1.0.1 • Published 3 years ago

@casava/bridge v1.0.1

Weekly downloads
-
License
ISC
Repository
-
Last release
3 years ago

@casva/bridge

Installation

Install using npm 

npm install @casva/bridge

Usage

Decrypt Bearer Token

To Decrypt the middleware using the class TokenManager from the crypto folder. It adavisable to decrypt the token in yuor auth middleware.

import { TokenManager } from "@casava/bridge/build/crypto"

//...

const tokenData = TokenManager.decrypt(req);

To decrypt a bearer token the TOKEN_SECRET in the environment must be the same as the TOKEN_SECRET used on the service that encrypt the token.

Securty Annotations

hasRole and hasPermission

These two annotation provide the request to check for a user permission or role before performing an operation. The combination oof both annotations is an OR condition, if any of the annotation is satisfied then the reqquest will procced to the controller.

The annotatations check the res.locals for the roles and permissions object.

  • hasRole expects the expressjs req.local to have an array of roles i.e. res.locals.roles must be array of strings.

  • hasAnyPermission expects the expressjs req.local to have an array of permissions i.e. res.locals.permissions must be array of strings.

import { hasAnyRole, hasAnyPermission } from '@casava/bridge/build/decorators';

class PermissionController {

    static PermissionCreationSchema = Joi.object({
        permissions: Joi.array().items(Joi.object().keys({
            name: Joi.string().required(),
            value: Joi.string().required(),
        })),
    }).options({ abortEarly: false });

    @hasAnyRole(["SUPER_ADMINISTRATOR"])
    @hasAnyPermission(["CREATE_PERMISSION"])
    async store(req: Request, res: Response): Promise<void> {
        // logic
    }

}

You can set the value of the express request objects res.locals.roles and res.locals.permissions at the controller middleware.

Request Validation

This package provides the annotation expectedRequestSchema that allows you to validate a request payload before continuing to the controller method.

This works together with the joi package. SO you need to install joi before using the annotation.

import { expectedRequestSchema } from "@casava/bridge/build/decorators";

class PermissionController {

    static PermissionCreationSchema = Joi.object({
        permissions: Joi.array().items(Joi.object().keys({
            name: Joi.string().required(),
            value: Joi.string().required(),
        })),
    }).options({ abortEarly: false });

    @expectedRequestSchema(PermissionController.PermissionCreationSchema)
    async store(req: Request, res: Response): Promise<void> {
        // logic
    }

}

If the schema check fails the exception CasavaApiBadRequestException is thrown. The exception is locted at "@casava/bridge/build/exceptions".

@infinitebrahmanuniverse/nolb-_cas@everything-registry/sub-chunk-157
1.0.1

3 years ago

1.0.0

3 years ago