sumba 1.1.8 → 1.1.9

package/lib/check-user-id.js

@@ -29,7 +29,7 @@ async function mergeSetting (req) {
 }
 
 async function checkUserId (req, reply, source) {
-  const { isEmpty, camelCase, get } = this.lib._
+  const { merge, isEmpty, camelCase, get } = this.lib._
   const { routePath } = this.app.waibu
 
   const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
@@ -65,19 +65,21 @@ async function checkUserId (req, reply, source) {
       await setUser.call(this, req)
       return
     }
+    const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+    const payload = silentOnError ? { noContent: true } : undefined
     const authMethods = this.config.auth[webApp].methods ?? []
-    if (isEmpty(authMethods)) throw this.error('noAuthMethod', { statusCode: 500 })
+    if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
     let success
     for (const m of authMethods) {
       const handler = this[camelCase(`verify ${m}`)]
-      if (!handler) throw this.error('invalidAuthMethod%s', m, { statusCode: 500 })
-      const check = await handler(req, reply, source)
+      if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+      const check = await handler(req, reply, source, payload)
       if (check) {
         success = check
         break
       }
     }
-    if (!success) throw this.error('accessDeniedNoAuth', { statusCode: 403 })
+    if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
     await mergeSetting.call(this, req)
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "1.1.8",
+  "version": "1.1.9",
   "description": "Bajo Framework's Biz Suite",
   "main": "index.js",
   "scripts": {

package/plugin/factory.js

@@ -69,10 +69,12 @@ async function factory (pkgName) {
             }
           },
           waibuRestApi: {
-            methods: ['basic', 'apiKey', 'jwt']
+            methods: ['basic', 'apiKey', 'jwt'],
+            silentOnError: false
           },
           waibuMpa: {
-            methods: ['session']
+            methods: ['session'],
+            silentOnError: false
           },
           waibuStatic: {
             methods: ['basic', 'apiKey', 'jwt'],
@@ -80,7 +82,8 @@ async function factory (pkgName) {
               useUtf8: true,
               realm: 'Protected Area',
               warningMessage: 'Please authenticate yourself, thank you!'
-            }
+            },
+            silentOnError: false
           }
         },
         redirect: {
@@ -175,7 +178,7 @@ async function factory (pkgName) {
       return output
     }
 
-    verifySession = async (req, reply, source) => {
+    verifySession = async (req, reply, source, payload) => {
       const { getUser } = this
       const { routePath } = this.app.waibu
 
@@ -189,7 +192,8 @@ async function factory (pkgName) {
       throw this.error('_redirect', { redirect: redir })
     }
 
-    verifyApiKey = async (req, reply, source) => {
+    verifyApiKey = async (req, reply, source, payload) => {
+      const { merge } = this.lib._
       const { isMd5, hash } = this.app.bajoExtra
       const { getUser } = this
       const { recordFind } = this.app.dobo
@@ -199,16 +203,16 @@ async function factory (pkgName) {
       token = await hash(token)
       const query = { token }
       const rows = await recordFind('SumbaUser', { query }, { req, noHook: true })
-      if (rows.length === 0) throw this.error('invalidKey', { statusCode: 401 })
-      if (rows[0].status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
+      if (rows.length === 0) throw this.error('invalidKey', merge({ statusCode: 401 }, payload))
+      if (rows[0].status !== 'ACTIVE') throw this.error('userInactive', merge({ details: [{ field: 'status', error: 'inactive' }], statusCode: 401 }, payload))
       req.user = await getUser(rows[0])
       return true
     }
 
-    verifyBasic = async (req, reply, source) => {
+    verifyBasic = async (req, reply, source, payload) => {
       const { getUserFromUsernamePassword } = this
       const { getUser } = this
-      const { isEmpty } = this.lib._
+      const { isEmpty, merge } = this.lib._
 
       const setHeader = async (setting, reply) => {
         const { isString } = this.lib._
@@ -242,16 +246,16 @@ async function factory (pkgName) {
           await setHeader(setting, reply)
           return err.message
         }
-        throw err
+        throw merge(err, payload)
       }
       return true
     }
 
-    verifyJwt = async (req, reply, source) => {
+    verifyJwt = async (req, reply, source, payload) => {
       const { importPkg } = this.app.bajo
       const { recordGet } = this.app.dobo
       const { getUser } = this
-      const { isEmpty } = this.lib._
+      const { isEmpty, merge } = this.lib._
 
       const fastJwt = await importPkg('bajoExtra:fast-jwt')
       const { createVerifier } = fastJwt
@@ -269,10 +273,11 @@ async function factory (pkgName) {
         if (!rec) throw this.error('invalidToken', { statusCode: 401 })
         if (rec.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
         req.user = await getUser(rec)
-        return true
       } catch (err) {
-        return false
+        merge(err, payload)
+        throw err
       }
+      return true
     }
 
     checkPathsByTeam = ({ paths = [], method = 'GET', teams = [], guards = [] }) => {