New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

loopback-with-admin

Package Overview
Dependencies
Maintainers
1
Versions
26
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

loopback-with-admin

launch loopback with admin, push-notifications

latest
Source
npmnpm
Version
2.6.1
Version published
Maintainers
1
Created
Source

loopback-with-admin

Run loopback server easier.

features

  • passing model definitions via arguments (no need to generate JSON files)
  • switching environment easier
  • admin role, which can access to all endpoints
  • easier ACL settings
  • easier custom role settings
  • easier push notification settings

install

npm install loopback-with-admin

usage

simplest run

// model definitions
// see "models" section for more detail
const models = {
  user: {
    base: 'User'
  }
};

require('loopback-with-admin').run(models).then(lbInfo => {
  // see "LoopbackInfo" section for more detail
  console.log(lbInfo.getURL())         // loopback api root
  console.log(lbInfo.getAdminTokens()) // access tokens of admin
})

Or more strictly, pass models like

require('loopback-with-admin').run({models: models})

run with config dir

before running, you can prepare a directory which contains custom config information.

(config-dir) # any name is acceptable
|-- common
|   |-- server.coffee
|-- development
|   `-- datasources.coffee
`-- production
    `-- datasources.coffee

const lbWithAdmin = require('loopback-with-admin')
const configDir = '/path/to/config-dir'

lbWithAdmin.run({models: models}, configDir).then(lbInfo => {
  // loopback started with the config
})

See "configs" section for more details.

run with config object


const lbWithAdmin = require('loopback-with-admin')
const config = {server: {port: 3001}}
lbWithAdmin.run({models: models}, config)

switching environment


const configDir = '/path/to/config-dir'

require('loopback-with-admin').run({models: models}, configDir, {env: 'production'})

env is set following the rules.

  • uses the passed value if exists
  • uses NODE_ENV if exists
  • default value is 'development'

When your config dir is

(config-dir) # any name is acceptable
|-- common
|   |-- server.coffee
|-- development
|   `-- datasources.coffee
|-- local
|   `-- datasources.coffee
|-- production
|   `-- datasources.coffee

and launching script like

$ NODE_ENV=local node app.js

then, loopback-with-admin selects configs in "local" directory.

model definitions

const models = {
  player: { // model name
    base: 'User', // following loopback model definition
    aclType: 'admin' // only 'aclType' is the specific property for loopback-with-admin
  },

  instrument: { // another model
    aclType: 'owner-read'
  }
}

require('loopback-with-admin').run({models: models})
  • Models should be the same format as loopback model definition except aclType value.
  • name is automatically set from definition information.
  • plural is set to the same value as the name unless you set manually.

aclType for easier ACL settings

aclType is prepared for defining complicated acls easier. loopback-with-admin generates acls from aclType with the following rules.

aclTypemeaning
adminonly admin can CRUD the model (default)
ownerthe owner of the model can CRUD
public-readeveryone can READ the model and admin can CRUD
member-readauthenticated users can READ the model and admin can CRUD
public-read-by-ownerCRUD by the owner, and read by everyone
member-read-by-ownerCRUD by the owner, and read by authenticated users
noneeveryone can CRUD the model

more detailed settings

const models = {
  player: {
    base: 'User',
    aclType: {
      owner: 'rwx',
      member: 'r'
    }
  }
}

aclType can be an object, whose key contains the following roles.

  • owner: $owner role in LoopBack
  • member: $authenticated role in LoopBack
  • public: $everyone role in LoopBack
  • participant: participant token (see participant role section)
  • [custom roles] : see custom roles section.

The values of the keys are rwx, which is the same as Unix permission. x here means EXECUTE accessType in LoopBack.

See loopback roles for instructions. https://docs.strongloop.com/display/public/LB/Defining+and+using+roles

custom roles

You can define custom roles like the following code.

const customRoles = {
  'doctor': '/path/to/doctor-role.js',
  'patient': '/path/to/patient-role.js'
}

require('loopback-with-admin').run({models: models, customRoles: customRoles})

role-defining JS file

In the file, you must export a function, which will be passed to the 2nd argument of Role.registerResolver in LoopBack.

See how to define custom roles in LoopBack. https://docs.strongloop.com/display/public/LB/Defining+and+using+roles

Example:


module.exports = function(role, context, cb) {
  var app = this // `app` can be acquired via `this`

  function reject(err) {
    if (err) { return cb(err) }
    cb(null, false)
  }

  if (context.modelName !== 'patient') { return reject() }

  var userId = context.accessToken.userId
  if (!userId || userId === context.modelId) {
      return reject()
  }

  cb(null, true) // is in role

admin role

admin role is the role with which every REST APIs are available. The role and one user with it are automatically generated at boot phase.

admin access tokens

To be admin, you need to know its access tokens. The following code can get those.

require('loopback-with-admin').run(models, config).then(lbInfo => {
  let tokens = lbInfo.getAdminTokens()
  console.log(tokens) // access tokens (String[]) of admin.
})

set fetch function to set tokens

By default, the token is fixed and it's loopback-with-admin-token. You must change the value by passing fetch function.

const admin = {
  fetch: function() {
    return ['your-secret-token1', 'your-secret-token2']
  }
}

require('loopback-with-admin').run(models, config, { admin: admin })

change tokens periodically

const admin = {
  fetch: function() {
    return generateSecretValuesByRandom().then(value => [ value ]) // fetch function allows Promise to return
  },
  intervalHours: 24 // change the value every day (by default, it's 12 hours)
}

require('loopback-with-admin').run(models, config, { admin: admin })

admin user information

propertyvalue
idloopback-with-admin-user-id
emailloopback-with-admin@example.com
passwordadmin-user-password

In fact, these value makes no sense as admin can never be accessed via REST APIs. No one can login with the account information.

configs

Four types of configs are available.

  • datasources
  • middleware
  • server
  • push-credentials

See JSON files in default-values/non-model-configs directory.

You can set the same properties as these JSONs.

datasources

config keymeaning
memoryon memory datasource
dbdatasource for custom entities

Each datasource name has its connectors.

available loopback connectors

Available datasources are

  • mongodb
  • memory
  • memory-idstr

memory-idstr is the default connector, which stores data only in memory, and id type is string whereas id type of "memory" is number. See loopback-connector-memory-idstr.

To use mongodb, add dependencies in package.json of your repository

  • loopback-connector-mongodb: "1.13.0"
  • mongodb: "2.0.35"

server

config keymeaningdefault
restApiRootREST api root/api
portport number3000

push-credentials

config keymeaning
gcmServerApiKeyapi key for Google Cloud Messaging (GCM)
apnsCertDatacertificate pem contents for APNs
apnsKeyDatakey pem contents for APNs

LoopbackInfo

require('loopback-with-admin').run() returns promise of LoopbackInfo.

It contains the information of the launched loopback.

  • getURL()
  • getAdminTokens()
  • config
  • models

getURL()

Returns hosting URL.

const config = {
  server: {
    port: 4156,
    restApiRoot: 'awesome-endpoint'
  }
}
require('loopback-with-admin').run(models, config).then(lbInfo => {
  lbInfo.getURL() // localhost:4156/awesome-endpoint
})

getAdminTokens()

Returns Array of access tokens (string).

const admin = {
  fetch: function() {
    return ['your-secret-token1', 'your-secret-token2']
  }
}

require('loopback-with-admin').run(models, config, { admin: admin }).then(lbInfo => {
  console.log(lbInfo.getAdminTokens()) // ['your-secret-token1', 'your-secret-token2']
})

getEnv()

Returns environment name where loopback launched.

config

Contains all config values used to build loopback.

  • datasources
  • middleware
  • server
  • push-credentials

See configs section above.

models

Contains model definitions used to build loopback

See models section above.

participant role (since v2.4)

The role for anonymous but limited access. Programs which know a specific static access token can become the role. The token is set by options param in run() method.

const participantToken = 'AbCdE'
require('loopback-with-admin').run(models, config, { participantToken })

Then, all accesses with the accessToken AbCdE will be participant role.

push notification settings

(coming soon)

FAQs

Package last updated on 19 Jan 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Hidden Blast Radius of the Axios Compromise

Security News

The Hidden Blast Radius of the Axios Compromise

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

By Ahmad Nassri  -  Apr 01, 2026