hapi-field-auth - npm Package Compare versions

Comparing version 1.0.0-beta.3 to 1.0.0-beta.4

package.json

 {
   "name": "hapi-field-auth",
-  "version": "1.0.0-beta.3",
+  "version": "1.0.0-beta.4",
   "description": "Hapi plug-in for field-level authorization",
@@ -5,0 +5,0 @@ "main": "src/index.js",

src/index.js

@@ -12,4 +12,8 @@ const Boom = require('boom');
 
-const intersection = (arr1, arr2) => arr1.reduce((acc, x) => acc || arr2.includes(x), false);
+const intersection = (arr1, arr2) => arr1
+  .reduce((acc, x) => (arr2.includes(x) ? [...acc, x] : acc), []);
 
+const hasIntersection = (arr1, arr2) => arr1
+  .reduce((acc, x) => acc || arr2.includes(x), false);
+
 const resolve = (tpl, context) => Mustache
@@ -39,8 +43,9 @@ .render(tpl.replace(/\{/, '{{{').replace(/\}/, '}}}'), context);
     settings.forEach(({ fields, scope }) => {
-      if (intersection(targetProps, fields)) {
+      const protectedProps = intersection(targetProps, fields);
+      if (protectedProps.length) {
         const requiredScope = split(scope).map(s => resolve(s, {
           params, query, payload, credentials,
         }));
-        if (requiredScope.length && !intersection(requiredScope, authScope)) {
-          throw Boom.forbidden(`fields [${fields}] missing authorization scope [${requiredScope}]`);
+        if (!hasIntersection(requiredScope, authScope)) {
+          throw Boom.forbidden(`fields [${protectedProps}] missing authorization scope [${requiredScope}]`);
         }
@@ -47,0 +52,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

12294

increased by1.28%

Lines of code

262

increased by1.55%

No dependency changes