Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (!origin &&
settings._origin !== false) {
throw Boom.notFound('CORS error: Missing Origin header');
}
if (!exports.matchOrigin(origin, settings)) {
return { message: 'CORS error: Origin not allowed' };
}
// Validate allowed headers
let headers = request.headers['access-control-request-headers'];
if (headers) {
headers = headers.toLowerCase().split(/\s*,\s*/);
if (Hoek.intersect(headers, settings._headers).length !== headers.length) {
return { message: 'CORS error: Some headers are not allowed' };
}
}
// Reply with the route CORS headers
const response = h.response();
response._header('access-control-allow-origin', settings._origin ? origin : '*');
response._header('access-control-allow-methods', method);
response._header('access-control-allow-headers', settings._headersString);
response._header('access-control-max-age', settings.maxAge);
if (settings.credentials) {
response._header('access-control-allow-credentials', 'true');
}
if (credentials) {
// Check scope
if (auth.scope) {
let scopes = auth.scope;
if (auth.hasScopeParameters) {
scopes = [];
const context = { params: match.params };
for (let i = 0; i < auth.scope.length; ++i) {
scopes[i] = Hoek.reachTemplate(context, auth.scope[i]);
}
}
if (!credentials.scope ||
(typeof credentials.scope === 'string' ? !scopes.includes(credentials.scope) : !Hoek.intersect(scopes, credentials.scope).length)) {
throw Boom.forbidden('Insufficient scope to subscribe, expected any of: ' + scopes);
}
}
// Check entity
const entity = auth.entity || 'any';
if (entity === 'user' &&
!credentials.user) {
throw Boom.forbidden('Application credentials cannot be used on a user subscription');
}
if (entity === 'app' &&
credentials.user) {
const handlers = event.handlers.slice(); // Clone in case handlers are changed by listeners
for (let i = 0; i < handlers.length; ++i) {
const handler = handlers[i];
if (handler.channels &&
(!criteria.channel || handler.channels.indexOf(criteria.channel) === -1)) {
continue;
}
if (handler.filter) {
if (!criteria.tags) {
continue;
}
const match = Hoek.intersect(criteria.tags, handler.filter.tags, { first: !handler.filter.all });
if (!match ||
(handler.filter.all && match.length !== handler.filter.tags.length)) {
continue;
}
}
if (handler.count) {
--handler.count;
if (handler.count < 1) {
internals.removeHandler(this, criteria.name, handler);
}
}
if (!_generated &&
typeof data === 'function') {
numberOptions.forEach((optionSet) => {
let schema = Joi.number();
const setContainsNegative = optionSet.indexOf('negative') !== -1;
const setContainsMinAndMax = Hoek.intersect(optionSet, ['min', 'greater']).length > 0 && Hoek.intersect(optionSet, ['max', 'less']).length > 0;
optionSet.forEach((option) => {
let optionArgument = setContainsNegative ? 0 - optionArguments[option] : optionArguments[option];
if (option === 'multiple' || option === 'precision') {
optionArgument = Math.abs(optionArgument);
}
else if (setContainsNegative && setContainsMinAndMax && (option === 'min' || option === 'greater') ) {
optionArgument = 0 - optionArguments.max;
}
else if (setContainsNegative && setContainsMinAndMax && (option === 'max' || option === 'less')) {
optionArgument = 0 - optionArguments.min;
}
schema = schema[option](optionArgument);
requirementSet.forEach((currentRequirement, index) => {
const newCumulativeSet = Hoek.clone(cumulativeSet);
if (Hoek.intersect(newCumulativeSet, exclusionSet[currentRequirement]).length === 0) {
newCumulativeSet.push(currentRequirement);
const stringSet = newCumulativeSet.toString();
overallSet[stringSet] = true;
}
if (requirementSet.slice(index + 1).length > 0) {
return recursivePermutations(requirementSet.slice(index + 1), newCumulativeSet);
}
});
};
'email.net'
];
return Math.random().toString(36).substr(2) + '@' + Helpers.pickRandomFromArray(domains);
},
isoDate: () => {
return (new Date()).toISOString();
},
uri: () => {
return `${['http', 'https', 'ftp'][Math.floor(Math.random() * 3)]}://www.${Math.random().toString(36).substr(2)}.${['com', 'net', 'gov'][Math.floor(Math.random() * 3)]}`;
}
};
const specialRules = Hoek.intersect(Object.keys(specials), Object.keys(rules));
let stringGen = () => Math.random().toString(36).substr(2);
if (specialRules.length > 0) {
if (specialRules[0] === 'hex') {
stringGen = specials[specialRules[0]];
}
else {
return specials[specialRules[0]]();
}
}
let stringResult = stringGen();
let minLength = 1;
if (rules.length) {
if (stringResult.length < rules.length) {
criteria = Object.assign({}, internals.criteria(criteria));
criteria.listener = listener;
criteria.context = context;
if (criteria.filter &&
(typeof criteria.filter === 'string' || Array.isArray(criteria.filter))) {
criteria.filter = { tags: criteria.filter };
}
criteria = Joi.attempt(criteria, internals.schema.listener, 'Invalid event listener options');
const name = criteria.name;
const event = this._eventListeners[name];
Hoek.assert(event, `Unknown event ${name}`);
Hoek.assert(!criteria.channels || !event.flags.channels || Hoek.intersect(event.flags.channels, criteria.channels).length === criteria.channels.length, `Unknown event channels ${criteria.channels && criteria.channels.join(', ')}`);
this._eventListeners[name].handlers = this._eventListeners[name].handlers || [];
this._eventListeners[name].handlers.push(criteria);
return this;
};
internals.validateScope = function (credentials, scope, type) {
if (!scope[type]) {
return true;
}
const count = typeof credentials.scope === 'string' ?
(scope[type].indexOf(credentials.scope) !== -1 ? 1 : 0) :
Hoek.intersect(scope[type], credentials.scope).length;
if (type === 'forbidden') {
return count === 0;
}
if (type === 'required') {
return count === scope.required.length;
}
return !!count;
};