loopback-component-oauth2 - npm Package Compare versions

Comparing version 2.0.0-beta6 to 2.0.0-beta7

CHANGES.md

@@ -0,4 +1,12 @@
+2015-03-17, Version 2.0.0-beta7
+===============================
+
+ * Tidy up scope definition (Raymond Feng)
+
+
 2015-03-13, Version 2.0.0-beta6
 ===============================
 
+ * 2.0.0-beta6 (Raymond Feng)
+
  * Tidy up token validations (Raymond Feng)
@@ -5,0 +13,0 @@

lib/oauth2-helper.js

@@ -93,3 +93,3 @@ var jwt = require('jws');
   for (var i = 0, n = requestedScopes.length; i < n; i++) {
-    if (requestedScopes.indexOf(authorizedScopes[i]) === -1) {
+    if (authorizedScopes.indexOf(requestedScopes[i]) === -1) {
       return false;
@@ -96,0 +96,0 @@ }

lib/oauth2-loopback.js

@@ -636,3 +636,3 @@ /**
           user: req.user, client: req.oauth2.client,
-          scope: req.oauth2.req.scope,
+          scopes: req.oauth2.req.scope,
           redirectURI: req.oauth2.redirectURI});
@@ -639,0 +639,0 @@ },

lib/resource-server.js

@@ -138,8 +138,7 @@ var async = require('async')
     var authenticators = [];
-    var scopeHandler = scopeValidator(options.scope);
     authenticators = [
       passport.authenticate(['loopback-oauth2-bearer', 'loopback-oauth2-mac'],
         options)];
-    if (options.scope) {
-      authenticators.push(scopeHandler);
+    if (options.scopes || options.scope) {
+      authenticators.push(scopeValidator(options.scopes || options.scope));
     }
@@ -146,0 +145,0 @@ authenticators.push(oauth2Provider.errorHandler());

lib/scope.js

@@ -0,1 +1,2 @@
+var pathToRegexp = require('path-to-regexp');
 var debug = require('debug')('loopback:oauth2:scope');
@@ -5,5 +6,92 @@ var oauth2Provider = require('./oauth2orize');
 
-module.exports = function(scope) {
-  var allowedScopes = scope;
+function toLowerCase(m) {
+  return m.toLowerCase();
+}
+
+/**
+ * Load the definition of scopes
+ *
+ * ```json
+ * {
+ *   "scope1": [{"methods": "get", path: "/:user/profile"}, "/order"],
+ *   "scope2": [{"methods": "post", path: "/:user/profile"}]
+ * }
+ * ```
+ * @param {Object} scopes
+ * @returns {Object}
+ */
+function loadScopes(scopes) {
+  var scopeMapping = {};
+  if (typeof scopes === 'object') {
+    for (var s in scopes) {
+      var routes = [];
+      var entries = scopes[s];
+      debug('Scope: %s routes: %j', s, entries);
+      if (Array.isArray(entries)) {
+        for (var j = 0, k = entries.length; j < k; j++) {
+          var route = entries[j];
+          if (typeof route === 'string') {
+            routes.push({methods: ['all'], path: route,
+              regexp: pathToRegexp(route, [], {end: false})});
+          } else {
+            var methods = helpers.normalizeList(methods);
+            if (methods.length === 0) {
+              methods.push('all');
+            }
+            methods = methods.map(toLowerCase);
+            routes.push({methods: methods,
+              path: route.path,
+              regexp: pathToRegexp(route.path, [], {end: false})});
+          }
+        }
+      } else {
+        debug('Routes must be an array: %j', entries);
+      }
+      scopeMapping[s] = routes;
+    }
+  } else if (typeof scopes === 'string') {
+    scopes = helpers.normalizeList(scopes);
+    for (var i = 0, n = scopes.length; i < n; i++) {
+      scopeMapping[scopes[i]] = [
+        {methods: 'all', path: '/.+', regexp: /\/.+/}
+      ];
+    }
+  }
+  return scopeMapping;
+}
+
+function findMatchedScopes(req, scopeMapping) {
+  var matchedScopes = [];
+  var method = req.method.toLowerCase();
+  var url = req.originalUrl;
+  for (var s in scopeMapping) {
+    var routes = scopeMapping[s];
+    for (var i = 0, n = routes.length; i < n; i++) {
+      var route = routes[i];
+      if (route.methods.indexOf('all') !== -1 ||
+        route.methods.indexOf(method) !== -1) {
+        debug("url: %s, regexp: %s", url, route.regexp);
+        var index = url.indexOf('?');
+        if (index !== -1) {
+          url = url.substring(0, index);
+        }
+        if (route.regexp.test(url)) {
+          matchedScopes.push(s);
+        }
+      }
+    }
+  }
+  return matchedScopes;
+}
+
+/**
+ * Validate if the oAuth 2 scope is satisfied
+ *
+ * @param {Object|String}|String[]} scopes A list of scopes or scope mapping
+ * @returns {validateScope}
+ */
+module.exports = function(scopes) {
+  var scopeMapping = loadScopes(scopes);
   return function validateScope(req, res, next) {
+    var allowedScopes = findMatchedScopes(req, scopeMapping);
     debug('Allowed scopes: ', allowedScopes);
@@ -21,1 +109,2 @@ var scopes = req.accessToken && req.accessToken.scopes;
 }
+

package.json

 {
   "name": "loopback-component-oauth2",
-  "version": "2.0.0-beta6",
+  "version": "2.0.0-beta7",
   "description": "OAuth 2.0 provider for LoopBack",
@@ -37,2 +37,3 @@ "keywords": [
     "passport-strategy": "^1.0.0",
+    "path-to-regexp": "^1.0.3",
     "pkginfo": "^0.3.0",
@@ -39,0 +40,0 @@ "uid2": "^0.0.3",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

462483

increased by0.59%

Lines of code

4181

increased by2.05%

Worsened metrics

Dependency count

14

increased by7.69%

Dependency changes

• + Addedpath-to-regexp@^1.0.3

• + Addedpath-to-regexp@1.9.0(transitive)