-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
79 lines (67 loc) · 2.15 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
const config = require('@femto-apps/config')
const bodyParser = require('body-parser')
const mongoose = require('mongoose')
const express = require('express')
const morgan = require('morgan')
const Authorisation = require('./modules/Authorisation')
const { getConsumer } = require('./modules/Consumer')
const authorisation = new Authorisation()
const app = express()
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(morgan(config.get('logFormat')))
mongoose.connect(config.get('mongo.uri') + config.get('mongo.db'), { useNewUrlParser: true })
mongoose.set('useCreateIndex', true)
mongoose.set('useFindAndModify', false);
mongoose.set('useNewUrlParser', true);
/*
* Register one or more statements for authentication.
*
* @example <caption>Simple resource authentication</caption>
* {
* effect: 'allow',
* action: 'hoster:GetObject',
* resource: 'hoster:object:*'
* }
*
* @example <caption>Conditional resource authentication</caption>
* {
* effect: 'allow',
* action: ['hoster:DeleteObject', 'hoster:UpdateObject'],
* resource: 'hoster:object:*',
* condition: {
* 'owns hosted image': { %ensure: 'resource.owner._id == user._id' }
* }
* }
*/
app.post('/api/statement', async (req, res) => {
// TODO: verify that the site can effect the specified resource
if (!req.body.secret) {
return res.status(401).json({
error: 'Unauthorised request'
})
}
const consumer = await getConsumer(req.body.secret)
if (!consumer) {
return res.status(401).json({
error: 'Invalid secret key'
})
}
if (Array.isArray(req.body.statements)) {
await authorisation.registerStatements(req.body.statements)
} else {
await authorisation.registerStatement(req.body.statements)
}
res.json({
message: 'added authorisation successfully'
})
})
/*
* Checks whether a user can complete an action on the requested resource.
*/
app.post('/api/authorised', (req, res) => {
res.json({
authorised: authorisation.check(req.body.resource, req.body.user, req.body.action)
})
})
app.listen(config.get('port'), () => console.log(`Example app listening on port ${config.get('port')}!`))