npm - meadow-endpoints - Versions diffs - 3.0.2 → 3.0.6 - Mend

meadow-endpoints 3.0.2 → 3.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +1 -1
package/source/Meadow-Authorizers.js +9 -1
package/source/Meadow-Endpoints.js +35 -1
package/source/crud/Meadow-Operation-Create.js +1 -1
package/source/crud/Meadow-Operation-Update.js +1 -1
package/source/crud/Meadow-Operation-Upsert.js +1 -1
package/test/MeadowEndpoints_basic_tests.js +77 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "meadow-endpoints",
-  "version": "3.0.2",
+  "version": "3.0.6",
   "description": "Automatic API endpoints for Meadow data.",
   "main": "source/Meadow-Endpoints.js",
   "scripts": {

package/source/Meadow-Authorizers.js CHANGED Viewed

@@ -46,6 +46,14 @@ var MeadowAuthorizers = function()
 			_AuthorizerFunctions[pAuthorizerHash] = fAuthorizer;
 		};
+		/**
+		* Get a specific authorizer.
+		*/
+		var getAuthorizer = function(pAuthorizerHash)
+		{
+			return _AuthorizerFunctions[pAuthorizerHash];
+		};
 		if (_AuthorizationMode === 'SimpleOwnership')
 		{
 			// Map in the authorizers for simple ownership mode
@@ -55,7 +63,6 @@ var MeadowAuthorizers = function()
 			setAuthorizer('MyCustomer', require(__dirname+'/authorizers/Meadow-Authorizer-MyCustomer.js'));
 		}
 		/**
 		* This method runs a authorizer at a specific hash, and returns true.
 		* Or it returns false if there was no authorizer there.
@@ -191,6 +198,7 @@ var MeadowAuthorizers = function()
 		var tmpNewMeadowAuthorizer = (
 		{
 			setAuthorizer: setAuthorizer,
+			getAuthorizer: getAuthorizer,
 			authorize: authorize,
 			authorizeRequest: authorizeRequest,

package/source/Meadow-Endpoints.js CHANGED Viewed

@@ -420,6 +420,17 @@ var MeadowEndpoints = function()
 			return fCallback();
 		};
+		var _InvokeSetupCallback;
+		var getInvokeSetupCallback = function()
+		{
+			return _InvokeSetupCallback;
+		};
+		var setInvokeSetupCallback = function(fCallback)
+		{
+			_InvokeSetupCallback = fCallback;
+		};
 		/**
 		* Invoke a meadow endpoint programmatically
 		*
@@ -435,8 +446,13 @@ var MeadowEndpoints = function()
 				return tmpCallback('Endpoint \'' + pMethod + '\' does not exist!'); //might be better as an exception
 			}
-			//TODO: should switch depending on type
+			// TODO: should switch depending on type
+			// TODO: should we keep this around, just make a deep copy of 'pOptions'
 			var pRequest = {params: pData, formattedParams: pData, body: pData};
+			if (typeof(pOptions) === 'object' && typeof(pOptions.header) === 'function') {
+				// carry over header function
+				pRequest.header = pOptions.header.bind(pOptions);
+			}
 			var pResponse = {};
 			libAsync.waterfall([
@@ -467,6 +483,10 @@ var MeadowEndpoints = function()
 					//internal invoke mark as authenticated (because this is not called via webservice)
 					pRequest.EndpointAuthenticated = true;
+					if (_InvokeSetupCallback && typeof(_InvokeSetupCallback) == 'function')
+					{
+						_InvokeSetupCallback(pRequest, pResponse, typeof(pOptions) === 'object' && pOptions);
+					}
 					return fStageComplete();
 				},
 				function(fStageComplete)
@@ -511,6 +531,8 @@ var MeadowEndpoints = function()
 			// Expose the DAL
 			DAL: _Meadow,
+			getInvokeSetupCallback: getInvokeSetupCallback,
+			setInvokeSetupCallback: setInvokeSetupCallback,
 			invokeEndpoint: invokeEndpoint,
 			// Factory
@@ -541,6 +563,18 @@ var MeadowEndpoints = function()
 				enumerable: true
 			});
+		/**
+		 * EndpointAuthenticators
+		 *
+		 * @property endpointAuthorizers
+		 * @type object
+		 */
+		Object.defineProperty(tmpNewMeadowEndpointObject, 'endpointAuthorizers',
+			{
+				get: function() { return _Authorizers; },
+				enumerable: true
+			});
 		/**
 		 * EndpointAuthenticators
 		 *

package/source/crud/Meadow-Operation-Create.js CHANGED Viewed

@@ -95,7 +95,7 @@ var doCreate = function(pRecord, pRequest, pResponse, fCallback)
 				pRequest.RecordCreateErrorMessage = pError;
 				// Also push the record to the created record stack with an error message
 				pRequest.CreatedRecords.push(pRecord);
-				pRequest.CommonServices.log.error('Error creating record:'+pError, {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:pRequest.DAL.scope+'-'+pRequest.MeadowOperation}, pRequest);
+				pRequest.CommonServices.log.error('Error creating record:'+pError, {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:pRequest.DAL.scope+'-'+pRequest.MeadowOperation, Stack: pError.stack }, pRequest);
 			}
 			return fCallback();

package/source/crud/Meadow-Operation-Update.js CHANGED Viewed

@@ -135,7 +135,7 @@ var doUpdate = function(pRecordToModify, pRequest, pResponse, fCallback, pOption
 				pRequest.RecordUpdateError = true;
 				pRequest.RecordUpdateErrorMessage = pError;
 				pRequest.UpdatedRecords.push(pRecordToModify);
-				pRequest.CommonServices.log.error('Error updating record:'+pError, {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:pRequest.DAL.scope+'-'+pRequest.MeadowOperation}, pRequest);
+				pRequest.CommonServices.log.error('Error updating record:'+pError, {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:pRequest.DAL.scope+'-'+pRequest.MeadowOperation, Stack: pError.stack }, pRequest);
 			}
 			return fCallback();

package/source/crud/Meadow-Operation-Upsert.js CHANGED Viewed

@@ -96,7 +96,7 @@ var doUpsert = function(pRecordToUpsert, pRequest, pResponse, fCallback)
 				pRequest.RecordUpsertError = true;
 				pRequest.RecordUpsertErrorMessage = pError;
 				pRequest.UpsertedRecords.push(pRecordToUpsert);
-				pRequest.CommonServices.log.error('Error upserting record:'+pError, {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:pRequest.DAL.scope+'-'+pRequest.MeadowOperation}, pRequest);
+				pRequest.CommonServices.log.error('Error upserting record:'+pError, {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:pRequest.DAL.scope+'-'+pRequest.MeadowOperation, Stack: pError.stack }, pRequest);
 			}
 			return fCallback();

package/test/MeadowEndpoints_basic_tests.js CHANGED Viewed

@@ -467,6 +467,28 @@ suite
 					}
 				);
 				test
+				(
+					'read: define a custom authorization behavior',
+					function(fDone)
+					{
+						const defaultAuthorizer = _MeadowEndpoints.endpointAuthorizers.getAuthorizer('Allow');
+						_MeadowEndpoints.endpointAuthorizers.setAuthorizer('Allow', function(req, next) { req.MeadowAuthorization = false; return next(); });
+						_Orator.webServer.get('/CustomHotRodRoute/:IDRecord', _MeadowEndpoints.endpointAuthenticators.Read, _MeadowEndpoints.wireState, _MeadowEndpoints.endpoints.Read);
+						libSuperTest('http://localhost:9080/')
+						.get('CustomHotRodRoute/2')
+						.end(
+							function (pError, pResponse)
+							{
+								_MeadowEndpoints.endpointAuthorizers.setAuthorizer('Allow', defaultAuthorizer);
+								//TODO: it's weird that we don't get an error here for access denied...
+								var tmpResult = JSON.parse(pResponse.text);
+								Expect(tmpResult.Error).to.equal('UNAUTHORIZED ACCESS IS NOT ALLOWED');
+								fDone();
+							}
+						);
+					}
+				);
+				test
 				(
 					'read: define a custom route and get a record with it',
 					function(fDone)
@@ -506,6 +528,32 @@ suite
 					}
 				);
 				test
+				(
+					'read: get a specific record which resolved to Deny authorization, but with a Deny authorizer that just allows',
+					function(fDone)
+					{
+						_Meadow.schemaFull.authorizer.Manager = {};
+						_Meadow.schemaFull.authorizer.Manager.Read = 'Deny';
+						const defaultAuthorizer = _MeadowEndpoints.endpointAuthorizers.getAuthorizer('Deny');
+						_MeadowEndpoints.endpointAuthorizers.setAuthorizer('Deny', function(req, next) { req.MeadowAuthorization = true; return next(); });
+						libSuperTest('http://localhost:9080/')
+						.get('1.0/FableTest/2')
+						.end(
+							function (pError, pResponse)
+							{
+								// Reset authorization
+								_Meadow.schemaFull.authorizer.Manager.Read = 'Allow';
+								_MeadowEndpoints.endpointAuthorizers.setAuthorizer('Deny', defaultAuthorizer);
+								const responseBody = JSON.parse(pResponse.text);
+								Expect(responseBody.IDAnimal).to.equal(2);
+								fDone();
+							}
+						);
+					}
+				);
+				test
 				(
 					'read: get a specific record with a bad parameter',
 					function(fDone)
@@ -1492,6 +1540,35 @@ suite
 			{
 				var tmpCreatedRecordGUID;
+				test
+				(
+					'invoke: setup method is called',
+					function(fDone)
+					{
+						_MockSessionValidUser.UserRoleIndex = 2;
+						let setupCallCount = 0;
+						let passedRequest, passedResponse, passedOriginalRequest;
+						_MeadowEndpoints.setInvokeSetupCallback((req, res, origReq) =>
+						{
+							++setupCallCount;
+							passedRequest = req;
+							passedResponse = res;
+							passedOriginalRequest = origReq;
+						});
+						const originalRequest = {UserSession: _MockSessionValidUser};
+						_MeadowEndpoints.invokeEndpoint('Read', {IDRecord: 2}, originalRequest,
+							function(pError, pResponse)
+							{
+								Expect(setupCallCount).to.equal(1);
+								Expect(passedOriginalRequest).to.equal(originalRequest);
+								Expect(passedRequest).to.be.an('object');
+								Expect(passedResponse).to.be.an('object');
+								fDone();
+							}
+						);
+					}
+				);
 				test
 				(
 					'invoke create: create a record',