@startupjs/sharedb-access - npm Package Compare versions

Comparing version 0.55.0-alpha.1 to 0.55.0-alpha.12

lib/error.js

@@ -1,16 +0,8 @@
-// there is no way to transfer any fields other than message and code, becouse https://github.com/share/sharedb/blob/master/lib/agent.js#L278
-function ShareDBAccessError (code, message) {
-  this.code = code
-  this.message = message || ''
-  if (Error.captureStackTrace) {
-    Error.captureStackTrace(this, ShareDBAccessError)
-  } else {
-    this.stack = new Error().stack
+export default class ShareDBAccessError extends Error {
+  constructor (code, message) {
+    super(message)
+
+    this.code = code
+    this.name = 'ShareDBAccessError'
   }
 }
-
-ShareDBAccessError.prototype = Object.create(Error.prototype)
-ShareDBAccessError.prototype.constructor = ShareDBAccessError
-ShareDBAccessError.prototype.name = 'ShareDBAccessError'
-
-module.exports = ShareDBAccessError

lib/index.js

@@ -1,6 +0,8 @@
-const _ = require('lodash')
-const debug = require('debug')('access')
-const util = require('./util')
-const ShareDBAccessError = require('./error')
+import cloneDeep from 'lodash/cloneDeep.js'
+import isFunction from 'lodash/isFunction.js'
+import debugModule from 'debug'
+import { patternToRegExp, lookup } from './util.js'
+import ShareDBAccessError from './error.js'
 
+const debug = debugModule('access')
 const operations = [
@@ -15,31 +17,29 @@ 'Read',
 function validateKeys (obj, collectionName) {
-  Object.keys(obj).map(key => {
+  for (const key of Object.keys(obj)) {
     if (!validKeys.includes(key)) {
       throw new Error(`Invalid access property ${key} in collection ${collectionName}. You need to use only 'create', 'read', 'update', 'delete' keys.`)
     }
-  })
+  }
 }
 
-function registerOrmRules (backend, pattern, access) {
+export function registerOrmRules (backend, pattern, access) {
   // if there are extra fields, an exception is thrown
   validateKeys(access, pattern)
 
-  operations.map(op => {
+  for (const op of operations) {
     // the user can write the first letter of the rules in any case
     const fn = access[op.charAt(0).toLowerCase() + op.slice(1)]
-    if (fn) {
-      const collection = pattern.replace(/\.\*$/u, '')
-      backend['allow' + op](collection, (...params) => {
-        const [,, session] = params
-        const userId = session.userId
-        const model = global.__clients[userId].model
-        return fn(model, collection, ...params)
-      })
-    }
-  })
+    if (!fn) continue
+    const collection = pattern.replace(/\.\*$/u, '')
+    backend['allow' + op](collection, (...params) => {
+      const [,, session] = params
+      const userId = session.userId
+      const model = global.__clients[userId].model
+      return fn(model, collection, ...params)
+    })
+  }
 }
 
-function rigisterOrmRulesFromFactory (backend, pattern, factory) {
-  operations.map(op => {
-    // the user can write the first letter of the rules in any case
+export function rigisterOrmRulesFromFactory (backend, pattern, factory) {
+  for (const op of operations) {
     const collection = pattern.replace(/\.\*$/u, '')
@@ -66,3 +66,3 @@ backend['allow' + op](collection, async (...params) => {
     })
-  })
+  }
 }
@@ -74,3 +74,3 @@
 
-class ShareDBAccess {
+export default class ShareDBAccess {
   constructor (backend, options) {
@@ -101,3 +101,3 @@ if (!(this instanceof ShareDBAccess)) return new ShareDBAccess(backend, options)
           allow[op]['**'] = allow[op]['**'] || []
-          allow[op]['**'].push({ fn: fn, pattern: collection })
+          allow[op]['**'].push({ fn, pattern: collection })
         } else {
@@ -116,3 +116,3 @@ allow[op][collection] = allow[op][collection] || []
           deny[op]['**'] = deny[op]['**'] || []
-          deny[op]['**'].push({ fn: fn, pattern: collection })
+          deny[op]['**'].push({ fn, pattern: collection })
         } else {
@@ -169,3 +169,3 @@ deny[op][collection] = deny[op][collection] || []
     if (ok) return
-    throw new ShareDBAccessError('ERR_ACCESS_DENY_UPDATE', '403: Permission denied (update), collection: ' + collection + ', docId: ' + docId)
+    return new ShareDBAccessError('ERR_ACCESS_DENY_UPDATE', '403: Permission denied (update), collection: ' + collection + ', docId: ' + docId)
   }
@@ -204,3 +204,3 @@
       if (ok) return
-      throw new ShareDBAccessError('ERR_ACCESS_DENY_CREATE', '403: Permission denied (create), collection: ' + collection + ', docId: ' + docId)
+      return new ShareDBAccessError('ERR_ACCESS_DENY_CREATE', '403: Permission denied (create), collection: ' + collection + ', docId: ' + docId)
     }
@@ -215,3 +215,3 @@
       if (ok) return
-      throw new ShareDBAccessError('ERR_ACCESS_DENY_DELETE', '403: Permission denied (delete), collection: ' + collection + ', docId: ' + docId)
+      return new ShareDBAccessError('ERR_ACCESS_DENY_DELETE', '403: Permission denied (delete), collection: ' + collection + ', docId: ' + docId)
     }
@@ -221,3 +221,3 @@
     if (!this.options.dontUseOldDocs) {
-      shareRequest.originalSnapshot = _.cloneDeep(snapshot)
+      shareRequest.originalSnapshot = cloneDeep(snapshot)
     }
@@ -232,3 +232,3 @@ }
         id: snapshot.id,
-        snapshot: snapshot,
+        snapshot,
         agent: shareRequest.agent
@@ -263,3 +263,3 @@ })
     if (ok) return
-    throw new ShareDBAccessError('ERR_ACCESS_DENY_READ', '403: Permission denied (read), collection: ' + collection + ', docId: ' + docId)
+    return new ShareDBAccessError('ERR_ACCESS_DENY_READ', '403: Permission denied (read), collection: ' + collection + ', docId: ' + docId)
   }
@@ -289,3 +289,3 @@
 
-      const regExp = util.patternToRegExp(pattern)
+      const regExp = patternToRegExp(pattern)
 
@@ -307,3 +307,3 @@ if (regExp.test(collection)) isAllowed = await apply(allowPatterns[i])
 
-      const regExp = util.patternToRegExp(pattern)
+      const regExp = patternToRegExp(pattern)
 
@@ -323,3 +323,3 @@ if (regExp.test(collection)) isDenied = await apply(denyPatterns[i])
     async function apply (validator) {
-      if (_.isFunction(validator)) return await validator.apply(this, args)
+      if (isFunction(validator)) return await validator.apply(this, args)
       return await validator.fn.apply(this, args)
@@ -330,5 +330,2 @@ }
 
-module.exports = ShareDBAccess
-module.exports.lookup = util.lookup
-module.exports.registerOrmRules = registerOrmRules
-module.exports.rigisterOrmRulesFromFactory = rigisterOrmRulesFromFactory
+export { lookup }

lib/util.js

@@ -0,6 +1,5 @@
+export function relevantPath (pattern, op) {
+  const segments = segmentsFor(op)
+  const patternSegments = pattern.split('.')
 
-const relevantPath = (pattern, op) => {
-  let segments = segmentsFor(op)
-  let patternSegments = pattern.split('.')
-
   if (segments.length !== patternSegments.length) {
@@ -14,3 +13,3 @@ return false
 
-  let regExp = patternToRegExp(patternSegments.join('.'))
+  const regExp = patternToRegExp(patternSegments.join('.'))
 
@@ -20,3 +19,3 @@ return regExp.test(segments.join('.'))
 
-const lookup = (segments, doc) => {
+export function lookup (segments, doc) {
   let curr = doc
@@ -34,4 +33,4 @@ let part
 
-const patternToRegExp = (pattern) => {
-  let regExpString = pattern
+export function patternToRegExp (pattern) {
+  const regExpString = pattern
     .replace(/\./g, '\\.')
@@ -44,4 +43,4 @@ .replace(/\*\*/g, '(.+)')
 
-const segmentsFor = (item) => {
-  let relativeSegments = item.p
+export function segmentsFor (item) {
+  const relativeSegments = item.p
 
@@ -53,12 +52,4 @@ if (normalPath(item)) return relativeSegments
 
-const normalPath = (item) => {
+export function normalPath (item) {
   return 'oi' in item || 'od' in item || 'li' in item || 'ld' in item || 'na' in item
 }
-
-module.exports = {
-  relevantPath,
-  lookup,
-  patternToRegExp,
-  segmentsFor,
-  normalPath
-}

package.json

 {
   "name": "@startupjs/sharedb-access",
-  "version": "0.55.0-alpha.1",
+  "version": "0.55.0-alpha.12",
   "description": "Sharedb access-control midleware",
@@ -8,6 +8,6 @@ "publishConfig": {
   },
+  "type": "module",
   "main": "lib/index.js",
   "scripts": {
-    "test": "yarn createTemp && node_modules/.bin/mocha test/*.mocha.js",
-    "createTemp": "rm -rf ./temp && ./node_modules/.bin/babel ../../node_modules/@startupjs/orm/lib/promisifyRacer.js --out-dir temp"
+    "test": "mocha test/*.mocha.js"
   },
@@ -26,12 +26,7 @@ "keywords": [
   "devDependencies": {
-    "@babel/cli": "^7.11.6",
-    "@babel/core": "^7.11.6",
-    "@babel/preset-env": "^7.11.5",
-    "@startupjs/orm": "^0.55.0-alpha.1",
-    "chai": "^4.2.0",
     "mocha": "^8.1.3",
     "racer": "1.0.1",
-    "sharedb-mongo": "1.0.0-beta.21"
+    "sharedb": "^2.0.0"
   },
-  "gitHead": "f9f14627172890e54490aa3717e21f19614a958b"
+  "gitHead": "d9fdf45341ca733978cdc4fa2562055922e0c2ed"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

3

decreased by-62.5%

Number of medium supply chain risk alerts

0

decreased by-100%

Is type module

Yes

Worsened metrics

Total package byte prevSize

14690

decreased by-6.28%

Number of package files

5

decreased by-16.67%

Lines of code

293

decreased by-6.39%

No dependency changes