1. Advisor
  2. @loopback/security
  3. @loopback/security code examples
View all @loopback/security analysis

How to use @loopback/security - 7 common examples

To help you get started, we’ve selected a few @loopback/security examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github strongloop / loopback-next / packages / authentication / src / keys.ts View on Github external
*       const name = this.metadata.strategy;
   *       // logic to determine which authentication strategy to return
   *     }
   *   }
   * }
   * ```
   */
  export const METADATA = BindingKey.create(
    'authentication.operationMetadata',
  );

  export const AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME =
    'authentication.strategies';

  // Make `CURRENT_USER` the alias of SecurityBindings.USER for backward compatibility
  export const CURRENT_USER = SecurityBindings.USER;
}

/**
 * The key used to store method-level metadata for `@authenticate`
 */
export const AUTHENTICATION_METADATA_METHOD_KEY = MetadataAccessor.create<
  AuthenticationMetadata,
  MethodDecorator
>('authentication:method');

/**
 * Alias for AUTHENTICATION_METADATA_METHOD_KEY to keep it backward compatible
 */
export const AUTHENTICATION_METADATA_KEY = AUTHENTICATION_METADATA_METHOD_KEY;

/**
github strongloop / loopback-next / packages / authentication / src / providers / auth-action.provider.ts View on Github external
constructor(
    // The provider is instantiated for Sequence constructor,
    // at which time we don't have information about the current
    // route yet. This information is needed to determine
    // what auth strategy should be used.
    // To solve this, we are injecting a getter function that will
    // defer resolution of the strategy until authenticate() action
    // is executed.
    @inject.getter(AuthenticationBindings.STRATEGY)
    readonly getStrategy: Getter,
    @inject.setter(SecurityBindings.USER)
    readonly setCurrentUser: Setter,
  ) {}
github strongloop / loopback-next / packages / authorization / src / authorize-interceptor.ts View on Github external
invocationCtx.target,
      invocationCtx.methodName,
    );
    if (!metadata) {
      debug('No authorization metadata is found for %s', description);
    }
    metadata = metadata ?? this.options.defaultMetadata;
    if (!metadata || metadata?.skip) {
      debug('Authorization is skipped for %s', description);
      const result = await next();
      return result;
    }
    debug('Authorization metadata for %s', description, metadata);

    // retrieve it from authentication module
    const user = await invocationCtx.get(SecurityBindings.USER, {
      optional: true,
    });

    debug('Current user', user);

    const authorizationCtx: AuthorizationContext = {
      principals: user ? [createPrincipalFromUserProfile(user)] : [],
      roles: [],
      scopes: [],
      resource: invocationCtx.targetName,
      invocationContext: invocationCtx,
    };

    debug('Security context for %s', description, authorizationCtx);
    let authorizers = await loadAuthorizers(
      invocationCtx,
github strongloop / loopback-next / packages / authorization / src / __tests__ / acceptance / authorization-casbin.acceptance.ts View on Github external
function givenRequestContext(
    user: UserProfile = {[securityId]: 'alice', name: 'alice'},
  ) {
    events = [];
    reqCtx = new Context(app);
    reqCtx.bind(SecurityBindings.USER).to(user);
    controller = new OrderController();
  }
github strongloop / loopback-next / packages / authorization / src / __tests__ / acceptance / authorization.acceptance.ts View on Github external
function givenRequestContext() {
    events = [];
    reqCtx = new Context(app);
    reqCtx
      .bind(SecurityBindings.USER)
      .to({[securityId]: 'user-01', name: 'user-01'});
    controller = new OrderController();
  }
github strongloop / loopback-next / extensions / authentication-passport / src / __tests__ / acceptance / authentication-with-passport-strategy-adapter.acceptance.ts View on Github external
      constructor(@inject(SecurityBindings.USER) private user: UserProfile) {}
github strongloop / loopback-next / packages / authorization / src / __tests__ / acceptance / authorization.options.acceptance.ts View on Github external
function givenRequestContext() {
    app = new Application();
    reqCtx = new Context(app);
    reqCtx
      .bind(SecurityBindings.USER)
      .to({[securityId]: 'user-01', name: 'user-01'});
    controller = new OrderController();
  }

@loopback/security

A LoopBack component for security support.

GitHub
MIT
Latest version published 25 days ago

Package Health Score

95 / 100
Full package analysis

Popular @loopback/security functions

Similar packages