Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
}
const auth = this._server.auth.lookup({ settings: { auth: match.route.auth } }); // Create a synthetic route
if (auth) {
const credentials = socket.auth.credentials;
if (credentials) {
// Check scope
if (auth.scope) {
let scopes = auth.scope;
if (auth.hasScopeParameters) {
scopes = [];
const context = { params: match.params };
for (let i = 0; i < auth.scope.length; ++i) {
scopes[i] = Hoek.reachTemplate(context, auth.scope[i]);
}
}
if (!credentials.scope ||
(typeof credentials.scope === 'string' ? !scopes.includes(credentials.scope) : !Hoek.intersect(scopes, credentials.scope).length)) {
throw Boom.forbidden('Insufficient scope to subscribe, expected any of: ' + scopes);
}
}
// Check entity
const entity = auth.entity || 'any';
if (entity === 'user' &&
!credentials.user) {
internals.expandScopeType = function (request, scope, type) {
if (!scope._hasParameters[type]) {
return scope[type];
}
const expanded = [];
const context = {
params: request.params,
query: request.query,
payload: request.payload,
credentials: request.auth.credentials
};
for (const template of scope[type]) {
expanded.push(Hoek.reachTemplate(context, template));
}
return expanded;
};