@casva/bridge
Installation
Install using npm
npm install @casva/bridge
Usage
Decrypt Bearer Token
To Decrypt the middleware using the class TokenManager from the crypto folder. It adavisable to decrypt the token in yuor auth middleware.
import { TokenManager } from "@casava/bridge/build/crypto"
//...
const tokenData = TokenManager.decrypt(req);
To decrypt a bearer token the TOKEN_SECRET in the environment must be the same as the TOKEN_SECRET used on the service that encrypt the token.
Securty Annotations
hasRole and hasPermission
These two annotation provide the request to check for a user permission or role before performing an operation. The combination oof both annotations is an OR condition, if any of the annotation is satisfied then the reqquest will procced to the controller.
The annotatations check the res.locals
for the roles and permissions object.
-
hasRole expects the expressjs req.local to have an array of roles i.e.
res.locals.roles
must be array of strings. -
hasAnyPermission expects the expressjs req.local to have an array of permissions i.e.
res.locals.permissions
must be array of strings.
import { hasAnyRole, hasAnyPermission } from '@casava/bridge/build/decorators';
class PermissionController {
static PermissionCreationSchema = Joi.object({
permissions: Joi.array().items(Joi.object().keys({
name: Joi.string().required(),
value: Joi.string().required(),
})),
}).options({ abortEarly: false });
@hasAnyRole(["SUPER_ADMINISTRATOR"])
@hasAnyPermission(["CREATE_PERMISSION"])
async store(req: Request, res: Response): Promise<void> {
// logic
}
}
You can set the value of the express request objects res.locals.roles
and res.locals.permissions
at the controller middleware.
Request Validation
This package provides the annotation expectedRequestSchema
that allows you to validate a request payload before continuing to the controller method.
This works together with the joi package. SO you need to install joi before using the annotation.
import { expectedRequestSchema } from "@casava/bridge/build/decorators";
class PermissionController {
static PermissionCreationSchema = Joi.object({
permissions: Joi.array().items(Joi.object().keys({
name: Joi.string().required(),
value: Joi.string().required(),
})),
}).options({ abortEarly: false });
@expectedRequestSchema(PermissionController.PermissionCreationSchema)
async store(req: Request, res: Response): Promise<void> {
// logic
}
}
If the schema check fails the exception CasavaApiBadRequestException
is thrown. The exception is locted at "@casava/bridge/build/exceptions".