not-node 5.0.22 → 5.1.2

package/src/auth/session.js

@@ -1,6 +1,6 @@
-const log = require('not-log')(module, 'Auth');
-const CONST = require('./const');
-const ROLES = require('./roles');
+const log = require("not-log")(module, "Auth");
+const CONST = require("./const");
+const ROLES = require("./roles");
 
 /**
  *	Checks if user is authenticated, by searching req.session.user
@@ -9,12 +9,12 @@ const ROLES = require('./roles');
  **/
 
 function isUser(req) {
-  return (req && req.session && req.session.user) ? true : false;
+    return req && req.session && req.session.user ? true : false;
 }
 
 function ifUser(req) {
-  log.error('ifUser is obsolete, use new version as isUser');
-  return isUser(req);
+    log.error("ifUser is obsolete, use new version as isUser");
+    return isUser(req);
 }
 
 /**
@@ -23,7 +23,9 @@ function ifUser(req) {
  *	@return user role
  **/
 function getRole(req) {
-  return (req && req.session && req.session.role) ? req.session.role : undefined;
+    return req && req.session && req.session.role
+        ? req.session.role
+        : undefined;
 }
 
 /**
@@ -32,15 +34,15 @@ function getRole(req) {
  *	@param	{Array<string>}	role 	array of roles
  **/
 function setRole(req, role) {
-  if (req && req.session) {
-    req.session.role = role;
-  }
+    if (req && req.session) {
+        req.session.role = role;
+    }
 }
 
 function setId(req, _id) {
-  log.error('setId is obsolete, use new version as setUserId');
-  log.error(req.originalUrl);
-  return setUserId(req, _id);
+    log.error("setId is obsolete, use new version as setUserId");
+    log.error(req.originalUrl);
+    return setUserId(req, _id);
 }
 
 /**
@@ -49,40 +51,39 @@ function setId(req, _id) {
  *	@param	{string}	_id 	user id
  **/
 function setUserId(req, _id) {
-  if (req && req.session) {
-    req.session.user = _id;
-  }
+    if (req && req.session) {
+        req.session.user = _id;
+    }
 }
 
-
 /**
  *	Returns true if user is admin
  *	@param	{object}	req 	Express Request object
  *	@return {boolean}	true - admin, false - not admin
  **/
 function ifAdmin(req) {
-  log.error('ifAdmin is obsolete, use new version as isRoot');
-  log.error(req.originalUrl);
-  return isRoot(req);
+    log.error("ifAdmin is obsolete, use new version as isRoot");
+    log.error(req.originalUrl);
+    return isRoot(req);
 }
 
 function isRoot(req) {
-  return isUser(req) && ROLES.compareRoles(getRole(req), CONST.DEFAULT_USER_ROLE_FOR_ADMIN);
+    return (
+        isUser(req) &&
+        ROLES.compareRoles(getRole(req), CONST.DEFAULT_USER_ROLE_FOR_ADMIN)
+    );
 }
 
-
-
-
 /**
  *	Get user id for active session
  *	@param	{object}	req 	Express Request
  **/
 function getUserId(req) {
-  if(req && req.session){
-    return req.session.user;
-  }else{
-    return undefined;
-  }
+    if (req && req.session) {
+        return req.session.user;
+    } else {
+        return undefined;
+    }
 }
 
 /**
@@ -90,14 +91,13 @@ function getUserId(req) {
  *	@param	{object}	req 	Express Request
  **/
 function getSessionId(req) {
-  if(req && req.session && req.session.id){
-    return req.session.id.toString();
-  }else{
-    return undefined;
-  }
+    if (req && req.session && req.session.id) {
+        return req.session.id.toString();
+    } else {
+        return undefined;
+    }
 }
 
-
 /**
  *	Set auth data in session, user id and role
  *	@param	{object}	req 	Express Request
@@ -105,21 +105,20 @@ function getSessionId(req) {
  *	@param	{string}	role 	user role
  **/
 function setAuth(req, id, role) {
-  setUserId(req, id);
-  setRole(req, role);
+    setUserId(req, id);
+    setRole(req, role);
 }
 
-
 /**
  *	Set auth data in session to Guest
  *	@param	{object}	req 	Express Request
  **/
 function setGuest(req) {
-  if (req && req.session) {
-    req.user = null;
-    req.session.user = null;
-    setRole(req, [CONST.DEFAULT_USER_ROLE_FOR_GUEST]);
-  }
+    if (req && req.session) {
+        req.user = null;
+        req.session.user = null;
+        setRole(req, [CONST.DEFAULT_USER_ROLE_FOR_GUEST]);
+    }
 }
 
 /**
@@ -127,27 +126,26 @@ function setGuest(req) {
  *	@param	{object}	req 	Express Request
  **/
 function cleanse(req) {
-  if (req && req.session) {
-    setGuest(req);
-    if (req.session.destroy) {
-      req.session.destroy();
+    if (req && req.session) {
+        setGuest(req);
+        if (req.session.destroy) {
+            req.session.destroy();
+        }
     }
-  }
 }
 
-
 module.exports = {
-  isUser,
-  ifUser,
-  ifAdmin,
-  isRoot,
-  getRole,
-  setRole,
-  setId,
-  getUserId,
-  setUserId,
-  getSessionId,
-  setAuth,
-  setGuest,
-  cleanse
+    isUser,
+    ifUser,
+    ifAdmin,
+    isRoot,
+    getRole,
+    setRole,
+    setId,
+    getUserId,
+    setUserId,
+    getSessionId,
+    setAuth,
+    setGuest,
+    cleanse,
 };

package/src/bootstrap/form.js

@@ -1,18 +1,18 @@
 const { getIP } = require("../auth"),
-	configInit = require("not-config"),
-	{ sayForModule } = require("not-locale"),
-	LogInit = require("not-log");
+    configInit = require("not-config"),
+    { sayForModule } = require("not-locale"),
+    LogInit = require("not-log");
 
 module.exports = ({ target, MODULE_NAME, MODEL_NAME, ACTION_NAME }) => {
-	const Log = LogInit(target, `${MODEL_NAME}/Forms'`);
-	const say = sayForModule(MODULE_NAME);
+    const Log = LogInit(target, `${MODEL_NAME}/Forms'`);
+    const say = sayForModule(MODULE_NAME);
 
-	const config = configInit.readerForModule(MODULE_NAME);
-	return {
-		getIP,
-		FORM_NAME: `${MODULE_NAME}:${ACTION_NAME}Form`,
-		Log,
-		say,
-		config,
-	};
+    const config = configInit.readerForModule(MODULE_NAME);
+    return {
+        getIP,
+        FORM_NAME: `${MODULE_NAME}:${ACTION_NAME}Form`,
+        Log,
+        say,
+        config,
+    };
 };

package/src/bootstrap/logic.js

@@ -1,46 +1,50 @@
 const getApp = require("../getApp.js"),
-  configInit = require("not-config"),
-  {sayForModule, modulePhrase} = require('not-locale'),
-  LogInit = require("not-log");
+    configInit = require("not-config"),
+    { sayForModule, modulePhrase } = require("not-locale"),
+    LogInit = require("not-log");
 
+module.exports = ({
+    target,
+    MODULE_NAME,
+    MODEL_NAME,
+    USER_MODEL_NAME = "not-user//User",
+}) => {
+    const Log = LogInit(target, `${MODULE_NAME}/Logic/${MODEL_NAME}`);
+    const say = sayForModule(MODULE_NAME);
+    const phrase = modulePhrase(MODULE_NAME);
+    const config = configInit.readerForModule(MODULE_NAME);
 
-module.exports = ({target, MODULE_NAME, MODEL_NAME, USER_MODEL_NAME = 'not-user//User'})=>{
+    const LogAction = ({ action, by, role, ip, root }, params = {}) => {
+        Log.log({
+            time: new Date(),
+            module: MODULE_NAME,
+            logic: MODEL_NAME,
+            action,
+            root,
+            by,
+            role,
+            ip,
+            params,
+        });
+    };
 
-  const Log = LogInit(target, `${MODULE_NAME}/Logic/${MODEL_NAME}`);
-  const say = sayForModule(MODULE_NAME);
-  const phrase = modulePhrase(MODULE_NAME);
-  const config = configInit.readerForModule(MODULE_NAME);
-
-  const LogAction = ({action, by, role, ip}, params = {})=>{
-    Log.log({
-      time: new Date(),
-      module: MODULE_NAME,
-      logic: MODEL_NAME,
-      action,
-      by,
-      role,
-      ip,
-      params
-    });
-  };
-
-  return {
-    Log,
-    LogAction,
-    say,
-    phrase,
-    config,
-    getModel(){
-      return getApp().getModel(`${MODULE_NAME}//${MODEL_NAME}`);
-    },
-    getModelSchema(){
-      return getApp().getModelSchema(`${MODULE_NAME}//${MODEL_NAME}`);
-    },
-    getLogic(){
-      return getApp().getLogic(`${MODULE_NAME}//${MODEL_NAME}`);
-    },
-    getModelUser(){
-      return getApp().getModel(USER_MODEL_NAME);
-    }
-  }
+    return {
+        Log,
+        LogAction,
+        say,
+        phrase,
+        config,
+        getModel() {
+            return getApp().getModel(`${MODULE_NAME}//${MODEL_NAME}`);
+        },
+        getModelSchema() {
+            return getApp().getModelSchema(`${MODULE_NAME}//${MODEL_NAME}`);
+        },
+        getLogic() {
+            return getApp().getLogic(`${MODULE_NAME}//${MODEL_NAME}`);
+        },
+        getModelUser() {
+            return getApp().getModel(USER_MODEL_NAME);
+        },
+    };
 };

package/src/bootstrap/model.js

@@ -1,18 +1,15 @@
-const 
-  configInit = require("not-config"),
-  { sayForModule } = require("not-locale"),
-
-  LogInit = require("not-log");
-
-module.exports = ({ target, MODULE_NAME, MODEL_NAME}) => {
-  const Log = LogInit(target, `${MODEL_NAME}/Models'`);
-  const say = sayForModule(MODULE_NAME);
-
-  const config = configInit.readerForModule(MODULE_NAME);
-  return {
-    Log,
-    say,
-    config
-  };
-
+const configInit = require("not-config"),
+    { sayForModule } = require("not-locale"),
+    LogInit = require("not-log");
+
+module.exports = ({ target, MODULE_NAME, MODEL_NAME }) => {
+    const Log = LogInit(target, `${MODEL_NAME}/Models'`);
+    const say = sayForModule(MODULE_NAME);
+
+    const config = configInit.readerForModule(MODULE_NAME);
+    return {
+        Log,
+        say,
+        config,
+    };
 };

package/src/bootstrap/route.js

@@ -1,60 +1,139 @@
 const getApp = require("../getApp.js"),
-  configInit = require("not-config"),
-  { sayForModule } = require("not-locale"),
-  { objHas } = require("../common"),
-  LogInit = require("not-log");
+    HttpExceptions = require("../exceptions/http"),
+    configInit = require("not-config"),
+    { sayForModule } = require("not-locale"),
+    { objHas, isFunc, executeFunctionAsAsync } = require("../common"),
+    LogInit = require("not-log");
 
-module.exports = ({ target, MODULE_NAME, MODEL_NAME, USER_MODEL_NAME = 'not-user//User' }) => {
-  const Log = LogInit(target, `${MODEL_NAME}/Routes'`);
-  const say = sayForModule(MODULE_NAME);
+module.exports = ({
+    target,
+    MODULE_NAME,
+    MODEL_NAME,
+    USER_MODEL_NAME = "not-user//User",
+    /***
+     * function signature
+     * (
+     * prepared: any, //data output from notForm extractor
+     * {
+                req,                        //ExpressRequest
+                Log,                        //dedicated Logger
+                say,                        //precondfigured 'say'
+                config,                     //precondfigured 'config' reader
+                MODULE_NAME,                //context
+                MODEL_NAME,                 //
+                ACTION_NAME,                //
+                USER_MODEL_NAME,            //
+            },
+     * 
+     * )=>{
+     *  //pass if access rights is ok
+     *  //or throw an exception if rights is no good
+     * }
+     */
+    accessRulesBuilders = {}, //per action builders, {actionName: (preapared: any, req: ExpressRequest)=>{/** pass or throw an exception **/ */}}
+    accessRuleBuilder = false, //universal will be used if no dedicated action builder was found
+    defaultAccessRule = false, //if builder is not found, safe by default
+}) => {
+    const Log = LogInit(target, `${MODEL_NAME}/Routes'`);
+    const say = sayForModule(MODULE_NAME);
+    const config = configInit.readerForModule(MODULE_NAME);
 
-  const beforeDecorator = async (req, res, next) => {
-    const name = req.notRouteData.actionName;
-    const FormValidator = getApp().getForm(
-      [MODULE_NAME, name.replace("_", "")].join("//")
-    );
-    if (FormValidator) {
-      return await FormValidator.run(req, res, next);
-    } else {
-      return {};
-    }
-  };
+    const excuteAccessRules = async (accessRulesBuilder, params) => {
+        //in case if one function
+        if (isFunc(accessRulesBuilder)) {
+            await executeFunctionAsAsync(accessRulesBuilder, params);
+            //if this is array of functions
+        } else if (Array.isArray(accessRulesBuilder)) {
+            const checks = accessRulesBuilder.map((proc) => {
+                return executeFunctionAsAsync(proc, params);
+            });
+            await Promise.all(checks);
+        }
+    };
+    /**
+     * access rights check
+     */
+    const checkAccessRules = async (actionName, prepared, req) => {
+        const params = [
+            prepared,
+            {
+                req,
+                Log,
+                say,
+                config,
+                MODULE_NAME,
+                MODEL_NAME,
+                ACTION_NAME: actionName,
+                USER_MODEL_NAME,
+            },
+        ];
+        if (accessRulesBuilders && objHas(accessRulesBuilders, actionName)) {
+            const actionAccessRules = accessRulesBuilders[actionName];
+            await excuteAccessRules(actionAccessRules, params);
+        }
+        if (accessRuleBuilder) {
+            await excuteAccessRules(accessRuleBuilder, params);
+        }
+        if (!defaultAccessRule) {
+            throw new HttpExceptions.HttpExceptionForbidden();
+        }
+    };
 
-  const afterDecorator = (req, res, next, result) => {
-    const name = req.notRouteData.actionName;
-    if (res.headersSent) {
-      return;
-    }
-    if (result && objHas(result, "__redirect__")) {
-      res.status(200).redirect(result.__redirect__);
-    } else {
-      res.status(200).json({
-        status: "ok",
-        message: say(`action_message_${name}_success`, {}, res.locals.locale),
-        result,
-      });
-    }
-  };
+    const beforeDecorator = async (req, res, next) => {
+        const actionName = req.notRouteData.actionName;
+        const trimmedActionName = actionName.replace("_", "");
+        const FormValidator = getApp().getForm(
+            [MODULE_NAME, trimmedActionName].join("//")
+        );
+        if (FormValidator) {
+            const prepared = await FormValidator.run(req, res, next);
+            checkAccessRules(trimmedActionName, prepared);
+            return prepared;
+        } else {
+            return {};
+        }
+    };
 
-  const config = configInit.readerForModule(MODULE_NAME);
-  return {
-    before: beforeDecorator,
-    after: afterDecorator,
-    Log,
-    say,
-    config,
-    getModel() {
-      return getApp().getModel(`${MODULE_NAME}//${MODEL_NAME}`);
-    },
-    getModelSchema() {
-      return getApp().getModelSchema(`${MODULE_NAME}//${MODEL_NAME}`);
-    },
-    getLogic() {
-      return getApp().getLogic(`${MODULE_NAME}//${MODEL_NAME}`);
-    },
-    getModelUser(){
-      return getApp().getModel(USER_MODEL_NAME);
-    }
-  };
+    const afterDecorator = (req, res, next, result) => {
+        const name = req.notRouteData.actionName;
+        if (res.headersSent) {
+            return;
+        }
+        if (result && objHas(result, "__redirect__")) {
+            res.status(200).redirect(result.__redirect__);
+        } else {
+            res.status(200).json({
+                status: "ok",
+                message: say(
+                    `action_message_${name}_success`,
+                    {},
+                    res.locals.locale
+                ),
+                result,
+            });
+        }
+    };
 
+    return {
+        MODULE_NAME,
+        MODEL_NAME,
+        before: beforeDecorator,
+        after: afterDecorator,
+        checkAccessRules,
+        Log,
+        say,
+        config,
+        getModel() {
+            return getApp().getModel(`${MODULE_NAME}//${MODEL_NAME}`);
+        },
+        getModelSchema() {
+            return getApp().getModelSchema(`${MODULE_NAME}//${MODEL_NAME}`);
+        },
+        getLogic() {
+            return getApp().getLogic(`${MODULE_NAME}//${MODEL_NAME}`);
+        },
+        getModelUser() {
+            return getApp().getModel(USER_MODEL_NAME);
+        },
+    };
 };