Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
password: string;
isAdmin: boolean;
}
// We need to call the model 'User2' here not to conflict with another test in this package.
const UserModel: Model = model('User2', UserSchema);
function AdminRequired() {
return Hook((ctx: Context) => {
if (!ctx.user.isAdmin) {
return new HttpResponseForbidden();
}
});
}
@TokenRequired({ user: fetchUser(UserModel), store: RedisStore })
class MyController {
@Get('/foo')
foo() {
return new HttpResponseOK();
}
@Get('/bar')
@AdminRequired()
bar() {
return new HttpResponseOK();
}
}
class AuthController {
@dependency
store: RedisStore;
}
}
@TokenRequired({
cookie: true,
store: TypeORMStore,
})
@CsrfTokenRequired()
class ApiController {
@Post('/products')
createProduct() {
return new HttpResponseCreated();
}
}
@TokenRequired({
cookie: true,
redirectTo: '/login',
store: TypeORMStore,
})
class PageController {
@Get('/home')
async home(ctx: Context) {
// Normally in an HTML template
return new HttpResponseOK({ csrfToken: await getCsrfToken(ctx.session) });
}
}
class AppController {
subControllers = [
AuthController,
PageController,
return new HttpResponseOK();
}
@Get('/bar')
@AdminRequired()
bar() {
return new HttpResponseOK();
}
}
class AuthController {
@dependency
store: RedisStore;
@Post('/logout')
@TokenRequired({ store: RedisStore, extendLifeTimeOrUpdate: false })
async logout(ctx: Context) {
await this.store.destroy(ctx.session.sessionID);
return new HttpResponseNoContent();
}
@Post('/login')
@ValidateBody({
additionalProperties: false,
properties: {
email: { type: 'string', format: 'email' },
password: { type: 'string' }
},
required: ['email', 'password'],
type: 'object',
})
async login(ctx: Context) {
@Post('/logout')
@TokenRequired({
cookie: true,
extendLifeTimeOrUpdate: false,
redirectTo: '/login',
store: TypeORMStore,
})
async logout(ctx: Context) {
await this.store.destroy(ctx.session.sessionID);
const response = new HttpResponseRedirect('/login');
removeSessionCookie(response);
return response;
}
@Get('/home')
@TokenRequired({ store: TypeORMStore, cookie: true, redirectTo: '/login' })
home() {
return new HttpResponseOK('Home page');
}
}
class AppController {
subControllers = [
AuthController,
controller('/api', ApiController),
];
}
before(async () => {
process.env.SETTINGS_SESSION_SECRET = 'session-secret';
await createConnection({
database: 'e2e_db.sqlite',
let app: any;
let token: string;
@Entity()
class User {
@PrimaryGeneratedColumn()
id: number;
@Column({ unique: true })
email: string;
@Column()
password: string;
}
@TokenRequired({ store: TypeORMStore, cookie: true })
class ApiController {
@Get('/products')
readProducts() {
return new HttpResponseOK([]);
}
}
const credentialsSchema = {
additionalProperties: false,
properties: {
email: { type: 'string', format: 'email' },
password: { type: 'string' }
},
required: [ 'email', 'password' ],
type: 'object',
};
let app: any;
let token: string;
@Entity()
class User {
@PrimaryGeneratedColumn()
id: number;
@Column({ unique: true })
email: string;
@Column()
password: string;
}
@TokenRequired({ store: TypeORMStore })
class ApiController {
@Get('/products')
readProducts() {
return new HttpResponseOK([]);
}
}
const credentialsSchema = {
additionalProperties: false,
properties: {
email: { type: 'string', format: 'email' },
password: { type: 'string' }
},
required: [ 'email', 'password' ],
type: 'object',
};
let app: any;
let token: string;
@Entity()
class User {
@PrimaryGeneratedColumn()
id: number;
@Column({ unique: true })
email: string;
@Column()
password: string;
}
@TokenRequired({ store: TypeORMStore, cookie: true })
class ApiController {
@Get('/products')
readProducts() {
return new HttpResponseOK([]);
}
}
const credentialsSchema = {
additionalProperties: false,
properties: {
email: { type: 'string', format: 'email' },
password: { type: 'string' }
},
required: [ 'email', 'password' ],
type: 'object',
};
email: string;
password: string;
isAdmin: boolean;
}
const UserModel: Model = model('User', UserSchema);
function AdminRequired() {
return Hook((ctx: Context) => {
if (!ctx.user.isAdmin) {
return new HttpResponseForbidden();
}
});
}
@TokenRequired({ user: fetchUser(UserModel), store: RedisStore })
class MyController {
@Get('/foo')
foo() {
return new HttpResponseOK();
}
@Get('/bar')
@AdminRequired()
bar() {
return new HttpResponseOK();
}
}
class AuthController {
@dependency
store: RedisStore;
describe('[Authorization|permissions] Users', () => {
let app;
let tokenUser1: string;
let tokenUser2: string;
@Entity()
class User extends UserWithPermissions {}
@TokenRequired({ user: fetchUserWithPermissions(User), store: TypeORMStore })
class AppController {
@Get('/bar')
@PermissionRequired('access-bar')
bar() {
return new HttpResponseNoContent();
}
@Get('/foo')
@PermissionRequired('access-foo')
foo() {
return new HttpResponseNoContent();
}
}
before(async () => {
process.env.SETTINGS_SESSION_SECRET = 'session-secret';
class AuthController {
@dependency
store: TypeORMStore;
@Post('/login')
async login() {
const session = await this.store.createAndSaveSessionFromUser({ id: 1 }, { csrfToken: true });
const response = new HttpResponseOK();
setSessionCookie(response, session.getToken());
return response;
}
}
@TokenRequired({
cookie: true,
store: TypeORMStore,
})
@CsrfTokenRequired()
class ApiController {
@Post('/products')
createProduct() {
return new HttpResponseCreated();
}
}
@TokenRequired({
cookie: true,
redirectTo: '/login',
store: TypeORMStore,
})