verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow requests without auth tokens

This commit is contained in:
Ritchie Martori 2013-12-10 15:57:55 -08:00
parent 2885d3c08f
commit dfcb43e613
4 changed files with 37 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/application.js
View File

@ -169,13 +169,13 @@ app.enableAuth = function() {
modelId = req.param('id'); modelId = req.param('id');
} }
if(req.accessToken) {
Model.checkAccess( Model.checkAccess(
req.accessToken, req.accessToken,
modelId, modelId,
method.name, method.name,
function(err, allowed) { function(err, allowed) {
if(err) { if(err) {
console.log(err);
next(err); next(err);
} else if(allowed) { } else if(allowed) {
next(); next();
@ -186,18 +186,6 @@ app.enableAuth = function() {
} }
} }
); );
} else if(
Model.requireToken === false ||
Model.settings.requireToken === false ||
method.fn && method.fn.requireToken === false
) {
next();
} else {
var e = new Error('Access Denied');
e.statusCode = 401;
next(e);
}
}); });
} }

19
lib/models/access-token.js
View File

@ -9,6 +9,7 @@ var Model = require('../loopback').Model
, uid = require('uid2') , uid = require('uid2')
, DEFAULT_TTL = 1209600 // 2 weeks in seconds , DEFAULT_TTL = 1209600 // 2 weeks in seconds
, DEFAULT_TOKEN_LEN = 64 , DEFAULT_TOKEN_LEN = 64
, Role = require('./role').Role
, ACL = require('./acl').ACL; , ACL = require('./acl').ACL;
/** /**
@ -27,7 +28,23 @@ var properties = {
* Extends from the built in `loopback.Model` type. * Extends from the built in `loopback.Model` type.
*/ */
var AccessToken = module.exports = Model.extend('AccessToken', properties); var AccessToken = module.exports = Model.extend('AccessToken', properties, {
acls: [
{
principalType: ACL.ROLE,
principalId: Role.EVERYONE,
permission: 'DENY'
},
{
principalType: ACL.ROLE,
principalId: Role.EVERYONE,
property: 'create',
permission: 'ALLOW'
}
]
});
AccessToken.ANONYMOUS = new AccessToken({id: '$anonymous'});
/** /**
* Create a cryptographically random access token id. * Create a cryptographically random access token id.

3
lib/models/model.js
View File

@ -4,6 +4,7 @@
var loopback = require('../loopback'); var loopback = require('../loopback');
var ModelBuilder = require('loopback-datasource-juggler').ModelBuilder; var ModelBuilder = require('loopback-datasource-juggler').ModelBuilder;
var modeler = new ModelBuilder(); var modeler = new ModelBuilder();
var assert = require('assert');
/** /**
* Define the built in loopback.Model. * Define the built in loopback.Model.
@ -128,6 +129,8 @@ function getACL() {
* @param {Boolean} allowed is the request allowed * @param {Boolean} allowed is the request allowed
*/ */
Model.checkAccess = function(token, modelId, method, callback) { Model.checkAccess = function(token, modelId, method, callback) {
var ANONYMOUS = require('./access-token').ANONYMOUS;
token = token || ANONYMOUS;
var ACL = getACL(); var ACL = getACL();
var methodName = 'string' === typeof method? method: method && method.name; var methodName = 'string' === typeof method? method: method && method.name;
ACL.checkAccessForToken(token, this.modelName, modelId, methodName, callback); ACL.checkAccessForToken(token, this.modelName, modelId, methodName, callback);

7
test/access-token.test.js
View File

@ -60,13 +60,6 @@ describe('app.enableAuth()', function() {
beforeEach(createTestingToken); beforeEach(createTestingToken);
it('should prevent all remote method calls without an accessToken', function (done) {
createTestAppAndRequest(this.token, done)
.get('/tests')
.expect(401)
.end(done);
});
it('should prevent remote method calls if the accessToken doesnt have access', function (done) { it('should prevent remote method calls if the accessToken doesnt have access', function (done) {
createTestAppAndRequest(this.token, done) createTestAppAndRequest(this.token, done)
.del('/tests/123') .del('/tests/123')