@hitchy/plugin-odem-rest 0.7.0 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +42 -52
- package/package.json +1 -1
- package/readme.md +1 -1
package/index.js
CHANGED
|
@@ -160,7 +160,7 @@ module.exports = function() {
|
|
|
160
160
|
const modelUrl = resolve( urlPrefix, routeName );
|
|
161
161
|
|
|
162
162
|
const reqBadModel = Model.prototype instanceof BaseModel ? null : ( _, res ) => {
|
|
163
|
-
res.status( 500 ).json( { error: "incomplete discovery of model on server-side, looks like hitchy-plugin-odem issue" } );
|
|
163
|
+
res.status( 500 ).json( { error: "incomplete discovery of model on server-side, looks like a hitchy-plugin-odem issue" } );
|
|
164
164
|
};
|
|
165
165
|
|
|
166
166
|
if ( includeConvenienceRoutes ) {
|
|
@@ -202,7 +202,7 @@ module.exports = function() {
|
|
|
202
202
|
* @returns {void}
|
|
203
203
|
*/
|
|
204
204
|
function reqSuccess( req, res ) {
|
|
205
|
-
if (
|
|
205
|
+
if ( Schema.mayBeExposed( req, Model ) ) {
|
|
206
206
|
res.status( 200 ).send();
|
|
207
207
|
} else {
|
|
208
208
|
res.status( 403 ).send();
|
|
@@ -232,13 +232,13 @@ module.exports = function() {
|
|
|
232
232
|
async function reqFetchSchema( req, res ) {
|
|
233
233
|
logDebug( "got request fetching schema" );
|
|
234
234
|
|
|
235
|
-
if (
|
|
236
|
-
|
|
235
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
236
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
237
237
|
return;
|
|
238
238
|
}
|
|
239
239
|
|
|
240
|
-
if ( !Services.
|
|
241
|
-
|
|
240
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.schema` ) ) {
|
|
241
|
+
resAccessForbidden( res );
|
|
242
242
|
return;
|
|
243
243
|
}
|
|
244
244
|
|
|
@@ -256,13 +256,13 @@ module.exports = function() {
|
|
|
256
256
|
async function reqCheckItem( req, res ) {
|
|
257
257
|
logDebug( "got request checking if some item exists" );
|
|
258
258
|
|
|
259
|
-
if (
|
|
260
|
-
|
|
259
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
260
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
261
261
|
return;
|
|
262
262
|
}
|
|
263
263
|
|
|
264
|
-
if ( !
|
|
265
|
-
|
|
264
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.check` ) ) {
|
|
265
|
+
resAccessForbidden( res );
|
|
266
266
|
return;
|
|
267
267
|
}
|
|
268
268
|
|
|
@@ -280,7 +280,7 @@ module.exports = function() {
|
|
|
280
280
|
} )
|
|
281
281
|
.catch( error => {
|
|
282
282
|
logError( "checking %s:", routeName, error );
|
|
283
|
-
res.status( 500 ).json( { error: error.message } );
|
|
283
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
284
284
|
} );
|
|
285
285
|
}
|
|
286
286
|
|
|
@@ -294,13 +294,13 @@ module.exports = function() {
|
|
|
294
294
|
async function reqFetchItem( req, res ) {
|
|
295
295
|
logDebug( "got request fetching some item" );
|
|
296
296
|
|
|
297
|
-
if (
|
|
298
|
-
|
|
297
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
298
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
299
299
|
return;
|
|
300
300
|
}
|
|
301
301
|
|
|
302
|
-
if ( !
|
|
303
|
-
|
|
302
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.read` ) ) {
|
|
303
|
+
resAccessForbidden( res );
|
|
304
304
|
return;
|
|
305
305
|
}
|
|
306
306
|
|
|
@@ -324,7 +324,7 @@ module.exports = function() {
|
|
|
324
324
|
}
|
|
325
325
|
|
|
326
326
|
default : {
|
|
327
|
-
res.status( 500 ).json( { error: error.message } );
|
|
327
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
328
328
|
}
|
|
329
329
|
}
|
|
330
330
|
} );
|
|
@@ -341,13 +341,13 @@ module.exports = function() {
|
|
|
341
341
|
async function reqFetchItems( req, res ) {
|
|
342
342
|
logDebug( "got request fetching items" );
|
|
343
343
|
|
|
344
|
-
if (
|
|
345
|
-
|
|
344
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
345
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
346
346
|
return;
|
|
347
347
|
}
|
|
348
348
|
|
|
349
|
-
if ( !
|
|
350
|
-
|
|
349
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.list` ) ) {
|
|
350
|
+
resAccessForbidden( res );
|
|
351
351
|
return;
|
|
352
352
|
}
|
|
353
353
|
|
|
@@ -406,11 +406,6 @@ module.exports = function() {
|
|
|
406
406
|
async function reqListMatches( req, res ) {
|
|
407
407
|
logDebug( "got request listing matching items" );
|
|
408
408
|
|
|
409
|
-
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
410
|
-
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
411
|
-
return;
|
|
412
|
-
}
|
|
413
|
-
|
|
414
409
|
const {
|
|
415
410
|
q: simpleQuery = "",
|
|
416
411
|
offset = 0,
|
|
@@ -481,7 +476,7 @@ module.exports = function() {
|
|
|
481
476
|
.catch( error => {
|
|
482
477
|
logError( "querying %s:", routeName, error );
|
|
483
478
|
|
|
484
|
-
res.status( 500 ).json( { error: error.message } );
|
|
479
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
485
480
|
} );
|
|
486
481
|
}
|
|
487
482
|
|
|
@@ -496,11 +491,6 @@ module.exports = function() {
|
|
|
496
491
|
async function reqListAll( req, res ) {
|
|
497
492
|
logDebug( "got request listing all items" );
|
|
498
493
|
|
|
499
|
-
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
500
|
-
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
501
|
-
return;
|
|
502
|
-
}
|
|
503
|
-
|
|
504
494
|
const { offset = 0, limit = Infinity, sortBy = null, descending = false, loadRecords = true, count = false } = req.query;
|
|
505
495
|
const meta = count || req.headers["x-count"] ? {} : null;
|
|
506
496
|
|
|
@@ -525,7 +515,7 @@ module.exports = function() {
|
|
|
525
515
|
.catch( error => {
|
|
526
516
|
logError( "listing %s:", routeName, error );
|
|
527
517
|
|
|
528
|
-
res.status( 500 ).json( { error: error.message } );
|
|
518
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
529
519
|
} );
|
|
530
520
|
}
|
|
531
521
|
|
|
@@ -539,13 +529,13 @@ module.exports = function() {
|
|
|
539
529
|
async function reqCreateItem( req, res ) {
|
|
540
530
|
logDebug( "got request creating item" );
|
|
541
531
|
|
|
542
|
-
if (
|
|
543
|
-
|
|
532
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
533
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
544
534
|
return;
|
|
545
535
|
}
|
|
546
536
|
|
|
547
|
-
if ( !
|
|
548
|
-
|
|
537
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.create` ) ) {
|
|
538
|
+
resAccessForbidden( res );
|
|
549
539
|
return;
|
|
550
540
|
}
|
|
551
541
|
|
|
@@ -578,7 +568,7 @@ module.exports = function() {
|
|
|
578
568
|
} )
|
|
579
569
|
.catch( error => {
|
|
580
570
|
logError( "creating %s:", routeName, error );
|
|
581
|
-
res.status( 500 ).json( { error: error.message } );
|
|
571
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
582
572
|
} );
|
|
583
573
|
}
|
|
584
574
|
|
|
@@ -592,13 +582,13 @@ module.exports = function() {
|
|
|
592
582
|
async function reqModifyItem( req, res ) {
|
|
593
583
|
logDebug( "got request to modify some item" );
|
|
594
584
|
|
|
595
|
-
if (
|
|
596
|
-
|
|
585
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
586
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
597
587
|
return;
|
|
598
588
|
}
|
|
599
589
|
|
|
600
|
-
if ( !
|
|
601
|
-
|
|
590
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.write` ) ) {
|
|
591
|
+
resAccessForbidden( res );
|
|
602
592
|
return;
|
|
603
593
|
}
|
|
604
594
|
|
|
@@ -642,7 +632,7 @@ module.exports = function() {
|
|
|
642
632
|
} )
|
|
643
633
|
.catch( error => {
|
|
644
634
|
logError( "updating %s:", routeName, error );
|
|
645
|
-
res.status( 500 ).json( { error: error.message } );
|
|
635
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
646
636
|
} );
|
|
647
637
|
}
|
|
648
638
|
|
|
@@ -657,13 +647,13 @@ module.exports = function() {
|
|
|
657
647
|
async function reqReplaceItem( req, res ) {
|
|
658
648
|
logDebug( "got request replacing some item" );
|
|
659
649
|
|
|
660
|
-
if (
|
|
661
|
-
|
|
650
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
651
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
662
652
|
return;
|
|
663
653
|
}
|
|
664
654
|
|
|
665
|
-
if ( !
|
|
666
|
-
|
|
655
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.write` ) ) {
|
|
656
|
+
resAccessForbidden( res );
|
|
667
657
|
return;
|
|
668
658
|
}
|
|
669
659
|
|
|
@@ -707,7 +697,7 @@ module.exports = function() {
|
|
|
707
697
|
} )
|
|
708
698
|
.catch( error => {
|
|
709
699
|
logError( "updating %s:", routeName, error );
|
|
710
|
-
res.status( 500 ).json( { error: error.message } );
|
|
700
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
711
701
|
} );
|
|
712
702
|
}
|
|
713
703
|
|
|
@@ -721,13 +711,13 @@ module.exports = function() {
|
|
|
721
711
|
async function reqRemoveItem( req, res ) {
|
|
722
712
|
logDebug( "got request removing some item" );
|
|
723
713
|
|
|
724
|
-
if (
|
|
725
|
-
|
|
714
|
+
if ( !Schema.mayBeExposed( req, Model ) ) {
|
|
715
|
+
res.status( 403 ).json( { error: "access forbidden by model" } );
|
|
726
716
|
return;
|
|
727
717
|
}
|
|
728
718
|
|
|
729
|
-
if ( !
|
|
730
|
-
|
|
719
|
+
if ( api.plugins.authentication && !await Services.Authorization.mayAccess( req.user, `@hitchy.odem.model.${modelName}.remove` ) ) {
|
|
720
|
+
resAccessForbidden( res );
|
|
731
721
|
return;
|
|
732
722
|
}
|
|
733
723
|
|
|
@@ -750,7 +740,7 @@ module.exports = function() {
|
|
|
750
740
|
} ) )
|
|
751
741
|
.catch( error => {
|
|
752
742
|
logError( "removing %s:", routeName, error );
|
|
753
|
-
res.status( 500 ).json( { error: error.message } );
|
|
743
|
+
res.status( error.statusCode || 500 ).json( { error: error.message } );
|
|
754
744
|
} );
|
|
755
745
|
}
|
|
756
746
|
|
package/package.json
CHANGED
package/readme.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
HTTP REST API for [Hitchy's](https://core.hitchy.org/) [document-oriented database](https://odem.hitchy.org/)
|
|
4
4
|
|
|
5
|
-
[Hitchy](http://core.hitchy.org/) is a server-side framework for developing web applications with [Node.js](https://nodejs.org/). [Odem](https://www.npmjs.com/package/@hitchy/plugin-odem) is a plugin for Hitchy implementing a document-oriented database using data backends like regular file systems,
|
|
5
|
+
[Hitchy](http://core.hitchy.org/) is a server-side framework for developing web applications with [Node.js](https://nodejs.org/). [Odem](https://www.npmjs.com/package/@hitchy/plugin-odem) is a plugin for Hitchy implementing a document-oriented database using data backends like regular file systems, temporary in-memory databases and third-party key-value stores.
|
|
6
6
|
|
|
7
7
|
This plugin is defining blueprint routes for accessing data managed in document-oriented database using REST API.
|
|
8
8
|
|