Permission checks

To check roles and permission of auth user you can use AuthChecker from _global/src/auth/auth-check.ts. Constructor requires appId to initialize logger, and than you can use hasPermissions function or middleware for express.

As check options AuthChecker accepts object with list of types, roles and permissions. If you need more flexibility you can pass function that will check user and return boolean. Examples provided below.

Options object structure:

export interface AuthCheckOptions {
  type?: UserTypes | UserTypes[],
  role?: UserRoles | UserRoles[],
  permission?: string | string[],
}

One important moment for options object, it checks if user has:

at least one of given types

AND

at least one of given role

AND

at least one of given permission

Empty options means that user passes without check

Usage

`hasPermissions` function

Some example with usage may be found in _global/tests/auth.test.ts

Usage:

import { AuthChecker, AuthUser, UserRoles, UserTypes } from '@titanhouse/global';

const authChecker = new AuthChecker('service-id');

const testTitan: AuthUser = {
  id: 'id',
  type: UserTypes.Titan,
  name: 'Name',
  email: 'email@gmai.com',
  roles: [UserRoles.User, UserRoles.TpUser, UserRoles.TpRegisteredUser],
  permissions: ['profile-read'],
}

// check if user has 'titan' type; 
// return true
authChecker.hasPermissions(testTitan, { type: UserTypes.Titan })

// check if user has 'titan' type and ('user' or 'admin') roles; 
// return true
authChecker.hasPermissions(testTitan, {
  type: UserTypes.Titan,
  role: [UserRoles.User, UserRoles.Admin]
});

// check if user has 'titan' type and ('all' or 'all-write') permissions; 
// return false
authChecker.hasPermissions(testTitan, {
  type: UserTypes.Titan,
  permission: ['all', 'all-write']
});

Routing controllers with express

Initialization:


import express from 'express';
import { Action, useExpressServer } from 'routing-controllers';
import { AuthChecker } from '@titanhouse/global';

const app = express();

useExpressServer(app, {
  authorizationChecker: new AuthChecker('service-id').routingControllersChecker(),
  currentUserChecker: async (action: Action) => action.request.user,
});

Usage:


import { JsonController, Get, UseBefore, CurrentUser, Authorized } from 'routing-controllers';
import { UserTypes, UserRoles } from '@titanhouse/global';

@JsonController()
@UseBefore(authenticate) // see authorization
export class Controller {
  // User with 'client' type and roles CpUser or CpAccountAdmin allowed
  // Otherwise 403 status will be send in response
  @Authorized({ type: UserTypes.Client, role: [UserRoles.CpUser, UserRoles.CpAccountAdmin] })
  @Get(`/check`)
  check(@CurrentUser() user) {
    return 'ok';
  }
}

With 'pure' express

Usage:


import { AuthChecker, UserRoles } from '@titanhouse/global';
const authChecker = new AuthChecker('service-id');

app.post(
  '/logout', 
  authChecker.expressChecker({ role: UserRoles.CpAccountAdmin }), 
  async (req, res) => {
    res.ok();
  }
);

Permission checks

Permission checks

Usage

`hasPermissions` function

Routing controllers with express

With 'pure' express

results matching ""

No results matching ""

Permission checks

Usage

hasPermissions function

Routing controllers with express

With 'pure' express

results matching ""

No results matching ""

`hasPermissions` function