From 7548778c8aeb4ff6c3ec9b44988631d5a8df3509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor?= <95gabor@gmail.com> Date: Sat, 19 Aug 2017 21:14:23 +0200 Subject: [PATCH 1/5] req.session support, version bump, dist --- dist/simple-express-acl.js | 4 ++-- package.json | 2 +- src/simple-express-acl.js | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/simple-express-acl.js b/dist/simple-express-acl.js index 4afcfe5..20eee86 100644 --- a/dist/simple-express-acl.js +++ b/dist/simple-express-acl.js @@ -64,7 +64,7 @@ var ACL = function () { var rules = acl.rules; - if (req && req.user && req.user.roles) { + if (req && (req.user && req.user.roles || req.session && req.session.roles)) { var userRequest = acl.makeUserRequest(req); var roleAccess = acl.roleAccess(userRequest.resource, userRequest.method); var roles = acl.makeRoles(userRequest.roles); @@ -104,7 +104,7 @@ var ACL = function () { if (acl.prefix) {} return { - roles: req.user.roles, + roles: req.user ? req.user.roles : req.session.roles, method: _lodash2.default.toLower(req.method) || 'get', resource: acl.makeResource(req) }; diff --git a/package.json b/package.json index bccf27f..0c23a2e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "simple-express-acl", - "version": "0.2.4", + "version": "0.2.5", "description": "Dead simple Express ACL middleware that also works well with JSON Web Token's (JWT) and Passport's JWT strategy", "main": "dist/simple-express-acl.js", "author": "David Berube ", diff --git a/src/simple-express-acl.js b/src/simple-express-acl.js index e542632..75dbb10 100644 --- a/src/simple-express-acl.js +++ b/src/simple-express-acl.js @@ -32,7 +32,7 @@ class ACL { const rules = acl.rules - if (req && req.user && req.user.roles) { + if (req && ((req.user && req.user.roles) || (req.session && req.session.roles))) { let userRequest = acl.makeUserRequest(req) let roleAccess = acl.roleAccess(userRequest.resource, userRequest.method) let roles = acl.makeRoles(userRequest.roles) @@ -64,7 +64,7 @@ class ACL { } return { - roles: req.user.roles, + roles: req.user ? req.user.roles: req.session.roles, method: _.toLower(req.method) || 'get', resource: acl.makeResource(req) } From 2d4eb7b4c2f0a42e425ac33d35f7025303fa155d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor?= <95gabor@gmail.com> Date: Sun, 20 Aug 2017 16:54:43 +0200 Subject: [PATCH 2/5] regexp support & version bump --- dist/simple-express-acl.js | 6 ++++-- package.json | 2 +- src/simple-express-acl.js | 6 ++++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/dist/simple-express-acl.js b/dist/simple-express-acl.js index 20eee86..cdf4cc9 100644 --- a/dist/simple-express-acl.js +++ b/dist/simple-express-acl.js @@ -94,7 +94,7 @@ var ACL = function () { return res.status(401).send({ status: 'error', type: 'development', - message: 'No user roles found on req.user.roles' + message: 'No user roles found on req.user.roles or req.session.roles' }); } } @@ -128,7 +128,9 @@ var ACL = function () { var roleName = rule.role; access[roleName] = false; - var route = _lodash2.default.find(rule.permissions, { resource: resource }); + var route = _lodash2.default.find(rule.permissions, function (perm) { + return resource.match(new RegExp(perm.resource !== '*' ? perm.resource : '/*', 'y')); + }); if (!route) { // Resource route not found in ACL configuration diff --git a/package.json b/package.json index 0c23a2e..a8aab38 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "simple-express-acl", - "version": "0.2.5", + "version": "0.2.6", "description": "Dead simple Express ACL middleware that also works well with JSON Web Token's (JWT) and Passport's JWT strategy", "main": "dist/simple-express-acl.js", "author": "David Berube ", diff --git a/src/simple-express-acl.js b/src/simple-express-acl.js index 75dbb10..1ad06c5 100644 --- a/src/simple-express-acl.js +++ b/src/simple-express-acl.js @@ -53,7 +53,7 @@ class ACL { return res.status(401).send({ status: 'error', type: `development`, - message: `No user roles found on req.user.roles` + message: `No user roles found on req.user.roles or req.session.roles` }) } } @@ -86,7 +86,9 @@ class ACL { let roleName = rule.role access[ roleName ] = false - let route = _.find(rule.permissions, { resource }) + let route = _.find(rule.permissions, function (perm) { + return resource.match(new RegExp(perm.resource !== '*'? perm.resource : '/*' , 'y')); + }); if (!route) { // Resource route not found in ACL configuration From e5657e723681d2d798d890aa64b0b578b9319359 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor?= <95gabor@gmail.com> Date: Sun, 20 Aug 2017 17:31:07 +0200 Subject: [PATCH 3/5] includeRoles fix --- dist/simple-express-acl.js | 4 ++-- package.json | 2 +- src/simple-express-acl.js | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/simple-express-acl.js b/dist/simple-express-acl.js index cdf4cc9..6395342 100644 --- a/dist/simple-express-acl.js +++ b/dist/simple-express-acl.js @@ -171,9 +171,9 @@ var ACL = function () { if (!roleRules || !roleRules.includeRoles) return; if (_lodash2.default.isString(roleRules.includeRoles)) { - includeRoles.push(_lodash2.default.toLower(roleRules.includeRoles)); + includeRoles.push(roleRules.includeRoles); } else { - includeRoles = _lodash2.default.map(roleRules.includeRoles, _lodash2.default.toLower); + includeRoles = _lodash2.default.map(roleRules.includeRoles); } _lodash2.default.each(includeRoles, function (role) { diff --git a/package.json b/package.json index a8aab38..c8bd6d7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "simple-express-acl", - "version": "0.2.6", + "version": "0.2.7", "description": "Dead simple Express ACL middleware that also works well with JSON Web Token's (JWT) and Passport's JWT strategy", "main": "dist/simple-express-acl.js", "author": "David Berube ", diff --git a/src/simple-express-acl.js b/src/simple-express-acl.js index 1ad06c5..a1466b7 100644 --- a/src/simple-express-acl.js +++ b/src/simple-express-acl.js @@ -124,8 +124,8 @@ class ACL { if (!roleRules || !roleRules.includeRoles) return - if (_.isString(roleRules.includeRoles)) { includeRoles.push(_.toLower(roleRules.includeRoles)) } - else { includeRoles = _.map(roleRules.includeRoles, _.toLower) } + if (_.isString(roleRules.includeRoles)) { includeRoles.push(roleRules.includeRoles) } + else { includeRoles = _.map(roleRules.includeRoles) } _.each(includeRoles, (role) => { roles.push(role) }) }) From 09e725c26b38be7d5d116fa0b1960b1a92071efb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor?= <95gabor@gmail.com> Date: Sun, 20 Aug 2017 17:45:04 +0200 Subject: [PATCH 4/5] url toLower for better matching --- dist/simple-express-acl.js | 2 +- package.json | 2 +- src/simple-express-acl.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/simple-express-acl.js b/dist/simple-express-acl.js index 6395342..4764e2f 100644 --- a/dist/simple-express-acl.js +++ b/dist/simple-express-acl.js @@ -129,7 +129,7 @@ var ACL = function () { access[roleName] = false; var route = _lodash2.default.find(rule.permissions, function (perm) { - return resource.match(new RegExp(perm.resource !== '*' ? perm.resource : '/*', 'y')); + return resource.match(new RegExp(perm.resource !== '*' ? _lodash2.default.toLower(perm.resource) : '/*', 'y')); }); if (!route) { diff --git a/package.json b/package.json index c8bd6d7..5aa3af7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "simple-express-acl", - "version": "0.2.7", + "version": "0.2.8", "description": "Dead simple Express ACL middleware that also works well with JSON Web Token's (JWT) and Passport's JWT strategy", "main": "dist/simple-express-acl.js", "author": "David Berube ", diff --git a/src/simple-express-acl.js b/src/simple-express-acl.js index a1466b7..bb81293 100644 --- a/src/simple-express-acl.js +++ b/src/simple-express-acl.js @@ -87,7 +87,7 @@ class ACL { access[ roleName ] = false let route = _.find(rule.permissions, function (perm) { - return resource.match(new RegExp(perm.resource !== '*'? perm.resource : '/*' , 'y')); + return resource.match(new RegExp(perm.resource !== '*'? _.toLower(perm.resource) : '/*' , 'y')); }); if (!route) { From 8f89d787cf00406f099e36023291c1058a205bb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor?= <95gabor@gmail.com> Date: Sun, 20 Aug 2017 18:33:35 +0200 Subject: [PATCH 5/5] support nested includeRoles --- dist/simple-express-acl.js | 2 +- package.json | 2 +- src/simple-express-acl.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/simple-express-acl.js b/dist/simple-express-acl.js index 4764e2f..04f7a2c 100644 --- a/dist/simple-express-acl.js +++ b/dist/simple-express-acl.js @@ -177,7 +177,7 @@ var ACL = function () { } _lodash2.default.each(includeRoles, function (role) { - roles.push(role); + roles = _lodash2.default.concat(roles, acl.makeRoles([role])); }); }); diff --git a/package.json b/package.json index 5aa3af7..77ca461 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "simple-express-acl", - "version": "0.2.8", + "version": "0.2.9", "description": "Dead simple Express ACL middleware that also works well with JSON Web Token's (JWT) and Passport's JWT strategy", "main": "dist/simple-express-acl.js", "author": "David Berube ", diff --git a/src/simple-express-acl.js b/src/simple-express-acl.js index bb81293..b73f54b 100644 --- a/src/simple-express-acl.js +++ b/src/simple-express-acl.js @@ -127,7 +127,7 @@ class ACL { if (_.isString(roleRules.includeRoles)) { includeRoles.push(roleRules.includeRoles) } else { includeRoles = _.map(roleRules.includeRoles) } - _.each(includeRoles, (role) => { roles.push(role) }) + _.each(includeRoles, (role) => { roles = _.concat(roles, acl.makeRoles([role])); }) }) return roles