Socket
Socket
Sign inDemoInstall

@startupjs/sharedb-access

Package Overview
Dependencies
Maintainers
7
Versions
80
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@startupjs/sharedb-access - npm Package Compare versions

Comparing version 0.29.2 to 0.29.4

14

lib/index.js

@@ -5,8 +5,2 @@ const _ = require('lodash')

// there are local extensions of error codes for error classification
// code 403.1: Permission denied (create)
// code 403.2: Permission denied (read)
// code 403.3: Permission denied (update)
// code 403.4: Permission denied (delete)
const operations = [

@@ -140,3 +134,3 @@ 'Read',

return { message: '403: Permission denied (update), collection: ' + collection + ', docId: ' + docId, code: 403.3 }
return { message: '403: Permission denied (update), collection: ' + collection + ', docId: ' + docId, code: 403 }
}

@@ -177,3 +171,3 @@

return { message: '403: Permission denied (create), collection: ' + collection + ', docId: ' + docId, code: 403.1 }
return { message: '403: Permission denied (create), collection: ' + collection + ', docId: ' + docId, code: 403 }
}

@@ -189,3 +183,3 @@

return { message: '403: Permission denied (delete), collection: ' + collection + ', docId: ' + docId, code: 403.4 }
return { message: '403: Permission denied (delete), collection: ' + collection + ', docId: ' + docId, code: 403 }
}

@@ -237,3 +231,3 @@

return { message: '403: Permission denied (read), collection: ' + collection + ', docId: ' + docId, code: 403.2 }
return { message: '403: Permission denied (read), collection: ' + collection + ', docId: ' + docId, code: 403 }
}

@@ -240,0 +234,0 @@

4

package.json
{
"name": "@startupjs/sharedb-access",
"version": "0.29.2",
"version": "0.29.4",
"description": "Sharedb access-control midleware",

@@ -36,3 +36,3 @@ "publishConfig": {

},
"gitHead": "ae4aa50407840410fd4822748e2a409fb5c68dfa"
"gitHead": "c9f466ea1e4bfdec2cd602bd646de1f4d75bd3cd"
}

36

test/testCreate.mocha.js

@@ -14,2 +14,5 @@ const assert = require('assert')

const $session = model.scope('_session')
const errorTemplate = 'Permission denied (create)'
describe('CREATE', function () {

@@ -21,3 +24,3 @@ afterEach(function () {

it('deny = false && allow = false => err{ code: 403.1 }', async () => {
it('deny = false && allow = false => err{ code: 403 }', async () => {
backend.denyCreate('tasksCreate', async (docId, doc, session) => {

@@ -32,7 +35,10 @@ return false

await model.add('tasksCreate', { id, type: 'testCreate' })
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.1)
return
assert(false)
}
assert(false)
})

@@ -57,3 +63,3 @@

it('deny = true && allow = false => err{ code: 403.1 }', async () => {
it('deny = true && allow = false => err{ code: 403 }', async () => {
backend.denyCreate('tasksCreate', async (docId, doc, session) => {

@@ -69,10 +75,13 @@ return true

await model.add('tasksCreate', { id, type: 'testCreate' })
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.1)
return
assert(false)
}
assert(false)
})
it('deny = true && allow = true => err{ code: 403.1 }', async () => {
it('deny = true && allow = true => err{ code: 403 }', async () => {
backend.denyCreate('tasksCreate', async (docId, doc, session) => {

@@ -88,8 +97,11 @@ return true

await model.add('tasksCreate', { id, type: 'testCreate' })
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.1)
return
assert(false)
}
assert(false)
})
})

36

test/testDelete.mocha.js

@@ -15,2 +15,5 @@ const assert = require('assert')

const $session = model.scope('_session')
const errorTemplate = 'Permission denied (delete)'
describe('DELETE', function () {

@@ -36,3 +39,3 @@ before(async () => {

it('deny = false && allow = false => err{ code: 403.4 }', async () => {
it('deny = false && allow = false => err{ code: 403 }', async () => {
backend.denyDelete('tasksDelete', async (docId, doc, session) => {

@@ -49,7 +52,10 @@ return false

await $task.del()
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.4)
return
assert(false)
}
assert(false)
})

@@ -76,3 +82,3 @@

it('deny = true && allow = false => err{ code: 403.4 }', async () => {
it('deny = true && allow = false => err{ code: 403 }', async () => {
backend.denyCreate('tasksCreate', async (docId, doc, session) => {

@@ -89,10 +95,13 @@ return true

await $task.del()
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.4)
return
assert(false)
}
assert(false)
})
it('deny = true && allow = true => err{ code: 403.4 }', async () => {
it('deny = true && allow = true => err{ code: 403 }', async () => {
backend.denyCreate('tasksCreate', async (docId, doc, session) => {

@@ -109,8 +118,11 @@ return true

await $task.del()
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.4)
return
assert(false)
}
assert(false)
})
})

36

test/testRead.mocha.js

@@ -15,2 +15,5 @@ const assert = require('assert')

const $session = model.scope('_session')
const errorTemplate = 'Permission denied (read)'
describe('READ', function () {

@@ -50,3 +53,3 @@ before(async () => {

it('deny = false && allow = false => err{ code: 403.2 }', async () => {
it('deny = false && allow = false => err{ code: 403 }', async () => {
backend.denyRead('tasksRead', async (docId, doc, session) => {

@@ -63,10 +66,13 @@ return false

$task.unsubscribe()
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.2)
return
assert(false)
}
assert(false)
})
it('deny = true && allow = false => err{ code: 403.2 }', async () => {
it('deny = true && allow = false => err{ code: 403 }', async () => {
backend.denyRead('tasksRead', async (docId, doc, session) => {

@@ -83,10 +89,13 @@ return true

$task.unsubscribe()
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.2)
return
assert(false)
}
assert(false)
})
it('deny = true && allow = true => err{ code: 403.2 }', async () => {
it('deny = true && allow = true => err{ code: 403 }', async () => {
backend.denyRead('tasksRead', async (docId, doc, session) => {

@@ -102,8 +111,11 @@ return true

$task.unsubscribe()
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.2)
return
assert(false)
}
assert(false)
})
})

36

test/testUpdate.mocha.js

@@ -15,2 +15,5 @@ const assert = require('assert')

const $session = model.scope('_session')
const errorTemplate = 'Permission denied (update)'
// test number so that each change is unique

@@ -41,3 +44,3 @@ let number = 1

it('deny = false && allow = false => err{ code: 403.3 }', async () => {
it('deny = false && allow = false => err{ code: 403 }', async () => {
backend.denyUpdate('tasksUpdate', async (docId, oldDoc, session, ops, newDoc) => {

@@ -53,7 +56,10 @@ return false

await $task.set('newField' + getTestNumber(), 'testInfo')
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.3)
return
assert(false)
}
assert(false)
})

@@ -79,3 +85,3 @@

it('deny = true && allow = false => err{ code: 403.3 }', async () => {
it('deny = true && allow = false => err{ code: 403 }', async () => {
backend.denyUpdate('tasksUpdate', async (docId, oldDoc, session, ops, newDoc) => {

@@ -91,10 +97,13 @@ return true

await $task.set('newField' + getTestNumber(), 'testInfo')
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.3)
return
assert(false)
}
assert(false)
})
it('deny = true && allow = true => err{ code: 403.3 }', async () => {
it('deny = true && allow = true => err{ code: 403 }', async () => {
backend.denyUpdate('tasksUpdate', async (docId, oldDoc, session, ops, newDoc) => {

@@ -110,8 +119,11 @@ return true

await $task.set('newField' + getTestNumber(), 'testInfo')
const accessError = $session.get('_accessError')
assert.strictEqual(accessError.message.includes(errorTemplate), true)
assert.strictEqual(accessError.code, 403)
} catch (e) {
assert.strictEqual(e.code, 403.3)
return
assert(false)
}
assert(false)
})
})
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc