testing ctx options injection

ebarault · Dec 13, 2016 · 09b9a8c · 09b9a8c
1 parent baa5614
commit 09b9a8c
Show file tree

Hide file tree

Showing 7 changed files with 126 additions and 10 deletions.
diff --git a/package.json b/package.json
@@ -11,17 +11,16 @@
     "compression": "^1.0.3",
     "cors": "^2.5.2",
     "helmet": "^1.3.0",
-    "loopback-boot": "^2.6.5",
-    "loopback-component-explorer": "^2.4.0",
+    "loopback-boot": "^2.23.0",
+    "loopback-component-explorer": "^2.7.0",
     "serve-favicon": "^2.0.1",
-    "strong-error-handler": "^1.0.1",
-    "loopback-datasource-juggler": "^2.39.0",
-    "loopback": "^2.22.0"
+    "strong-error-handler": "^1.1.1",
+    "loopback": "git+https://github.com/strongloop/loopback.git#feature/options-from-context-v2"
   },
   "devDependencies": {
-    "eslint": "^2.13.1",
+    "eslint": "^3.7.1",
     "eslint-config-loopback": "^4.0.0",
-    "nsp": "^2.1.0"
+    "nsp": "^2.6.2"
   },
   "repository": {
     "type": "",

diff --git a/server/boot/authentication.js b/server/boot/authentication.js
@@ -1,6 +1,7 @@
 'use strict';
 
-module.exports = function enableAuthentication(server) {
+module.exports = function enableAuthentication(server, next) {
   // enable authentication
   server.enableAuth();
+  next();
 };
diff --git a/server/boot/root.js b/server/boot/root.js
@@ -1,8 +1,9 @@
 'use strict';
 
-module.exports = function(server) {
+module.exports = function(server, next) {
   // Install a `/` route that returns server status
   var router = server.loopback.Router();
   router.get('/', server.loopback.status());
   server.use(router);
+  next();
 };
diff --git a/server/boot/zzz-createUser.js b/server/boot/zzz-createUser.js
@@ -0,0 +1,17 @@
+'use strict';
+
+module.exports = function(server, next) {
+  var user = server.models.user;
+  user.create({email: '[email protected]', password: 'a1b2c3'})
+  .then(function(user) {
+    return user.accessTokens.create();
+  })
+  .then(function(token) {
+    console.log(token);
+    next();
+  })
+  .catch(function(err) {
+    console.log(err);
+    next();
+  });
+};
diff --git a/server/model-config.json b/server/model-config.json
@@ -13,7 +13,7 @@
       "./mixins"
     ]
   },
-  "User": {
+  "user": {
     "dataSource": "db"
   },
   "AccessToken": {

diff --git a/server/models/user.js b/server/models/user.js
@@ -0,0 +1,61 @@
+'use strict';
+
+var Promise = require('bluebird');
+var extend = require('util')._extend;
+
+module.exports = function(user) {
+  user.on('attached', function(app) {
+    app.on('started', function() {
+      var Role = user.app.models.Role;
+      Role.registerResolver('$dynamicRole', function(role, ctx, next) {
+        ctx.remotingContext.args.options = ctx.remotingContext.args.options || {};
+        ctx.remotingContext.args.options.canInjectCtxOptionsInCustomRoleResolver = true;
+        next();
+      });
+    });
+  });
+
+  user.createOptionsFromRemotingContext = function(ctx) {
+    return extend(this.base.createOptionsFromRemotingContext(ctx), {
+      currentUserId: ctx.req.accessToken && ctx.req.accessToken.userId,
+    });
+  };
+
+  user.beforeRemote('testInjectedOptions', function(ctx, unused, next) {
+    if (!ctx.args.options.accessToken) return next();
+    ctx.args.options.canReadCtxOptionsInBeforeRemote = ctx.args.options.canInjectCtxOptionsInCustomRoleResolver ? true : false;
+    user.findById(ctx.args.options.accessToken.userId, function(err, user) {
+      if (err) return next(err);
+      ctx.args.options.currentUser = user;
+      next();
+    });
+  });
+
+  user.observe('loaded', function(ctx, next) {
+    ctx.options = ctx.options || {};
+    ctx.options.canReadCtxOptionsInObserveLoaded = ctx.options.canInjectCtxOptionsInCustomRoleResolver ? true : false;
+    ctx.options.canInjectCtxOptionsInObserveLoaded = true;
+    next();
+  });
+
+  user.remoteMethod('testInjectedOptions', {
+    http: {verb: 'get',	path: '/:id/testInjectedOptions'},
+    accepts: [
+      {arg: 'id', type: 'string', required: true},
+      {arg: 'options', type: 'object', http: 'optionsFromRequest'},
+    ],
+    returns: {arg: 'data', type: 'object', root: true},
+  });
+
+  user.testInjectedOptions = function(id, ctx) {
+    return Promise.resolve({
+      accessToken: ctx.accessToken,
+      user: ctx.currentUser,
+      currentUserId: ctx.currentUserId,
+      canInjectCtxOptionsInCustomRoleResolver: ctx.canInjectCtxOptionsInCustomRoleResolver || false,
+      canReadCtxOptionsInObserveLoaded: ctx.canReadCtxOptionsInObserveLoaded || false,
+      canInjectCtxOptionsInObserveLoaded: ctx.canInjectCtxOptionsInObserveLoaded || false,
+      canReadCtxOptionsInBeforeRemote: ctx.canReadCtxOptionsInBeforeRemote || false,
+    });
+  };
+};
diff --git a/server/models/user.json b/server/models/user.json
@@ -0,0 +1,37 @@
+{
+	"name": "user",
+	"plural": "users",
+	"base": "User",
+	"idInjection": true,
+	"strict": "true",
+	"options": {
+		"validateUpsert": true
+	},
+	"mixins": {},
+	"properties": {},
+	"hidden": [],
+	"protected": [],
+	"validations": [],
+	"relations": {},
+	"acls": [
+    {
+			"accessType": "EXECUTE",
+			"principalType": "ROLE",
+			"principalId": "$owner",
+			"permission": "ALLOW",
+			"property": [
+        "testInjectedOptions"
+			]
+		},
+    {
+			"accessType": "EXECUTE",
+			"principalType": "ROLE",
+			"principalId": "$dynamicRole",
+			"permission": "ALLOW",
+			"property": [
+        "testInjectedOptions"
+			]
+		}
+  ],
+	"methods": {}
+}