New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
salti - npm Package Compare versions
Comparing version 0.1.3 to 0.1.4
@@ -7,12 +7,18 @@ 'use strict'; | ||
| var anonymous = 'public'; | ||
| const NOTFOUND = -1; | ||
| function mapIt(subject, key, target) { | ||
| var itExists = fast.indexOf(subject, target, key, 0); | ||
| if (!~itExists) { | ||
| return itExists; | ||
| } | ||
| /** | ||
| * Acl | ||
| * @typedef {Object} Salti.Acl | ||
| * TODO: | ||
| */ | ||
| return fast.indexOf(subject, target, key, 0); | ||
| } | ||
| /** | ||
| * Implements an Express middleware Authentication Filter | ||
| * that validates an identity provided as a property on the request.connection object | ||
| * against ACL represented as a json object. | ||
| * @param {Salti.Acl} acl - acl represented as an array of path.role.verb | ||
| * @returns {Function} returns a handler of (req, res, next) to the middleware pipeline | ||
| */ | ||
| module.exports = function (acl) { | ||
@@ -29,15 +35,21 @@ //path.role.verb | ||
| var pathExists = mapIt(acl, 'path', req.path); | ||
| //here we're looking for an EXACT match as is - with full path and any resource on the end... | ||
| //ie. /foobar/myresource.js | ||
| var pathExists = fast.indexOf(acl, req.path, 'path'); | ||
| debug('req.path: %s', req.path); | ||
| //here we fall back to see | ||
| if (!~pathExists) { | ||
| if ( NOTFOUND === pathExists) { | ||
| debug('raw path did not exist now till try with trailing slash'); | ||
| //lets get the path up to the / but NOT with the slash... | ||
| let justPath = req.path.substring(0, req.path.lastIndexOf("/")); | ||
| debug('raw path did not exist now till try with trailing slash'); | ||
| pathExists = mapIt(acl, 'path', justPath + '/'); | ||
| if (!~pathExists) { | ||
| //here we see if it exists up to the last slash (including the slash) | ||
| //ie - /foobar/ | ||
| pathExists = fast.indexOf(acl, justPath + '/', 'path'); | ||
| if ( NOTFOUND === pathExists) { | ||
| //here we fall back to see if the path exists up to the last slash (not including) | ||
| //ie - /foobar | ||
| debug('now we try with no trailing slash'); | ||
| pathExists = mapIt(acl, 'path', justPath); | ||
| if (!~pathExists) { | ||
| pathExists = fast.indexOf(acl, justPath, 'path'); | ||
| if ( NOTFOUND === pathExists) { | ||
| debug('unauthorized1: %s : %s', identity, req.path); | ||
@@ -49,5 +61,6 @@ return res.status(401).send(msg401); | ||
| //at this point the request PATH has passed... | ||
| let roles = acl[pathExists].roles; | ||
| let roleExists = mapIt(roles, 'role', identity); | ||
| if (!~roleExists) { | ||
| let roleExists = fast.indexOf(roles, identity, 'role'); | ||
| if ( NOTFOUND === roleExists) { | ||
| debug('unauthorized2: %s : %s', identity, req.path); | ||
@@ -58,7 +71,7 @@ return res.status(401).send(msg401); | ||
| let verbs = acl[pathExists].roles[roleExists].verbs; | ||
| let verbExists = mapIt(verbs, null, req.method.toLowerCase()); | ||
| let verbExists = fast.indexOf(verbs, req.method); | ||
| debug('path/role: %s %s', pathExists, roleExists); | ||
| if (!~verbExists) { | ||
| if ( NOTFOUND === verbExists) { | ||
| debug('unauthorized3: %s : %s', identity, req.path); | ||
@@ -72,3 +85,1 @@ return res.status(401).send(msg401); | ||
| }; | ||
| /* istanbul ignore next */ | ||
| 'use strict'; | ||
| //taken from: https://github.com/codemix/fast.js/tree/master | ||
@@ -26,10 +28,8 @@ | ||
| 'use strict'; | ||
| var secureCompare = require('secure-compare'); | ||
| var secure = false; | ||
| function compareIt(source, target, secure) { | ||
| if (secure) { | ||
| /** | ||
| * Custom indexOf implementation from fast.js. | ||
| * @module indesOf | ||
| */ | ||
| function compareIt(source, target) { | ||
| if (source === target) { | ||
@@ -41,25 +41,19 @@ return true; | ||
| } | ||
| } | ||
| else { | ||
| return secureCompare(source, target); | ||
| } | ||
| } | ||
| module.exports.indexOf = function fastIndexOf(subject, target, key, fromIndex) { | ||
| var length = subject.length, | ||
| i = 0; | ||
| /** | ||
| * Does an indexOf from a array/object against a target and optional key | ||
| * @param {Object} subject - the source array or object. | ||
| * @param {string} target - the value to lookup. | ||
| * @param {string} key - an optional property value to use if using an object as subject | ||
| * @param {Number} fromIndex - where to start in the subject (offset) | ||
| * @returns {Number} the index value where found or -1 if not found | ||
| */ | ||
| module.exports.indexOf = function fastIndexOf(subject, target, key) { | ||
| var length = subject.length; | ||
| var i = 0; | ||
| if (typeof fromIndex === 'number') { | ||
| i = fromIndex; | ||
| if (i < 0) { | ||
| i += length; | ||
| if (i < 0) { | ||
| i = 0; | ||
| } | ||
| } | ||
| } | ||
| if (key) { | ||
| for (; i < length; i++) { | ||
| if (compareIt(subject[i][key], target, secure)) { | ||
| if (compareIt(subject[i][key], target)) { | ||
| return i; | ||
@@ -71,3 +65,3 @@ } | ||
| for (; i < length; i++) { | ||
| if (compareIt(subject[i], target, secure)) { | ||
| if (compareIt(subject[i], target)) { | ||
| return i; | ||
@@ -74,0 +68,0 @@ } |
| { | ||
| "name": "salti", | ||
| "version": "0.1.3", | ||
| "version": "0.1.4", | ||
| "description": "Simple Authentication and Authorization for Thali IoT", | ||
@@ -27,4 +27,3 @@ "main": "lib/index.js", | ||
| "dependencies": { | ||
| "debug": "^2.2.0", | ||
| "secure-compare": "^3.0.1" | ||
| "debug": "^2.2.0" | ||
| }, | ||
@@ -31,0 +30,0 @@ "devDependencies": { |
@@ -37,3 +37,3 @@ /* jshint node: true */ | ||
| var acllib = require('../lib/index'); | ||
| var acl = require('../lib/pouchdb'); | ||
| var acl = require('./pouchdb'); | ||
| //Norml middleware usage.. | ||
@@ -88,2 +88,2 @@ router.all('*', acllib(acl)); | ||
| } | ||
| } | ||
| } |
@@ -8,5 +8,5 @@ "use strict"; | ||
| {"role": "public", | ||
| "verbs": ["get", "post", "put"]}, | ||
| "verbs": ["GET", "POST", "PUT"]}, | ||
| {"role": "user", | ||
| "verbs": ["get"]} | ||
| "verbs": ["GET"]} | ||
| ] | ||
@@ -20,3 +20,3 @@ }, | ||
| {"role": "user", | ||
| "verbs": ["post", "put", "get", "get", "put", "post"]} | ||
| "verbs": ["POST", "PUT", "GET", "GET", "PUT", "POST"]} | ||
| ] | ||
@@ -28,7 +28,7 @@ }, | ||
| {"role": "public", | ||
| "verbs": ["get"]}, | ||
| "verbs": ["GET"]}, | ||
| {"role": "user", | ||
| "verbs": ["get", "post", "put"]} | ||
| "verbs": ["GET", "POST", "PUT"]} | ||
| ] | ||
| } | ||
| ]; |
@@ -8,3 +8,3 @@ 'use strict'; | ||
| {"role": 'user', | ||
| "verbs": ['get', 'put', 'post']} | ||
| "verbs": ['GET', 'PUT', 'POST']} | ||
| ] | ||
@@ -16,3 +16,3 @@ }, | ||
| {"role": 'user', | ||
| "verbs": ['get', 'put', 'post']} | ||
| "verbs": ['GET', 'PUT', 'POST']} | ||
| ] | ||
@@ -24,5 +24,5 @@ }, | ||
| {"role": 'user', | ||
| "verbs": ['get']} | ||
| "verbs": ['GET']} | ||
| ] | ||
| } | ||
| ]; | ||
| ]; |
@@ -8,3 +8,3 @@ 'use strict'; | ||
| {"role": 'public', | ||
| "verbs": ['get', 'put', 'post']} | ||
| "verbs": ['GET', 'PUT', 'POST']} | ||
| ] | ||
@@ -16,3 +16,3 @@ }, | ||
| {"role": 'public', | ||
| "verbs": ['get', 'put', 'post']} | ||
| "verbs": ['GET', 'PUT', 'POST']} | ||
| ] | ||
@@ -24,3 +24,3 @@ }, | ||
| {"role": 'public', | ||
| "verbs": ['get', 'put', 'post']} | ||
| "verbs": ['GET', 'PUT', 'POST']} | ||
| ] | ||
@@ -32,5 +32,5 @@ }, | ||
| {"role": 'public', | ||
| "verbs": ['get', 'put', 'post']} | ||
| "verbs": ['GET', 'PUT', 'POST']} | ||
| ] | ||
| } | ||
| ]; | ||
| ]; |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Dependency count
- decreased by-50%
1
Worsened metrics
- Total package byte prevSize
- decreased by-7.55%
54489
- Number of package files
- decreased by-2.38%
41
- Lines of code
- decreased by-9.33%
1546
Dependency changes
- Removedsecure-compare@^3.0.1
- Removedsecure-compare@3.0.1(transitive)