Commit Graph

28 Commits

Author SHA1 Message Date
Raymond Feng 69df11bb8e Refactor access token to make it extensible
1. Make it possible to reuse getIdForRequest()
2. Introduce a flag to control if oAuth2 bearer token should be base64
encoded
3. Promote resolve() to locate/validate access tokens by id
2017-05-02 10:55:51 -07:00
Aaron Buchanan fbf818b2dc
Fix user-literal rewrite for anonymous requests
Currently any `currentUserLiteral` routes when accessed with a bad
token throw a 500 due to a SQL error that is raised because
`Model.findById` is invoked with `id={currentUserLiteral}`
(`id=me` in our case) when the url rewrite fails.

This commit changes the token middleware to return 401 Not Authorized
when the client is requesting a currentUserLiteral route without
a valid access token.
2017-04-04 16:30:08 +02:00
ebarault cf98d379c4 fix custom token model in token middleware
Fixing server/middleware/token.js to handle correctly the
setup of a custom AccessToken model by name in either
middleware.json or using any of :
	app.use(loopback.token({...}));
	app.middlewareFromConfig(loopback.token, {...})
	app.middleware('auth', loopback.token({...})
2017-03-06 16:10:25 +01:00
Loay 06cb481c3f Update eslint to loopback config v5
Notable side-effects:
 - loopback no longer exports "caller" and "arguments" properties
 - kv-memory connector is now properly added to the connector registry
 - the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
Candy 8f08398c30 Update doc links 2016-11-04 16:47:12 -04:00
Candy 640f3a8ca7 Update globalization structure 2016-09-22 11:58:00 +02:00
Carl Fürstenberg edd5275b8b Fix token middleware crash
Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
2016-08-17 14:44:00 +02:00
Miroslav Bajtoš ba5f36fb91 loopback#context: fix missing "g" symbol 2016-08-17 14:43:59 +02:00
Miroslav Bajtoš 59a82a9d5e Globalize current-context error messages 2016-08-10 13:43:40 +02:00
Miroslav Bajtoš b087c930ed Remove current-context API
Change all current-context APIs to throw a helpful error.
2016-08-10 13:43:40 +02:00
gunjpan 1b053d44fe Remove legacyExplorer
- Removes backward compatibility
for legacy end points `/models` & `/routes`
- Removes `legacyExplorer` flag which
enabled these routes
- Update related tests & tests using the
legacyExplorer flag
2016-06-20 16:05:11 -04:00
Loay 1fc51d1296 update errorHandler template 2016-06-13 11:18:09 -04:00
Miroslav Bajtoš 8d295b70f6 Remove legacy express 3.x middleware getters
Remove middleware-getter properties that were simlifying upgrade from
LoopBack 1.x/Express 3.x applications:

  - loopback.compress
  - loopback.timeout
  - loopback.cookieParser
  - loopback.cookieSession
  - loopback.csrf
  - loopback.errorHandler
  - loopback.session
  - loopback.methodOverride
  - loopback.logger
  - loopback.responseTime
  - loopback.favicon
  - loopback.directory
  - loopback.vhost

Also remove `loopback.mime`, which was set to `undefined` anyways.
2016-05-31 18:59:21 +02:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Benjamin Kröger 9e0405de9f Allow built-in token middleware to run repeatedly
Add two new options:

  - When `enableDoublecheck` is true, the middleware will run
    even if a previous middleware has already set `req.accessToken`
    (possibly to `null` for anonymous requests)

  - When `overwriteExistingToken` is true (and `enableDoublecheck` too),
    the middleware will overwrite `req.accessToken` set by a previous
    middleware instances.
2016-04-06 15:44:20 +02:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Richard Walker 65ca318392 Create stack-removing errorhandler middleware
Create a wrapper around express' errorhandler that removes the stack
trace from error responses when "options.includeStack" is false.
2015-09-03 08:38:24 +02:00
Owen Brotherwood 86ed4721a5 access-token: add option "searchDefaultTokenKeys"
Set this option to false to prevent AccessToken from checking default
places like "access_token" in query.
2015-05-29 12:06:31 +02:00
Ritchie Martori b9170751bc Add support for app level Model isolation
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
2015-04-03 11:48:45 -07:00
Miroslav Bajtoš 2aa09ba574 Add `loopback.runInContext`
Refactor the core implementation of current context from
server/middleware/context.js into server/current-context.js.

Expose new public API:
 - loopback.runInContext
 - loopback.createContext
2015-03-27 19:12:17 +01:00
Raymond Feng 6ad61d6c00 Enhance the token middleware to support current user literal 2015-03-12 08:28:15 -07:00
Ron Edgecomb 1818a8fb34 Config option to disable legacy explorer routes
Setting legacyExplorer to false in the loopback config will disable
the routes /routes and /models made available in loopback.rest.
The deprecate module has been added to the project with a reference
added for the legacyExplorer option as it is no longer required by
loopback-explorer. Tests added to validate functionality of disabled
and enabled legacy explorer routes.
2015-03-02 14:12:18 -05:00
Samuel Reed 42431d6e1e Fix #1080 - domain memory leak.
Domains are created per request rather than creating a single
domain for all requests. This kills the memory leak, as a single
domain would keep a reference to every single req and res, causing
rapid heap growth.
2015-02-10 08:28:20 +07:00
Raymond Feng 982e495632 Optimize the creation of handlers for rest 2015-01-15 09:03:22 -08:00
Pham Anh Tuan ca0208ddd9 Fix context middleware to preserve domains
When executing a request using a pooled connection, connectors
like MongoDB and/or MySQL rebind callbacks to the domain which
issued the request, as opposed to the domain which opened the pooled
connection.

This commit fixes the context middleware to play nicely with that
mechanism and preserve domain rebinds.
2015-01-07 10:56:10 +01:00
Rand McKinney 2522b3f15e Update favicon.js
Add basic JSdoc
2014-11-24 15:08:21 -08:00
Raymond Feng a9b4df1f2d Expose more loopback middleware for require 2014-11-19 11:32:22 -08:00
Miroslav Bajtoš 7fc66a182e Move middleware sources to `server/middleware`
The new location allows developer to use the following identifiers
when loading the middleware using the new declarative style:

    app.middlewareFromConfig(
      require('loopback/server/middleware/rest'),
      { phase: 'routes' });

    app.middlewareFromConfig(
      require('loopback/server/middleware/url-not-found'),
      { phase: 'final' });
2014-11-12 12:44:34 +01:00