unleash.unleash/src/lib/routes/controller.js

'use strict';

const { Router } = require('express');
const NoAccessError = require('../error/no-access-error');
const requireContentType = require('../middleware/content_type_checker');

const checkPermission = permission => {
    return async (req, res, next) => {
        if (!permission) {
            return next();
        }
        if (await req.checkRbac(permission)) {
            return next();
        }
        return res
            .status(403)
            .json(new NoAccessError(permission))
            .end();
    };
};

/**
 * Base class for Controllers to standardize binding to express Router.
 */
class Controller {
    constructor(config) {
        const router = Router();
        this.app = router;
        this.config = config;
    }

    get(path, handler, permission) {
        this.app.get(path, checkPermission(permission), handler.bind(this));
    }

    post(path, handler, permission, ...acceptedContentTypes) {
        this.app.post(
            path,
            checkPermission(permission),
            requireContentType(...acceptedContentTypes),
            handler.bind(this),
        );
    }

    put(path, handler, permission, ...acceptedContentTypes) {
        this.app.put(
            path,
            checkPermission(permission),
            requireContentType(...acceptedContentTypes),
            handler.bind(this),
        );
    }

    delete(path, handler, permission) {
        this.app.delete(path, checkPermission(permission), handler.bind(this));
    }

    fileupload(path, filehandler, handler, permission) {
        this.app.post(
            path,
            checkPermission(permission),
            filehandler,
            handler.bind(this),
        );
    }

    use(path, router) {
        this.app.use(path, router);
    }

    get router() {
        return this.app;
    }
}

module.exports = Controller;
chore(modernize): Spin out base class for Controllers 2018-11-30 10:11:36 +01:00			`'use strict';`

			`const { Router } = require('express');`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`const NoAccessError = require('../error/no-access-error');`
fix: add middleware verifying content type - By default only accepts 'application/json' - Routes that need different content-type, can call post or put with additional arguments, one per content-type you need to support. 2021-02-10 14:15:28 +01:00			`const requireContentType = require('../middleware/content_type_checker');`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00
			`const checkPermission = permission => {`
			`return async (req, res, next) => {`
			`if (!permission) {`
			`return next();`
			`}`
			`if (await req.checkRbac(permission)) {`
			`return next();`
			`}`
			`return res`
			`.status(403)`
			`.json(new NoAccessError(permission))`
			`.end();`
			`};`
			`};`

chore(modernize): Spin out base class for Controllers 2018-11-30 10:11:36 +01:00			`/**`
			`* Base class for Controllers to standardize binding to express Router.`
			`*/`
			`class Controller {`
Refactored controllers, moved checkPermission to permission-checker.js middleware 2018-12-19 14:50:01 +01:00			`constructor(config) {`
chore(modernize): Spin out base class for Controllers 2018-11-30 10:11:36 +01:00			`const router = Router();`
			`this.app = router;`
Refactored controllers, moved checkPermission to permission-checker.js middleware 2018-12-19 14:50:01 +01:00			`this.config = config;`
Don't expose user permissions when extendedPermissions is disabled, cleanup controller.js 2018-12-19 13:35:54 +01:00			`}`

			`get(path, handler, permission) {`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`this.app.get(path, checkPermission(permission), handler.bind(this));`
chore(modernize): Spin out base class for Controllers 2018-11-30 10:11:36 +01:00			`}`

fix: add middleware verifying content type - By default only accepts 'application/json' - Routes that need different content-type, can call post or put with additional arguments, one per content-type you need to support. 2021-02-10 14:15:28 +01:00			`post(path, handler, permission, ...acceptedContentTypes) {`
Don't expose user permissions when extendedPermissions is disabled, cleanup controller.js 2018-12-19 13:35:54 +01:00			`this.app.post(`
			`path,`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`checkPermission(permission),`
fix: add middleware verifying content type - By default only accepts 'application/json' - Routes that need different content-type, can call post or put with additional arguments, one per content-type you need to support. 2021-02-10 14:15:28 +01:00			`requireContentType(...acceptedContentTypes),`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`handler.bind(this),`
Don't expose user permissions when extendedPermissions is disabled, cleanup controller.js 2018-12-19 13:35:54 +01:00			`);`
chore(modernize): Spin out base class for Controllers 2018-11-30 10:11:36 +01:00			`}`

fix: add middleware verifying content type - By default only accepts 'application/json' - Routes that need different content-type, can call post or put with additional arguments, one per content-type you need to support. 2021-02-10 14:15:28 +01:00			`put(path, handler, permission, ...acceptedContentTypes) {`
Don't expose user permissions when extendedPermissions is disabled, cleanup controller.js 2018-12-19 13:35:54 +01:00			`this.app.put(`
			`path,`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`checkPermission(permission),`
fix: add middleware verifying content type - By default only accepts 'application/json' - Routes that need different content-type, can call post or put with additional arguments, one per content-type you need to support. 2021-02-10 14:15:28 +01:00			`requireContentType(...acceptedContentTypes),`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`handler.bind(this),`
Don't expose user permissions when extendedPermissions is disabled, cleanup controller.js 2018-12-19 13:35:54 +01:00			`);`
chore(modernize): Admin FeatureController 2018-11-30 11:11:12 +01:00			`}`

Use full name instead of perms, 403 error message now includes expected permission 2018-12-19 13:17:44 +01:00			`delete(path, handler, permission) {`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`this.app.delete(path, checkPermission(permission), handler.bind(this));`
chore(modernize): Admin FeatureController 2018-11-30 11:11:12 +01:00			`}`

feat: Added import & export through stateService #395 2019-03-13 19:10:13 +01:00			`fileupload(path, filehandler, handler, permission) {`
			`this.app.post(`
			`path,`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`checkPermission(permission),`
feat: Added import & export through stateService #395 2019-03-13 19:10:13 +01:00			`filehandler,`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`handler.bind(this),`
feat: Added import & export through stateService #395 2019-03-13 19:10:13 +01:00			`);`
			`}`

chore(modernize): Use base controller for all client controllers 2018-12-03 08:59:13 +01:00			`use(path, router) {`
			`this.app.use(path, router);`
			`}`

			`get router() {`
chore(modernize): Spin out base class for Controllers 2018-11-30 10:11:36 +01:00			`return this.app;`
			`}`
			`}`

			`module.exports = Controller;`