How to use the passport/authorize function in passport
To help you get started, we’ve selected a few passport examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
tubackkhoa / tkframework / server / data / graphql / types / mutations / author / update.js View on Github 
mutateAndGetPayload: async ({id, description, introduction, name, avatar, social_accounts}, {request}) => {
// authorize this request first
authorize(request)
// insert then return post, we can use try catch instead of error callback
const authorId = fromGlobalId(id).id
const author = await models.authors.findById(authorId, {
attributes: ['id', 'image'],
})
const authorAttributes = {description, introduction, name}
if(avatar) {
// first, delete image of author, then upload image,
// should use saveSync, because we have to wait here, sync is always faster if
const imagePath = path.join(filePath, 'author/image', authorId)
// delete at background
author.image && fse.remove(path.join(imagePath, author.image), err =>
console.log(err || `Removed file ${author.image}`)router.put('/block/:id', (req, res) => {
authorize(req)
// only admin user can block
const {id} = req.params
users.update({
block: sequelize.literal('NOT `block`'),
}, {
where: {id},
})
res.send({id})
})router.post('/update', async (req, res) => {
// check authorize first, for update, also check author_id for post
authorize(req)
// currently we not process items, let it for edit phrase
const {item:{image, ...data}, id} = req.body
data.user_id = req.user.id
const rad_lat = data.lat * RAD
const rad_lng = data.lng * RAD
data.lat_cos = Math.cos(rad_lat)
data.lng_cos = Math.cos(rad_lng)
data.lat_sin = Math.sin(rad_lat)
data.lng_sin = Math.sin(rad_lng)
// update from post data
const item = id
? await service_points.findById(id)
: await service_points.create(data)mutateAndGetPayload: async ({title}, {request}) => {
authorize(request)
// insert then return post, we can use try catch insteadz
const post = await models.posts.create({title})
return {post}
},
})async (options, resolverAttributes) => {
// only published item for unauthorized users
// for edit post, also check request.user.id to modify post
options.where = {}
if(authorize(request, false)){
if(args.accepted)
options.where.accepted = args.accepted
} else
options.where.accepted = 1
// update options with tag
if(args.tagId){
const tagId = fromGlobalId(args.tagId).id
const postIDs = await models.taggings.findAll({
attributes: ['subject_id'],
distinct: true,
where: {
tag_id: tagId,
subject_type: 'Post',
}
}).map(tagging => tagging.subject_id)mutateAndGetPayload: ({id}, {request}) => {
authorize(request)
const postId = fromGlobalId(id).id
models.posts.destroy({
where: {id: postId}
})
// also destroy items, taggings, and all item types belong to this items
// for item type is item_image, also remove image folder
models.taggings.destroy({
where: {
subject_id:postId,
subject_type:'Post',
}
})
// now destroy all items
models.items.findAll({mutateAndGetPayload: async ({id}, {request}) => {
authorize(request)
// insert then return post, we can use try catch instead of error callback
// error is good enough
const postId = fromGlobalId(id).id
// need id to map, or we can use literal
// we can use literal because no need to escape, so we have the best performance
models.posts.update({
accepted: models.sequelize.literal('NOT `accepted`'),
}, {
where: {id: postId},
})
// update async, only save changes
return {id}
},
})router.post('/update', async (req, res) => {
// check authorize first, for update, also check author_id for post
authorize(req)
// currently we not process items, let it for edit phrase
const {item:{image, ...data}, id} = req.body
// when delete, should delete all images belong to this content
data.content = data.content.replace(/{
// replace base 64 with src
return `router.post('/update', async (req, res) => {
// check authorize first, for update, also check author_id for post
authorize(req)
// currently we not process items, let it for edit phrase
const {item:{image, ...data}, id} = req.body
// update current user id
data.user_id = req.user.id
// update from post data
const item = id
? await sellposts.findById(id)
: await sellposts.create(data)
if(!id)
res.send({id:item.id})
uploadImage(image, `sellpost/image/${item.id}`, imagePath => data.image=imagePath)
// do at backgroundexport const getDeleteRouter = (model) => (req, res) => {
authorize(req)
const {id} = req.params
model.destroy({
where:{id}
})
.then(deletedNumber => res.send({deletedNumber}))
}passport
Simple, unobtrusive authentication for Node.js.
Package Health Score
77 / 100Popular passport functions
- passport._strategies
- passport.authenticate
- passport.authorize
- passport.callback
- passport.connect
- passport.deserializeUser
- passport.disconnect
- passport.endpoint
- passport.initialize
- passport.loadStrategies
- passport.Passport
- passport.protocols
- passport.serializeUser
- passport.session
- passport.socketio.authorize
- passport.Strategy
- passport.unuse
- passport.use
- passport/authorize
- passport/lib.use