How to use the @hapi/joi.forbidden function in @hapi/joi

To help you get started, we’ve selected a few @hapi/joi examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github academia-de-codigo / noire-server / lib / modules / authorization / routes / role.js View on Github external
};

// PUT /role/{id}
exports.update = {
    description: 'Update an existing role',
    pre: [AuthCtrl.authorize(Resources.ROLE)],
    handler: RoleCtrl.update,
    validate: {
        params: Joi.object({
            id: Joi.number()
                .integer()
                .required()
                .description('The id of the role')
        }),
        payload: Joi.object({
            id: Joi.forbidden(),
            name: Joi.string()
                .min(Role.NAME_MIN_LENGTH)
                .max(Role.NAME_MAX_LENGTH)
                .description('The name of the role'),
            description: Joi.string()
                .max(Role.DESC_MAX_LENGTH)
                .description('The description of the role')
        })
    }
};

// PUT /role/{id}/users
exports.addUsers = {
    description: 'Add users to an existing role',
    pre: [AuthCtrl.authorize(Resources.ROLE)],
    handler: RoleCtrl.addUsers,
github horike37 / serverless-apigateway-service-proxy / lib / apiGateway / schema.js View on Github external
const proxiesSchemas = {
  kinesis: Joi.object({
    kinesis: proxy.append({ streamName: stringOrRef.required(), partitionKey, request })
  }),
  s3: Joi.object({
    s3: proxy.append({
      action: Joi.string()
        .valid('GetObject', 'PutObject', 'DeleteObject')
        .required(),
      bucket: stringOrRef.required(),
      // don't accept a key when requestParameters has a 'integration.request.path.object' property
      key: Joi.when('requestParameters', {
        is: requestParameters
          .keys({ 'integration.request.path.object': Joi.string().required() })
          .required(),
        then: Joi.forbidden(),
        otherwise: key.required()
      }),
      requestParameters
    })
  }),
  sns: Joi.object({
    sns: proxy.append({ topicName: stringOrGetAtt('topicName', 'TopicName').required(), request })
  }),
  sqs: Joi.object({
    sqs: proxy.append({
      queueName: stringOrGetAtt('queueName', 'QueueName').required(),
      requestParameters
    })
  }),
  dynamodb: Joi.object({
    dynamodb: proxy.append({
github academia-de-codigo / noire-server / lib / modules / authorization / routes / user.js View on Github external
.integer()
                .positive()
                .required()
                .description('The ID of the user')
        })
    }
};

// PUT /user/{id}
exports.update = {
    description: 'Update an existing user',
    pre: [AuthCtrl.authorize(Resources.USER)],
    handler: UserCtrl.update,
    validate: {
        payload: Joi.object({
            id: Joi.forbidden(),
            username: Joi.string()
                .min(User.USERNAME_MIN_LENGTH)
                .max(User.USERNAME_MAX_LENGTH)
                .description('The username of the user'),
            name: Joi.string()
                .min(User.NAME_MIN_LENGTH)
                .max(User.NAME_MAX_LENGTH)
                .description('The real name of the user'),
            email: Joi.string()
                .email()
                .description('the email of the user'),
            password: Joi.string()
                .min(User.PASSWORD_MIN_LENGTH)
                .max(User.PASSWORD_MAX_LENGTH)
                .description('The password of the user'),
            avatar: Joi.string()
github hapijs / hapi / lib / config.js View on Github external
timeout: Joi.number().integer().positive().allow(false).default(10 * 1000),
        defaultContentType: Joi.string().default('application/json'),
        compression: Joi.object()
            .pattern(/.+/, Joi.object())
            .default()
    })
        .default(),
    plugins: Joi.object(),
    response: Joi.object({
        disconnectStatusCode: Joi.number().integer().min(400).default(499),
        emptyStatusCode: Joi.valid(200, 204).default(204),
        failAction: internals.failAction,
        modify: Joi.boolean(),
        options: Joi.object(),
        ranges: Joi.boolean().default(true),
        sample: Joi.number().min(0).max(100).when('modify', { then: Joi.forbidden() }),
        schema: Joi.alternatives(Joi.object(), Joi.array(), Joi.function()).allow(true, false),
        status: Joi.object().pattern(/\d\d\d/, Joi.alternatives(Joi.object(), Joi.array(), Joi.function()).allow(true, false))
    })
        .default(),
    security: Joi.object({
        hsts: Joi.alternatives([
            Joi.object({
                maxAge: Joi.number(),
                includeSubdomains: Joi.boolean(),
                includeSubDomains: Joi.boolean(),
                preload: Joi.boolean()
            }),
            Joi.boolean(),
            Joi.number()
        ])
            .default(15768000),
github academia-de-codigo / noire-server / lib / modules / authorization / routes / permission.js View on Github external
exports.update = {
    description: 'Update an existing permission',
    pre: [AuthCtrl.authorize(Resources.PERMISSION)],
    handler: PermissionCtrl.update,
    validate: {
        params: Joi.object({
            id: Joi.number()
                .integer()
                .positive()
                .required()
                .description('The id of the permission')
        }),
        payload: Joi.object({
            id: Joi.forbidden(),
            action: Joi.forbidden(),
            resource: Joi.forbidden(),
            description: Joi.string()
                .max(Permission.DESCRIPTION_MAX_LENGTH)
                .required()
                .description('The description of the permission')
        })
    }
};
github academia-de-codigo / noire-server / lib / modules / authorization / routes / user.js View on Github external
.description('The real name of the user'),
            email: Joi.string()
                .email()
                .description('the email of the user'),
            password: Joi.string()
                .min(User.PASSWORD_MIN_LENGTH)
                .max(User.PASSWORD_MAX_LENGTH)
                .description('The password of the user'),
            avatar: Joi.string()
                .uri({
                    scheme: ['http', 'https'],
                    allowRelative: true
                })
                .description('The URI to the user avatar'),
            active: Joi.boolean().description('If the user is active'),
            roles: Joi.forbidden()
        })
    }
};
github hapijs / cookie / lib / index.js View on Github external
Joi.boolean(),
        Joi.object({ raw: Joi.boolean(), name: Joi.string() })
    ])
        .default(false),

    cookie: Joi.object({
        name: Joi.string().default('sid'),
        encoding: Joi.valid('iron').default('iron'),
        password: Joi.required(),
        ignoreErrors: Joi.valid(true).default(true)
    })
        .unknown()
        .default(),

    keepAlive: Joi.boolean()
        .when('cookie.ttl', { is: Joi.number().min(1), otherwise: Joi.forbidden() })
        .default(false),

    redirectTo: Joi.alternatives([
        Joi.string(),
        Joi.func()
    ])
        .allow(false),

    requestDecoratorName: Joi.string().default('cookieAuth'),
    validateFunc: Joi.func()
})
    .required();


internals.CookieAuth = class {
github academia-de-codigo / noire-server / lib / modules / authorization / routes / profile.js View on Github external
.description('The new name'),
            email: Joi.string()
                .email()
                .description('The new email'),
            password: Joi.string()
                .min(User.PASSWORD_MIN_LENGTH)
                .max(User.PASSWORD_MAX_LENGTH)
                .description('The new password'),
            avatar: Joi.string()
                .uri({
                    scheme: ['http', 'https'],
                    allowRelative: true
                })
                .description('The new user avatar URI'),
            roles: Joi.forbidden(),
            active: Joi.forbidden()
        })
    }
};
github academia-de-codigo / noire-server / lib / modules / authorization / routes / profile.js View on Github external
.max(User.NAME_MAX_LENGTH)
                .description('The new name'),
            email: Joi.string()
                .email()
                .description('The new email'),
            password: Joi.string()
                .min(User.PASSWORD_MIN_LENGTH)
                .max(User.PASSWORD_MAX_LENGTH)
                .description('The new password'),
            avatar: Joi.string()
                .uri({
                    scheme: ['http', 'https'],
                    allowRelative: true
                })
                .description('The new user avatar URI'),
            roles: Joi.forbidden(),
            active: Joi.forbidden()
        })
    }
};
github hapijs / bell / lib / index.js View on Github external
internals.schema = Joi.object({
    provider: Joi.object({
        name: Joi.string().optional().default('custom'),
        protocol: Joi.string().valid('oauth', 'oauth2'),
        temporary: Joi.string().when('protocol', { is: 'oauth', then: Joi.required(), otherwise: Joi.forbidden() }),
        signatureMethod: Joi.string().valid('HMAC-SHA1', 'RSA-SHA1').when('protocol', { is: 'oauth', then: Joi.default('HMAC-SHA1'), otherwise: Joi.forbidden() }),
        auth: Joi.string().required(),
        useParamsAuth: internals.flexBoolean.default(false).when('protocol', { is: 'oauth2', then: Joi.optional(), otherwise: Joi.forbidden() }),
        token: Joi.string().required(),
        headers: Joi.object(),
        profile: Joi.func(),
        profileMethod: Joi.string().valid('get', 'post').default('get'),
        scope: Joi.alternatives().try(
            Joi.array().items(Joi.string()),
            Joi.func()
        ).when('protocol', { is: 'oauth2', otherwise: Joi.forbidden() }),
        scopeSeparator: Joi.string().when('protocol', { is: 'oauth2', otherwise: Joi.forbidden() })
    }).required(),
    password: Joi.string().required(),
    clientId: Joi.string().required(),
    clientSecret: Joi.alternatives().when('protocol', {
        is: 'oauth',
        then: Joi.string().required().allow(''),
        otherwise: Joi.alternatives().try(Joi.string().allow(''), Joi.object())
    }).required(),
    cookie: Joi.string(),
    isSameSite: Joi.valid('Strict', 'Lax').allow(false).default('Strict'),
    isSecure: internals.flexBoolean,
    isHttpOnly: internals.flexBoolean,
    ttl: Joi.number(),
    domain: Joi.string().allow(null),
    providerParams: Joi.alternatives().try(Joi.object(), Joi.func()),