@nymdev/express-nymag-user
Advanced tools
Comparing version 0.0.4 to 1.0.0
58
index.js
@@ -8,12 +8,2 @@ 'use strict'; | ||
function getDefaultBlockDomains() { | ||
const blockDomains = process.env.BLOCK_DOMAINS; | ||
if (_.isString(blockDomains) && blockDomains.length) { | ||
return _.map(blockDomains.split(','), _.trim); | ||
} else { | ||
return []; | ||
} | ||
} | ||
/** | ||
@@ -30,32 +20,16 @@ * @param {string} target | ||
/** | ||
* @param {string} host | ||
* @param {object} options | ||
* @param {[string]} [options.blockDomains] | ||
* @returns {boolean} | ||
*/ | ||
function isOnBlockList(host, options) { | ||
const blockDomains = _.get(options, 'blockDomains', getDefaultBlockDomains()); | ||
if (!_.isArray(blockDomains)) { | ||
throw new Error('blockDomains must be Array'); | ||
} | ||
return _.any(blockDomains, contains(host)); | ||
} | ||
/** | ||
* Should we block this domain? | ||
* Should we block this request? | ||
* @param {*} req | ||
* @param {object} options | ||
* @param {function} [options.isProtected] | ||
* @param {[string]} [options.blockDomains] | ||
* @returns {boolean} | ||
*/ | ||
function shouldBlock(req, options) { | ||
const host = req.get('host') || '', | ||
isProtected = _.get(options, 'isProtected'), | ||
const isProtected = _.get(options, 'isProtected'), | ||
hasDefinedProtectedLogic = _.isFunction(isProtected), | ||
hasCookiesEnabled = !!req.cookies; | ||
return hasCookiesEnabled && hasDefinedProtectedLogic && isOnBlockList(host, options) && isProtected(req); | ||
return hasCookiesEnabled && | ||
hasDefinedProtectedLogic && | ||
isProtected(req); | ||
} | ||
@@ -72,5 +46,3 @@ | ||
return options.redirectTo(originalUrl); | ||
} else { | ||
return '/'; | ||
} | ||
} | ||
} | ||
@@ -107,2 +79,12 @@ | ||
function redirect(req,res, options) { | ||
var authUrl = getAuthServerUrl(options, getOriginalUrl(req)); | ||
if (authUrl) { | ||
res.redirect(authUrl); | ||
} else { | ||
res.status(403) | ||
.send('Forbidden: Protected resource with no authentication service defined.') | ||
} | ||
} | ||
/** | ||
@@ -119,5 +101,9 @@ * @param {object} options | ||
req.user = user; | ||
next(); | ||
if (shouldBlock(req, options)) { | ||
redirect(req, res, options); | ||
} else { | ||
next(); | ||
} | ||
} else { | ||
res.redirect(getAuthServerUrl(options, getOriginalUrl(req))); | ||
redirect(req, res, options); | ||
} | ||
@@ -124,0 +110,0 @@ } else { |
{ | ||
"name": "@nymdev/express-nymag-user", | ||
"version": "0.0.4", | ||
"version": "1.0.0", | ||
"description": "Handles in-house user identification as middleware for express via a cookie", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
0
3
10406
234