not-node 5.0.22 → 5.1.2

package/src/auth/index.js

@@ -1,19 +1,19 @@
 /** @module Auth */
 
-const CONST = require('./const');
-const ABSTRACT = require('./abstract');
-const FIELDS = require('./fields');
-const ROLES = require('./roles');
-const RULES = require('./rules');
-const ROUTES = require('./routes');
-const SESSION = require('./session');
+const CONST = require("./const");
+const ABSTRACT = require("./abstract");
+const FIELDS = require("./fields");
+const ROLES = require("./roles");
+const RULES = require("./rules");
+const ROUTES = require("./routes");
+const SESSION = require("./session");
 
 module.exports = {
-  ...CONST,
-  ...ABSTRACT,
-  ...SESSION,
-  ...ROLES,
-  ...RULES,
-  ...ROUTES,
-  ...FIELDS
+    ...CONST,
+    ...ABSTRACT,
+    ...SESSION,
+    ...ROLES,
+    ...RULES,
+    ...ROUTES,
+    ...FIELDS,
 };

package/src/auth/roles.js

@@ -1,11 +1,14 @@
-const ABSTRACT = require('./abstract');
+const ABSTRACT = require("./abstract");
 
-function compareRolesArrayAgainstArray(userRoles, actionRoles, strict){
-  if(strict){
-    return ABSTRACT.intersect_safe(userRoles, actionRoles).length === actionRoles.length;
-  }else{
-    return ABSTRACT.intersect_safe(userRoles, actionRoles).length > 0;
-  }
+function compareRolesArrayAgainstArray(userRoles, actionRoles, strict) {
+    if (strict) {
+        return (
+            ABSTRACT.intersect_safe(userRoles, actionRoles).length ===
+            actionRoles.length
+        );
+    } else {
+        return ABSTRACT.intersect_safe(userRoles, actionRoles).length > 0;
+    }
 }
 
 /**
@@ -16,45 +19,44 @@ function compareRolesArrayAgainstArray(userRoles, actionRoles, strict){
  *	@return {boolean}	if user roles comply to action roles
  **/
 function compareRoles(userRoles, actionRoles, strict = true) {
-  //console.log('compare roles', userRoles, actionRoles);
-  //user have many roles
-  if (userRoles && Array.isArray(userRoles)) {
-    //action can be accessed by various roles
-    if (actionRoles && Array.isArray(actionRoles)) {
-      //if we have similar elements in those two arrays - grant access
-      return compareRolesArrayAgainstArray(userRoles, actionRoles, strict);
-    } else {
-      return userRoles.indexOf(actionRoles) > -1;
-    }
-  } else {
-    if (Array.isArray(actionRoles)) {
-      if(strict){
-        return false;
-      }else{
-        return actionRoles.indexOf(userRoles) > -1;
-      }
+    //console.log('compare roles', userRoles, actionRoles);
+    //user have many roles
+    if (userRoles && Array.isArray(userRoles)) {
+        //action can be accessed by various roles
+        if (actionRoles && Array.isArray(actionRoles)) {
+            //if we have similar elements in those two arrays - grant access
+            return compareRolesArrayAgainstArray(
+                userRoles,
+                actionRoles,
+                strict
+            );
+        } else {
+            return userRoles.indexOf(actionRoles) > -1;
+        }
     } else {
-      return userRoles === actionRoles;
+        if (Array.isArray(actionRoles)) {
+            if (strict) {
+                return false;
+            } else {
+                return actionRoles.indexOf(userRoles) > -1;
+            }
+        } else {
+            return userRoles === actionRoles;
+        }
     }
-  }
 }
 
-
-
-
-function sanitizeAndValidateRoleSet(roleSet, name){
-  if ((!Array.isArray(roleSet)) && (!ABSTRACT.isObjectString(roleSet))) {
-    throw new Error(`${name} role set is not valid`);
-  } else {
-    if (!Array.isArray(roleSet)) {
-      roleSet = [roleSet];
+function sanitizeAndValidateRoleSet(roleSet, name) {
+    if (!Array.isArray(roleSet) && !ABSTRACT.isObjectString(roleSet)) {
+        throw new Error(`${name} role set is not valid`);
+    } else {
+        if (!Array.isArray(roleSet)) {
+            roleSet = [roleSet];
+        }
     }
-  }
-  return roleSet;
+    return roleSet;
 }
 
-
-
 /**
  *	Check to sets of roles against each other
  * to define if base is strictly higher than second
@@ -64,33 +66,32 @@ function sanitizeAndValidateRoleSet(roleSet, name){
  *	@return {boolean}					true if base > against
  */
 function checkSupremacy(base, against, roles) {
-  base = sanitizeAndValidateRoleSet(base, 'Base');
-  against = sanitizeAndValidateRoleSet(against, 'Against');
+    base = sanitizeAndValidateRoleSet(base, "Base");
+    against = sanitizeAndValidateRoleSet(against, "Against");
 
-  if (!Array.isArray(roles)) {
-    throw new Error('No roles supremacy order!');
-  }
-
-  let baseIndex = -1;
-  let againstIndex = -1;
-  roles.forEach((role, index) => {
-    if ((!ABSTRACT.isObjectString(role))) {
-      throw new Error('Supremacy order element is not a string');
-    }
-    if (baseIndex === -1 && base.indexOf(role) > -1) {
-      baseIndex = index;
+    if (!Array.isArray(roles)) {
+        throw new Error("No roles supremacy order!");
     }
-    if (againstIndex === -1 && against.indexOf(role) > -1) {
-      againstIndex = index;
-    }
-  });
-  return ((baseIndex > -1) && ((baseIndex < againstIndex) || againstIndex === -1));
-}
 
+    let baseIndex = -1;
+    let againstIndex = -1;
+    roles.forEach((role, index) => {
+        if (!ABSTRACT.isObjectString(role)) {
+            throw new Error("Supremacy order element is not a string");
+        }
+        if (baseIndex === -1 && base.indexOf(role) > -1) {
+            baseIndex = index;
+        }
+        if (againstIndex === -1 && against.indexOf(role) > -1) {
+            againstIndex = index;
+        }
+    });
+    return baseIndex > -1 && (baseIndex < againstIndex || againstIndex === -1);
+}
 
 module.exports = {
-  checkSupremacy,
-  sanitizeAndValidateRoleSet,
-  compareRoles,
-  compareRolesArrayAgainstArray
+    checkSupremacy,
+    sanitizeAndValidateRoleSet,
+    compareRoles,
+    compareRolesArrayAgainstArray,
 };

package/src/auth/routes.js

@@ -1,61 +1,77 @@
-const log = require('not-log')(module, 'Auth');
-const CONST = require('./const');
-const HttpError = require('../error').Http;
-const SESSION = require('./session');
-const ROLES = require('./roles');
-
+const log = require("not-log")(module, "Auth");
+const {
+    HttpExceptionUnauthorized,
+    HttpExceptionForbidden,
+} = require("../exceptions/http");
+const SESSION = require("./session");
+const ROLES = require("./roles");
 
 /**
  *  Get request ip
  *  @param  {object}  req   Express Request
  **/
 function getIP(req) {
-  if (req){
-    return (req.headers && req.headers['x-forwarded-for']) ||
-      (req.connection && req.connection.remoteAddress) ||
-      (req.socket && req.socket.remoteAddress) ||
-      (req.connection && req.connection.socket && req.connection.socket.remoteAddress);
-  }else{
-    return undefined;
-  }
+    if (req) {
+        return (
+            (req.headers && req.headers["x-forwarded-for"]) ||
+            (req.connection && req.connection.remoteAddress) ||
+            (req.socket && req.socket.remoteAddress) ||
+            (req.connection &&
+                req.connection.socket &&
+                req.connection.socket.remoteAddress)
+        );
+    } else {
+        return undefined;
+    }
 }
 
-
 /**
  *  Collects various authentification and authorization data from request object
  *  @params {object}  req       ExpressRequest
  * @return {object}  various authentification data for actor { root:boolean, auth: boolean, role: [string], uid: ObjectId, sid: string, ip:string }
  */
 function extractAuthData(req) {
-  return {
-    root:   SESSION.isRoot(req),
-    auth:   SESSION.isUser(req),
-    role:   SESSION.getRole(req),
-    uid:     SESSION.getUserId(req),
-    sid:     SESSION.getSessionId(req),
-    ip:     getIP(req)
-  };
+    return {
+        root: SESSION.isRoot(req),
+        auth: SESSION.isUser(req),
+        role: SESSION.getRole(req),
+        uid: SESSION.getUserId(req),
+        sid: SESSION.getSessionId(req),
+        ip: getIP(req),
+    };
 }
 
-
-
 /**
  *  Returns Express middleware witch check role against one presented in request
  *  @param  {string|array}  role  action roles
  *  @return  {function}        express middleware
  **/
 function checkRoleBuilder(role) {
-  return (req, res, next) => {
-    let userRole = SESSION.getRole(req);
-    if (SESSION.isUser(req) && ROLES.compareRoles(userRole, role)) {
-      return next();
-    } else {
-      return next(new HttpError(401, CONST.ERR_NOT_AUTHORIZED+ ' ' + req.session.user + ':' + req.session.role));
-    }
-  };
+    return (req, res, next) => {
+        let userRole = SESSION.getRole(req);
+        if (!SESSION.isUser(req)) {
+            return next(
+                new HttpExceptionUnauthorized({
+                    params: { ip: getIP(req) },
+                })
+            );
+        }
+        if (ROLES.compareRoles(userRole, role)) {
+            return next();
+        } else {
+            return next(
+                new HttpExceptionForbidden({
+                    params: {
+                        ip: getIP(req),
+                        user: req.session.user,
+                        role: req.session.role,
+                    },
+                })
+            );
+        }
+    };
 }
 
-
 /**
  *  Checks if user is authenticated, by searching req.session.user
  *  If auth pass next, else throw error
@@ -64,14 +80,17 @@ function checkRoleBuilder(role) {
  *  @param  {function}  next   callback
  **/
 function checkUser(req, res, next) {
-  if (SESSION.isUser(req)) {
-    return next();
-  } else {
-    return next(new HttpError(401, CONST.ERR_NOT_AUTHORIZED));
-  }
+    if (SESSION.isUser(req)) {
+        return next();
+    } else {
+        return next(
+            new HttpExceptionUnauthorized({
+                params: { ip: getIP(req) },
+            })
+        );
+    }
 }
 
-
 /**
  *  Checks if user is authenticated, by searching req.session.user
  *  If auth pass next, else throw error
@@ -80,24 +99,40 @@ function checkUser(req, res, next) {
  *  @param  {function}  next   callback
  **/
 function checkAdmin(req, res, next) {
-  log.error('checkAdmin is obsolete, use new version as checkRoot');
-  log.error(req.originalUrl);
-  return checkRoot(req, res, next);
+    log.error("checkAdmin is obsolete, use new version as checkRoot");
+    log.error(req.originalUrl);
+    return checkRoot(req, res, next);
 }
 
 function checkRoot(req, res, next) {
-  if (SESSION.isRoot(req)) {
-    return next();
-  } else {
-    return next(new HttpError(401, CONST.ERR_NOT_AUTHORIZED + ' ' + req.session.user + ':' + req.session.role));
-  }
+    if (SESSION.isRoot(req)) {
+        return next();
+    } else {
+        if (SESSION.isUser(req)) {
+            return next(
+                new HttpExceptionForbidden({
+                    params: {
+                        ip: getIP(req),
+                        user: req.session.user,
+                        role: req.session.role,
+                    },
+                })
+            );
+        } else {
+            return next(
+                new HttpExceptionUnauthorized({
+                    params: { ip: getIP(req) },
+                })
+            );
+        }
+    }
 }
 
 module.exports = {
-  checkRoot,
-  checkAdmin,
-  checkUser,
-  checkRoleBuilder,
-  extractAuthData,
-  getIP
+    checkRoot,
+    checkAdmin,
+    checkUser,
+    checkRoleBuilder,
+    extractAuthData,
+    getIP,
 };

package/src/auth/rules.js

@@ -1,54 +1,55 @@
-const ROLES = require('./roles');
-const postWarning = require('../obsolete');
+const ROLES = require("./roles");
+const postWarning = require("../obsolete");
 
-function ruleHasRootDirective(rule){
-  return (Object.prototype.hasOwnProperty.call(rule, 'admin') && rule.admin) || (Object.prototype.hasOwnProperty.call(rule, 'root') && rule.root);
+function ruleHasRootDirective(rule) {
+    return (
+        (Object.prototype.hasOwnProperty.call(rule, "admin") && rule.admin) ||
+        (Object.prototype.hasOwnProperty.call(rule, "root") && rule.root)
+    );
 }
 
-
-function compareWithRoot(rule, root){
-  if (Object.prototype.hasOwnProperty.call(rule, 'admin')) {
-    return rule.admin && root;
-  } else {
-    return rule.root && root;
-  }
+function compareWithRoot(rule, root) {
+    if (Object.prototype.hasOwnProperty.call(rule, "admin")) {
+        return rule.admin && root;
+    } else {
+        return rule.root && root;
+    }
 }
 
-function compareRuleRoles(rule, role, auth){
-  if (ROLES.compareRoles(rule.role, role)) {
-    if (Object.prototype.hasOwnProperty.call(rule, 'auth')) {
-      if (rule.auth && auth) {
-        return true;
-      } else {
-        return (!rule.auth && !auth);
-      }
+function compareRuleRoles(rule, role, auth) {
+    if (ROLES.compareRoles(rule.role, role)) {
+        if (Object.prototype.hasOwnProperty.call(rule, "auth")) {
+            if (rule.auth && auth) {
+                return true;
+            } else {
+                return !rule.auth && !auth;
+            }
+        } else {
+            return true;
+        }
     } else {
-      return true;
+        return false;
     }
-  } else {
-    return false;
-  }
 }
 
-function roleRequireAuthState(requiredAuth, userAuth){
-  if (requiredAuth && userAuth) {
-    return true;
-  } else {
-    return (!requiredAuth && !userAuth);
-  }
+function roleRequireAuthState(requiredAuth, userAuth) {
+    if (requiredAuth && userAuth) {
+        return true;
+    } else {
+        return !requiredAuth && !userAuth;
+    }
 }
 
-function compareAuthStatus(rule, auth){
-  if (Object.prototype.hasOwnProperty.call(rule, 'auth')) {
-    return roleRequireAuthState(rule.auth, auth);
-  } else if (Object.prototype.hasOwnProperty.call(rule, 'user')) {
-    return roleRequireAuthState(rule.user, auth);
-  }else {
-    return true;
-  }
+function compareAuthStatus(rule, auth) {
+    if (Object.prototype.hasOwnProperty.call(rule, "auth")) {
+        return roleRequireAuthState(rule.auth, auth);
+    } else if (Object.prototype.hasOwnProperty.call(rule, "user")) {
+        return roleRequireAuthState(rule.user, auth);
+    } else {
+        return true;
+    }
 }
 
-
 /**
  *	Check rule against presented credentials
  *	@param	{object}		        rule	      action rule
@@ -61,34 +62,33 @@ function compareAuthStatus(rule, auth){
  *	@return {boolean}		        pass or not
  */
 function checkCredentials(rule, auth, role, root) {
-  //no rule - no access
-  if (typeof rule === 'undefined' || rule === null) {
-    return false;
-  } else {
-    //posting message about obsolete options keys if found
-    postWarning(rule);
-    //start comparing from top tier flags
-    //if we have root/admin(obsolete) field field in rule compare only it
-    if (ruleHasRootDirective(rule)) {
-      return compareWithRoot(rule, root);
+    //no rule - no access
+    if (typeof rule === "undefined" || rule === null) {
+        return false;
     } else {
-      //if we have roles in rule, then using role based aproach
-      if (Object.prototype.hasOwnProperty.call(rule, 'role')) {
-        return compareRuleRoles(rule, role, auth);
-      } else {
-        //if no then just
-        return compareAuthStatus(rule, auth);
-      }
+        //posting message about obsolete options keys if found
+        postWarning(rule);
+        //start comparing from top tier flags
+        //if we have root/admin(obsolete) field field in rule compare only it
+        if (ruleHasRootDirective(rule)) {
+            return compareWithRoot(rule, root);
+        } else {
+            //if we have roles in rule, then using role based aproach
+            if (Object.prototype.hasOwnProperty.call(rule, "role")) {
+                return compareRuleRoles(rule, role, auth);
+            } else {
+                //if no then just
+                return compareAuthStatus(rule, auth);
+            }
+        }
     }
-  }
 }
 
-
 module.exports = {
-  checkCredentials,
-  compareAuthStatus,
-  roleRequireAuthState,
-  compareRuleRoles,
-  compareWithRoot,
-  ruleHasRootDirective
+    checkCredentials,
+    compareAuthStatus,
+    roleRequireAuthState,
+    compareRuleRoles,
+    compareWithRoot,
+    ruleHasRootDirective,
 };