Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const tokenScheme = function (server, { authOptions, authProvider }) {
Hoek.assert(authOptions, 'Missing authOptions')
Hoek.assert(authProvider, 'Missing authProvider')
const options = Hoek.applyToDefaults(defaults, authOptions)
Joi.assert(options, optionsSchema)
// https://github.com/hapijs/hapi/blob/master/API.md#authentication-scheme
return {
async authenticate (request, h) {
// Use headers by default
let authorization = request.raw.req.headers.authorization
// Fallback 1 : Check for cookies
if (options.allowCookieToken &&
!authorization &&
request.state[options.accessTokenName]) {
authorization = options.tokenType + ' ' + request.state[options.accessTokenName]
}
// Fallback 2 : URL Query
_read(res, options, callback) {
options = Hoek.applyToDefaults(this._defaults, options, { shallow: internals.shallowOptions });
// Finish once
let clientTimeoutId = null;
const finish = (err, buffer) => {
clearTimeout(clientTimeoutId);
reader.removeListener('error', onReaderError);
reader.removeListener('finish', onReaderFinish);
res.removeListener('error', onResError);
res.removeListener('close', onResAborted);
res.removeListener('aborted', onResAborted);
res.on('error', Hoek.ignore);
if (err) {
const getUri = (page: number | null): string =>
// tslint:disable-next-line: no-null-keyword
page ? baseUri + Qs.stringify(Hoek.applyToDefaults({ ...query, ...request.orig.query }, { page })) : null;
it('blocks access to files outside of base directory for file handler', async () => {
const server = await provisionServer();
const secureHandler = { file: { confine: './directory', path: Path.join(__dirname, 'security.js') } };
server.route({ method: 'GET', path: '/secure', handler: secureHandler });
server.route({ method: 'GET', path: '/open', handler: Hoek.applyToDefaults(secureHandler, { file: { confine: false } }) });
const res1 = await server.inject('/secure');
expect(res1.statusCode).to.equal(403);
const res2 = await server.inject('/open');
expect(res2.statusCode).to.equal(200);
});
static async replaceOne(...args) {
const db = dbFromArgs(args);
const collection = db.collection(this.collectionName);
const filter = args.shift();
const doc = args.shift();
const options = Hoek.applyToDefaults({}, args.pop() || {});
args.push(filter);
args.push(doc);
args.push(options);
const result = await collection.replaceOne(...args);
return this.resultFactory(result);
}
add(name, options) {
Hoek.assert(name && typeof name === 'string', 'Invalid name');
Hoek.assert(!this.cookies[name], 'State already defined:', name);
const settings = Hoek.applyToDefaults(this.settings, options || {}, { nullOverride: true });
Joi.assert(settings, internals.schema, 'Invalid state definition: ' + name);
this.cookies[name] = settings;
this.names.push(name);
}
private applyToDefaults(name, defaults, options) {
if (defaults) {
options = Hoek.applyToDefaults(defaults, options);
}
if (this.options.options && this.options.options[name]) {
options = Hoek.applyToDefaults(options, this.options.options[name]);
}
return this.castOptions(options);
}
internals.config = function (chain) {
if (!chain.length) {
return {};
}
let config = chain[0];
for (const item of chain) {
config = Hoek.applyToDefaults(config, item, { shallow: ['bind', 'validate.headers', 'validate.payload', 'validate.params', 'validate.query', 'validate.state'] });
}
return config;
};
static async updateOne(...args) {
const db = dbFromArgs(args);
const collection = db.collection(this.collectionName);
const filter = args.shift();
const update = args.shift();
const options = Hoek.applyToDefaults({}, args.pop() || {});
args.push(filter);
args.push(update);
args.push(options);
const result = await collection.updateOne(...args);
return this.resultFactory(result);
}
static async connect(connection, options = {}, name = 'default') {
options = Hoek.applyToDefaults({ useNewUrlParser : true }, options);
const client = await Mongodb.MongoClient.connect(connection.uri, options);
MongoModels.clients[name] = client;
MongoModels.dbs[name] = client.db(connection.db);
return MongoModels.dbs[name];
}