npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hapi-inferred-scopes

v3.0.0

Published

infer route access from grouped scopes

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

danielglennrossdanielglennross

Keywords

hapi-inferred-scopes

Readme

hapi-inferred-scopes

Hapi out-the-box scopes are powerful, but what if we wanted to manage scopes like resources which have sub-resources and infer whether a request is permitted? hapi-inferred-scopes allows us to mark routes with finely grained scopes, however still permit access for credentials that infer parent scopes.

Install

npm install --save hapi-inferred-scopes

Usage

// the following option values are the defaults
const options = {
  // how scopes / sub-scopes are delimited (e.g. user:account)
  scopeDelimiter: ':',
  // where we can find the auth credential's scope
  scopeAccessor: request => request.auth.credentials.scope
};

await server.register({
  plugin: require('hapi-inferred-scopes'),
  options
});

server.route({
  method: 'GET',
  path: '/user/email',
  options: {
    auth: 'session',
    plugins: {
      inferredScope: ['user:email'] // make this as granular as possible
    },
    handler: (request, h) =>
      h.response(request.auth.artifacts.scopeContext).code(200)
  }
});

Example

Say within our app we identify the following scope groups:

  • user
  • user:account

We can now guard a route with the most specific scope we'd like a request auth credentials to have. For example, a route which accesses a user's account we can guard with user:account. An auth credential that has scope user:account is allowed to access this route, along with any credential that has the parent scope user - this is inferred.

Like hapi scopes, we can still make scopes required + or forbidden ! - however, we can take into consideration the inferring parent mechanism. If we want to forbid a credential with scope user:account from accessing a particular route, we simply specify: !user:account on the route. A credential that has scope user however, is still able to access the route.

Scope segments can also be dynamic expressions that refer to request data (again, like hapi), regular expressions or wild card operators. At this time, dynamic expressions, regular expressions and wild card operators cannot be mixed and matched - they are exclusive.

For dynamic expressions, surround the expression in {...} like so:

  • {params.username
  • user-{params.username}
  • user:{params.accountType}(child scope is a dynamic expression)

For regular expressions, surround the expression in /.../ like so:

  • /.*/
  • /user-.*/
  • user:/.*/ (child scope is a regular expression)

A wild card operator: match all * is supported. This operator will match any scope or subsequent sub-scopes, including absent ones. For example, user:* will match:

  • user
  • user:account
  • user:account:email etc.

In addition, a scopeContext is created and accessible on request.auth.artifacts.scopeContext. This is an object representing the hierarchy of grouped scopes. scopeContext can be inspected to make any further decisions regarding scopes during a request's life-cycle. For example a credential with scopes: ['user:account:read', 'user:profile', 'admin'] will have the following scopeContext:

{
  user: {
    account: {
      read: {}
    },
    profile: {}
  },
  admin: {}
}

Note:

  • Due to the inferred nature of the scopes, a credential with scopes ['user', 'user:account'] will be reduced to ['user'] (as the account sub-scope is inferred).
  • To allow any scopes, simply assign inferredScope: [].