@opuscapita/bouncer
Advanced tools
Comparing version 1.0.41 to 1.0.42
27
index.js
@@ -17,2 +17,9 @@ const extend = require('extend'); | ||
/** | ||
* Object providing a tenant split into supplier and customer. | ||
* @typedef {object} TenantSplit | ||
* @property {string} supplierId A supplier ID. | ||
* @property {string} customerId A customer ID. | ||
*/ | ||
/** | ||
* Class for applying security to services and additional security APIs. | ||
@@ -299,2 +306,20 @@ * Depending on which parts of this class are used, it requires access to consul, RabbitMQ and acl service. | ||
/** | ||
* Splits an array of tenant IDs into an array of objects containing a supplierId and a customerId. Whenever a | ||
* tenant is a supplier or a customer, the corresponding field is set. | ||
* | ||
* @param {array} tenants - An array containng tenant IDs. | ||
* @returns {TenantSplit} An array of TenantSplit objects. | ||
*/ | ||
splitUserTenants(tenants) | ||
{ | ||
if(!Array.isArray(tenants)) | ||
return [ ]; | ||
return tenants.map(tenantId => ({ | ||
supplierId : tenantId.startsWith('s_') ? tenantId.substr(2) : null, | ||
customerId : tenantId.startsWith('c_') ? tenantId.substr(2) : null | ||
})); | ||
} | ||
/** | ||
* Returns a boolean telling whenever a URL is considered a public resource. | ||
@@ -449,2 +474,3 @@ * @returns {boolean} Returns true or false. | ||
req.opuscapita.getUserTenantsByUrl = () => [ ]; | ||
req.opuscapita.splitUserTenants = (tenants) => this.splitUserTenants(tenants); | ||
@@ -471,2 +497,3 @@ next(); | ||
req.opuscapita.getUserTenantsByUrl = (url, serviceName = null) => this.getUserTenantsByUrl(url, req.opuscapita.userData(), serviceClient, method, serviceName); | ||
req.opuscapita.splitUserTenants = (tenants) => this.splitUserTenants(tenants); | ||
@@ -473,0 +500,0 @@ req.body = req.body && this.filterObject(req.body, allow, remove); |
{ | ||
"name": "@opuscapita/bouncer", | ||
"version": "1.0.41", | ||
"version": "1.0.42", | ||
"description": "API and express middleware for OpusCapita ACl service based access security.", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -23,12 +23,52 @@ # @opuscapita/bouncer | ||
**Attention**: *Bouncer requires the *opuscapita* namespace to be available inside the request object passed to the middleware by express. It ueses opuscapita.logger, opuscapita.serviceClient and opuscapita.userData() which, if used, also require [useridentity-middleware](https://github.com/OpusCapita/useridentity-middleware).* | ||
> *Bouncer requires the *opuscapita* namespace to be available inside the request object passed to the middleware by express. It ueses opuscapita.logger, opuscapita.serviceClient and opuscapita.userData() which, if used, also require [useridentity-middleware](https://github.com/OpusCapita/useridentity-middleware).* | ||
--- | ||
## req.opuscapita methods | ||
Bouncer extends the **req.opuscapita** namespace with several, request bound methods where some of which can only be used if [useridentity-middleware](https://github.com/OpusCapita/useridentity-middleware) is available. | ||
* req.opuscapita.**getUserTenants()** | ||
* *Returns an array of tenants a user has access to on the current endpoint.* | ||
* req.opuscapita.**getUserTenantsByUrl(url, serviceName = null)** | ||
* *Returns an array of tenants a user has access to on a specific endpoint.* | ||
##### getUserTenants / getUserTenantsByUrl / splitUserTenants | ||
Returns an array of tenants a user has access to on the current endpoint. | ||
`req.opuscapita.getUserTenants() : Promise` | ||
Returns an array of tenants a user has access to on a specific endpoint even in a foreign service. | ||
`req.opuscapita.getUserTenantsByUrl(url, serviceName = null)` | ||
Returns an array of objects containing either a supplierId or a customerId field depending on whenever | ||
a tenant is a supplier or a customer. | ||
`req.opuscapita.splitUserTenants(tenants)` | ||
##### Usage example | ||
```JS | ||
async function myEndpoint(req, res) | ||
{ | ||
// Get all user tenants for the current endpoint. | ||
const tenants = await req.opuscapita.getUserTenants(); | ||
// If the tenants array contains a *, access to all tenants is granted. | ||
if(tenants.includes('*')) | ||
{ | ||
res.json({ message : 'Wildcard access granted.' }); | ||
} | ||
else | ||
{ | ||
// Split the list of tenants into customer and supplier IDs. | ||
// Returns [ { supplierId, customerId }, { supplierId, customerId }, ... ] | ||
const split = req.opuscapita.splitUserTenants(tenants); | ||
// Filter and map down to the raw IDs. | ||
const supplierIds = split.filter(split => split.supplierId).map(split => split.supplierId); | ||
const customerIds = split.filter(split => split.customerId).map(split => split.customerId); | ||
res.json({ supplierIds, customerIds }); | ||
} | ||
} | ||
``` | ||
--- | ||
## Defining REST resource groups for Bouncer. | ||
@@ -35,0 +75,0 @@ |
32617
466
211