api/access

(static) allow(req, callback)

Description:

• Perform URL based access checks, this is called before the signature verification, very early in the request processing step.

  Checks access permissions, calls the callback with the following argument:

  • null or undefined to proceed with authentication
  • an object with status: 200 to skip authentication and proceed with other routes
  • an object with status other than 0 or 200 to return the status and stop request processing, for statuses 301,302 there should be url property in the object returned

Source:

• api/access.js, line 132

Parameters:

(static) authenticate(req, callback)

Description:

• Verify request signature from the request object, uses properties: .host, .method, .url or .originalUrl, .headers

Source:

• api/access.js, line 175

Parameters:

(static) authorize(req, callback)

Description:

• Perform authorization checks after the user been checked for valid signature.

  At least one acl must match to proceed.

Source:

• api/access.js, line 276

Parameters:

(static) configureMiddleware()

Description:

• Install authentication/authorization middleware

Source:

• api/access.js, line 40

(static) middleware(req, res, callback)

Description:

• Implements full authentication and authorizarion of each request Steps:

  1. check if access is allowed by path via "access" hooks, calls module:api/access.allow
  2. if status given and not 200 return the error
  3. if not matched continue othwewise check CSRF
  4. run module:api/access.authenticate, if status is not 200 return an error
  5. check CSRF token module:api/csrf.check
  6. run module:api/access.authorize, at least one ACL must match, on error return
  7. check for routing module:api/routing.check

Source:

• api/access.js, line 52

Parameters:

(static) setUser(req, user)

Description:

• Assign or clear the current user record for the given request, if user is null the current is cleared.

Source:

• api/access.js, line 156

Parameters: