isPathInScope('something.read', userScopes)
// true
isPathInScope ('anything.read', userScopes)
// false// I don't know why not
const params = {
separator = '/',
wildcard = '...'
}
const userScopes = [ 'something/...' ]
isPathScope('something-write', userScopes, params)Checks whether user scopes have the path required by the route
const isPathInScope = require('@nxcd/is-path-in-scope')
// ...
const scopes = (expected) => {
if (!Array.isArray(expected)) {
return scopes(expected.split(' '))
}
return (req, res, next) => {
if (!req.user || !Array.isArray(req.user.scopes)) {
return next(new HttpError.Unauthorized({
message: 'authorization token is missing or has an invalid scope grant',
code: 'unauthorized'
}))
}
const unfulfilledScopes = expected.filter((scope) => !isPathInScope(scope, req.user.scopes))
if (unfulfilledScopes.length > 0) {
return next(new HttpError.Unauthorized({
message: format('the following permissions are required: %s', unfulfilledScopes.join(' ')),
code: 'insufficient_permissions'
}))
}
next()
}
}
app.get('/:id', scopes('write'), routes.something.findById)