const scopeChecker = require('@asymmetrik/sof-scope-checker');

let hasValidScopes = (name, action) => {
  return function (req, res, next) {
    let scopes = parseScopes(req && req.user);
    let { error, success } = scopeChecker(name, action, scopes);

    // Log the error, wrap in operation outcome or GraphQL specific error
    // You can check the type of the error as well since we use custom errors

    if (error) {
      next(error);
    } else {
      next();
    }
  }
};

app.get(
  '/Patient',
  hasValidScopes('Patient', 'read'),
  patientController
)

See sof-scope-checker tests for more usage examples.

NOTE: The error returned is an extension of the native JS error. It adds a type property to the error which can have a value of 'internal' representing a misconfiguration, or 'forbidden' representing a case where the scopes are not sufficient.

Arguments

@asymmetrik/sof-scope-checker exports a single function which takes three arguments.

`name`

Name of the resource or patient.

Type: String
Required: true

`action`

The action the user wants to take. Can be read, write, or *.

Type: String
Required: true

`scopes`

The scopes available to the user.

Type: Array<String>
Required: true

FAQs

What is @asymmetrik/sof-scope-checker?

Is @asymmetrik/sof-scope-checker popular?

Is @asymmetrik/sof-scope-checker well maintained?

Package last updated on 23 Sep 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@asymmetrik/sof-scope-checker

Install

Usage

Arguments

name

action

scopes

Related posts

rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's uv

Nx Investigation Reveals GitHub Actions Workflow Exploit Led to npm Token Theft, Prompting Switch to Trusted Publishing

`name`

`action`

`scopes`