hola-server 0.6.5 → 0.6.7

package/core/meta.js

@@ -1,5 +1,6 @@
 const { is_undefined } = require('./validate');
 const { get_type } = require('./type');
+const { is_valid_role } = require('../setting');
 
 const meta_manager = {};
 /**
@@ -20,7 +21,7 @@ const meta_manager = {};
  * 
 */
 const field_attrs = ["name", "type", "required", "ref", "link", "delete", "create", "list", "search", "update", "clone", "sys", "secure", "group"];
-const meta_attrs = ["collection", "primary_keys", "fields", "creatable", "readable", "updatable", "deleteable", "cloneable", "after_read",
+const meta_attrs = ["collection", "roles", "primary_keys", "fields", "creatable", "readable", "updatable", "deleteable", "cloneable", "after_read",
     "before_create", "after_create", "before_clone", "after_clone", "before_update", "after_update", "before_delete", "after_delete", "create", "clone", "update", "batch_update", "after_batch_update", "delete",
     "ref_label", "ref_filter", "route", "user_field"];
 
@@ -200,6 +201,7 @@ class EntityMeta {
     constructor(meta) {
         this.meta = meta;
         this.collection = this.meta.collection;
+        this.roles = this.meta.roles;
 
         this.creatable = is_undefined(meta.creatable) ? false : meta.creatable;
         this.readable = is_undefined(meta.readable) ? false : meta.readable;
@@ -281,6 +283,19 @@ class EntityMeta {
             });
         }
 
+        if (this.roles) {
+            if (!Array.isArray(this.roles)) {
+                throw new Error("roles of meta [" + this.collection + "] should be array");
+            }
+            this.roles.forEach(role => {
+                const role_config = role.split(":");
+                const role_name = role_config[0];
+                if (!is_valid_role(role_name)) {
+                    throw new Error("role [" + role_name + "] not defined in setting");
+                }
+            });
+        }
+
         if (this.ref_label && !this.field_names.includes(this.ref_label)) {
             throw new Error("ref_label [" + this.ref_label + "] configured in meta:" + this.collection + " not found in field names");
         }

package/http/session.js

@@ -1,6 +1,6 @@
 const express_session = require('express-session');
 const MongoStore = require('connect-mongo');
-const { get_settings } = require('../setting');
+const { get_settings, is_valid_role, is_root_role } = require('../setting');
 
 const init_session = (app) => {
     const server = get_settings().server;
@@ -24,9 +24,50 @@ const get_session_userid = (req) => {
     return user ? user.id : null;
 }
 
+const get_session_user_role = (req) => {
+    const user = req && req.session ? req.session.user : null;
+    return user ? user.role : null;
+}
+
+//b:batch mode, c:create, d:delete, e:export, i:import, o:clone, p:page, r: refresh, s:search, u:update
+const mode_all = "bcdeiorsu";
+
+const get_user_role_mode = (req, roles) => {
+    const server = get_settings().server;
+    if (server.check_user == false) {
+        return mode_all;
+    }
+
+    const user_role = get_session_user_role(req);
+    if (!user_role) {
+        return "";
+    }
+
+    if (is_root_role(user_role)) {
+        return mode_all;
+    } else if (is_valid_role(user_role)) {
+        for (let i = 0; i < roles.length; i++) {
+            const role = roles[i];
+            const role_settings = role.split(":");
+            const role_name = role_settings[0];
+            const role_mode = role_settings[1];
+            if (user_role == role_name) {
+                return role_mode;
+            }
+        }
+    }
+
+    return "";
+}
+
+const check_user_role = (req, roles, mode) => {
+    const role_mode = get_user_role_mode(req, roles);
+    return role_mode.includes(mode);
+}
+
 const get_session_user_groups = (req) => {
     const group = req && req.session ? req.session.group : null;
     return group && Array.isArray(group) ? group : null;
 }
 
-module.exports = { init_session, get_session_userid, get_session_user_groups };
+module.exports = { init_session, get_session_userid, get_session_user_role, get_session_user_groups, check_user_role, get_user_role_mode };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hola-server",
-  "version": "0.6.5",
+  "version": "0.6.7",
   "description": "a meta programming framework used to build nodejs restful api",
   "main": "index.js",
   "scripts": {
@@ -20,7 +20,7 @@
     "multer": "^1.4.5-lts.1",
     "unzipper": "^0.10.11",
     "node-cron": "^3.0.2",
-     "wxmnode": "^1.0.5"
+    "wxmnode": "^1.0.5"
   },
   "devDependencies": {
     "chai": "^4.3.6",

package/router/clone.js

@@ -1,6 +1,6 @@
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
-const { SUCCESS, NO_PARAMS } = require('../http/code');
-const { get_session_userid } = require('../http/session');
+const { SUCCESS, NO_PARAMS, NO_RIGHTS } = require('../http/code');
+const { get_session_userid, check_user_role } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { post_params, required_post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
@@ -19,6 +19,14 @@ const init_clone_router = function (router, meta) {
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
     router.post('/clone', cp_upload, wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "o");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: '[_id] checking params are failed!' });

package/router/create.js

@@ -1,6 +1,6 @@
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
-const { SUCCESS } = require('../http/code');
-const { get_session_userid } = require('../http/session');
+const { SUCCESS, NO_RIGHTS } = require('../http/code');
+const { get_session_userid, check_user_role } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
@@ -19,6 +19,14 @@ const init_create_router = function (router, meta) {
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
     router.post('/create', cp_upload, wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "c");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const param_obj = post_params(req, meta.field_names);
         set_file_fields(meta, req, param_obj);
 

package/router/delete.js

@@ -1,6 +1,7 @@
 const { required_post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
-const { NO_PARAMS } = require('../http/code');
+const { NO_PARAMS, NO_RIGHTS } = require('../http/code');
+const { check_user_role } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
 
@@ -13,6 +14,14 @@ const init_delete_router = function (router, meta) {
     const entity = new Entity(meta);
 
     router.post('/delete', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "d");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const params = required_post_params(req, ["ids"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: ["ids"] });

package/router/read.js

@@ -1,7 +1,7 @@
 const { required_post_params, get_params } = require('../http/params');
 const { has_value } = require('../core/validate');
-const { NO_PARAMS, SUCCESS } = require('../http/code');
-const { get_session_userid, get_session_user_groups } = require('../http/session');
+const { NO_PARAMS, SUCCESS, NO_RIGHTS } = require('../http/code');
+const { get_session_userid, get_session_user_groups, check_user_role, get_user_role_mode } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
 
@@ -14,6 +14,14 @@ const init_read_router = function (router, meta) {
     const entity = new Entity(meta);
 
     router.get('/meta', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const entity_meta = {
             creatable: meta.creatable,
             readable: meta.readable,
@@ -29,7 +37,27 @@ const init_read_router = function (router, meta) {
         res.json({ code: SUCCESS, data: entity_meta });
     }));
 
+    router.get('/mode', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
+        res.json({ code: SUCCESS, data: get_user_role_mode(req, meta.roles) });
+    }));
+
     router.get('/ref', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const { ref_by_entity } = get_params(req, ["ref_by_entity"]);
         const list = await entity.get_filtered_ref_labels(ref_by_entity);
         const items = list.map(obj => ({ "text": obj[meta.ref_label], "value": obj["_id"] + "" }));
@@ -37,6 +65,14 @@ const init_read_router = function (router, meta) {
     }));
 
     router.post('/list', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const query_params = required_post_params(req, ["_query"]);
         if (query_params === null) {
             res.json({ code: NO_PARAMS, err: ["_query"] });
@@ -71,6 +107,14 @@ const init_read_router = function (router, meta) {
     }));
 
     router.post('/read_entity', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id", "attr_names"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: '[_id,attr_names] checking params are failed!' });
@@ -86,6 +130,14 @@ const init_read_router = function (router, meta) {
     }));
 
     router.post('/read_property', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id", "attr_names"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: '[_id,attr_names] checking params are failed!' });

package/router/update.js

@@ -1,6 +1,7 @@
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
 const { required_post_params, post_update_params } = require('../http/params');
-const { SUCCESS, NO_PARAMS } = require('../http/code');
+const { SUCCESS, NO_PARAMS, NO_RIGHTS } = require('../http/code');
+const { check_user_role } = require('../http/session');
 const { has_value } = require('../core/validate');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
@@ -18,6 +19,14 @@ const init_update_router = function (router, meta) {
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
     router.post('/update', cp_upload, wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "u");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id"]);
         if (params === null) {
             params = required_post_params(req, meta.primary_keys);

package/setting.js

@@ -13,6 +13,10 @@ let settings = {
         log_level: 0,
         save_db: dev_mode == false,
     },
+    roles: [
+        { name: "admin", root: true },
+        { name: "user" }
+    ],
     server: {
         service_port: 8088,
         client_web_url: ['http://localhost:8080'],
@@ -39,4 +43,26 @@ const get_settings = () => {
     return settings;
 }
 
-module.exports = { init_settings, get_settings };
+const is_valid_role = (role_name) => {
+    //no role defined, then no role check
+    if (!settings.roles) {
+        return true;
+    }
+    const roles = settings.roles.filter(role => role.name == role_name);
+    return roles.length == 1;
+}
+
+const is_root_role = (role_name) => {
+    //no role defined, then every one is root
+    if (!settings.roles) {
+        return true;
+    }
+
+    if (!is_valid_role(role_name)) {
+        return false;
+    }
+
+    return settings.roles.filter(role => role.name == role_name)[0].root == true;
+}
+
+module.exports = { init_settings, get_settings, is_root_role, is_valid_role };