diff --git a/lib/LxAuth.js b/lib/LxAuth.js index 81b6cd2..737aa59 100644 --- a/lib/LxAuth.js +++ b/lib/LxAuth.js @@ -37,6 +37,10 @@ module.exports = function (options) { throw lxHelpers.getTypeError('maxLifeTime', options.config.WEB_TOKEN.inactivityTime, 1); } + function getRouteNameWithVerb (route, verb) { + return verb + ':' + route; + } + function generateGuid () { return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) { var r, v; @@ -81,12 +85,18 @@ module.exports = function (options) { if (line.indexOf('.get') > 0) { // decide which api type with socket.on function var type = line.indexOf('.on') > 0 ? 'socket' : 'rest'; - var parts = line.split(','); + + // get rest route var route = parts[0].split('\'')[1]; + + // get http verb + var verb = parts[0].substring(parts[0].indexOf('.') + 1, parts[0].indexOf('(')); + + // unique path to function var path = parts[parts.length - 1].split('(')[1].replace(/'|\)|;/g, '').replace('.', '/'); - routes[path] = {route: route, type: type}; + routes[path] = {route: route, type: type, verb: verb}; } }); @@ -245,11 +255,6 @@ module.exports = function (options) { * @returns {Object.} (nameOfRight: {hasAccess: true, resource: *}) */ self.getUserAcl = function (user, allRights, allRoles, allGroups, additionalRoles, resourceRights) { - // check params -// if (!lxHelpers.isObject(user)) { -// throw new RightsError('param "user" is not an object'); -// } - var result = { rest: {}, socket: {} @@ -272,28 +277,37 @@ module.exports = function (options) { }); // add right name to result if the user has access - if (lxHelpers.isObject(right) && userRight.hasAccess) { - if (right.type === 'socket') { - result.socket[right.name] = { - controller: right.controller, - route: right.route, - hasAccess: true - }; + if (lxHelpers.isObject(right) && userRight.hasAccess && right.route) { + var name = getRouteNameWithVerb(right.route, right.verb); - if (userRight.resource) { - result.socket[right.name].resource = userRight.resource; - } - } else { - result.rest[right.name] = { - controller: right.controller, - route: right.route, - hasAccess: true - }; + result[right.type][name] = {}; - if (userRight.resource) { - result.rest[right.name].resource = userRight.resource; - } + if (userRight.resource) { + result[right.type][name].resource = userRight.resource; } + + //if (right.type === 'socket') { + // + // //result.socket[right.name] = { + // // controller: right.controller, + // // route: right.route, + // // hasAccess: true + // //}; + // + // if (userRight.resource) { + // result.socket[right.name].resource = userRight.resource; + // } + //} else { + // //result.rest[right.name] = { + // // controller: right.controller, + // // route: right.route, + // // hasAccess: true + // //}; + // + // if (userRight.resource) { + // result.rest[right.name].resource = userRight.resource; + // } + //} } }); @@ -417,9 +431,7 @@ module.exports = function (options) { }] }, function (error, results) { if (error) { -// logging.syslog.error('%s! getting user from db: %j', error, name); - callback(new Error('Error loading user from db!')); - return; + return callback(new Error('Error loading user from db!')); } callback(null, results.getUserAcl); @@ -520,7 +532,6 @@ module.exports = function (options) { self.getPublicFunctionsFromControllers(next); }, processRights: ['getRoutesFromRoutes', 'getPublicFunctionsFromControllers', function (next, results) { - var routes = results.getRoutesFromRoutes; var rights = results.getPublicFunctionsFromControllers; var roles = {}; @@ -549,19 +560,19 @@ module.exports = function (options) { description: right.description, controller: right.controller, route: route.route, - type: route.type + type: route.type, + verb: route.verb }; if (!result) { - rightsRepo.insert(newRight, function (error, result) { - if (error) { - nextRight(error); - return; + rightsRepo.insertOne(newRight, function (insertError, insertResult) { + if (insertError) { + return nextRight(insertError); } - if (result) { + if (insertResult && insertResult.result.n === 1) { rightsCreated++; - addRightToRoles(right.roles, result[0]._id); + addRightToRoles(right.roles, insertResult.ops[0]._id); } nextRight(); @@ -569,21 +580,21 @@ module.exports = function (options) { } else { addRightToRoles(right.roles, result._id); - if (result.description !== right.description || result.controller !== right.controller || result.route !== route.route) { - rightsRepo.update({_id: result._id}, { + if (result.description !== right.description || result.controller !== right.controller || result.route !== route.route || result.verb !== route.verb) { + rightsRepo.updateOne({_id: result._id}, { $set: { description: right.description, controller: right.controller, route: route.route, - type: route.type + type: route.type, + verb: route.verb } - }, function (error, result) { - if (error) { - nextRight(error); - return; + }, function (updateError, updateResult) { + if (updateError) { + return nextRight(updateError); } - if (result) { + if (updateResult && updateResult.n === 1) { rightsCreated++; } @@ -607,17 +618,16 @@ module.exports = function (options) { var roleKeys = Object.keys(results.processRights); if (roleKeys.length > 0) { - async.each(roleKeys, function (roleName, next) { + async.each(roleKeys, function (roleName, cb) { rolesRepo.findOne({name: roleName}, function (error, result) { if (error) { - next(error); - return; + return cb(error); } if (result) { - rolesRepo.update({_id: result._id}, {$set: {rights: roles[roleName].rights}}, next); + rolesRepo.updateOne({_id: result._id}, {$set: {rights: roles[roleName].rights}}, cb); } else { - rolesRepo.insert({name: roleName, rights: roles[roleName].rights}, next); + rolesRepo.insertOne({name: roleName, rights: roles[roleName].rights}, cb); } }); }, function (error) { @@ -628,6 +638,10 @@ module.exports = function (options) { } }] }, function (error, results) { + if (error) { + console.log(error); + } + callback(null, results); }); }; @@ -639,21 +653,23 @@ module.exports = function (options) { * @param acl * @returns {*|Array|boolean} */ - self.checkAccessToRoute = function (route, acl) { + self.checkAccessToRoute = function (route, verb, acl) { route = route || ''; - acl = acl || []; - - var keys = Object.keys(acl); - var i, len = keys.length; - var hasAccess = false; - for (i = 0; i < len; i++) { - if (acl[keys[i]].route === route) { - hasAccess = acl[keys[i]].hasAccess; - break; - } - } - - return hasAccess; + acl = acl || {}; + + return !!acl[getRouteNameWithVerb(route, verb)]; + + //var keys = Object.keys(acl); + //var i, len = keys.length; + //var hasAccess = false; + //for (i = 0; i < len; i++) { + // if (acl[keys[i]].route === route) { + // hasAccess = acl[keys[i]].hasAccess; + // break; + // } + //} + // + //return hasAccess; }; /** @@ -758,7 +774,7 @@ module.exports = function (options) { next(null, tokenData); }], saveAccessData: ['getTokenData', function (next, results) { - tokensRepo.insert(results.getTokenData, next); + tokensRepo.insertOne(results.getTokenData, next); }], createWebToken: ['saveAccessData', function (next, results) { next(null, jwt.encode({accessId: results.getTokenData.access_id}, config.WEB_TOKEN.secret)); @@ -769,10 +785,14 @@ module.exports = function (options) { } var routes = []; + //_.forIn(results.getTokenData.user_acl.rest, function (val, key) { + // if (results.getTokenData.user_acl.rest[key].hasAccess === true) { + // routes.push(results.getTokenData.user_acl.rest[key].route); + // } + //}); + _.forIn(results.getTokenData.user_acl.rest, function (val, key) { - if (results.getTokenData.user_acl.rest[key].hasAccess === true) { - routes.push(results.getTokenData.user_acl.rest[key].route); - } + routes.push(key); }); var roles = []; diff --git a/scripts/setup.js b/scripts/setup.js index fb95178..eef0988 100644 --- a/scripts/setup.js +++ b/scripts/setup.js @@ -10,16 +10,20 @@ var options = {}; options.config = config; var mongo = require('../lib/start.d/lxMongoDb'); -mongo(options, function() { +mongo(options, function () { var auth = require('../lib/start.d/lxAuth'); auth(options, function () { console.log('Refreshing rights in database..'); - options.auth.refreshRightsInDb(function () { + options.auth.refreshRightsInDb(function (err, res) { options.db.disconnect(); + if (res.processRoles) { + console.log('Rights created: ' + res.processRoles); + } + console.log('Done.'); }); });