baucis-decorator-auth

baucis-decorator-auth

Allows you to specify authentication parameters for properties within any baucis resource's mongoose schema and adds authentication routes.

Install

npm install baucis-decorators baucis-decorator-auth --save

Usage

You'll need 5 properties for this. The main one specifies who is currently authenticated to the resource and should contain an auth field, which contains references to the other 4 properties by the keys password, enabler, designator, and resetter, as well as a roles key that should optionally contain different sets of Boolean values for the access control. It is probably easiest to just check out the example below.

Four endpoints are added, login, logout, reset-password, and set-password. The password reset functionality is a WIP as it needs to allow for custom emails. Also keep in mind that authentication and access control can work for any resource, not just users.

Following the example below, if some User has publicViewing set to false and POSTs the proper id (or name) and viewingPassword to /api/users/login, said User will be able to view the resource. Alternatively, the User will be able to view the resource if they are in the viewers list.

Example

controllers/User.js

var baucis = require('baucis');
var mongoose = require('mongoose');
var Schema = mongoose.Schema;

var extend = require('deep-extend');
var ResourceProps = require('../props/Resource.js');
var ResourceController = require('../controllers/Resource.js');

var userUtils = require('../utils/user.js');
var UserProps = extend({}, ResourceProps);

UserProps.viewing = {
  type: [String], // should represent sessionId
  auth: {
    password: 'viewingPassword',
    enabler: 'publicViewing',
    designator: 'viewers',
    resetter: 'resetViewingPassword',
    roles: {
      enabled: {
        read   : true
      }
    }
  },
  reserved: true
};

UserProps.publicViewing = {
  type: Boolean,
  default: true
};

UserProps.viewingPassword = {
  type: String,
  select: false
};

UserProps.resetViewingPassword = {
  type: String,
  select: false
};

UserProps.viewers = {
  type: [{
    type: ObjectId,
    ref: 'User'
  }]
};

UserProps.editing = {
  type: [String], // should represent sessionId
  auth: {
    password: 'editingPassword',
    enabler: 'publicEditing',
    designator: 'editors',
    resetter: 'resetEditingPassword',
    roles: {
      enabled: {
        read   : true,
        write  : true,
        drop   : true
      },
      User: {
        create : true
      }
    }
  },
  reserved: true
};

UserProps.publicEditing = {
  type: Boolean,
  default: false
};

UserProps.editingPassword = {
  type: String,
  select: false
};

UserProps.resetEditingPassword = {
  type: String,
  select: false
};

UserProps.editors = {
  type: [{
    type: ObjectId,
    ref: 'User'
  }],
  init: function (req, res, next) {
    return [userUtils.getId(req, res, next)];
  }
};

var UserSchema = new Schema(UserProps);
var UserModel = mongoose.model('User', UserSchema);
var UserController = baucis.rest('User');

var decorators = require('baucis-decorators');

// decorate controller
decorators.add.call(UserController, [
  'baucis-decorator-auth',  // checks each property for any `auth` fields and adds functionality accordingly
  ResourceController        // `UserController` will inherit all of `ResourceController`'s decorators
]);

/**
 * Expose controller.
 */
module.exports = UserController;