How to use the http-status.FORBIDDEN function in http-status
To help you get started, we’ve selected a few http-status examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
zalando-incubator / authmosphere / integration-test / oauth-tooling / middlewares.spec.ts View on Github 
addAuthenticationEndpointWithoutRequiredScopes();
// when
const promise = fetch('http://127.0.0.1:30002/resource/user', {
method: 'GET',
headers: {
authorization: authHeader
}
})
.then((res) => {
return res.status;
});
// then
return expect(promise).to.become(HttpStatus.FORBIDDEN);
});origin: (origin, callback) => {
// In dev, allow these origins to access the API
const whiteList = ['localhost', 'chrome-extension'];
// We are doing string matching here.
// For advanced use-case, use regex
const index = whiteList.findIndex((aWhiteListedOrigin) => origin.includes(aWhiteListedOrigin));
if (!origin || index !== -1) {
callback(null, true);
} else {
const error = {
message: `'${origin}' is not allowed to access the specified route/resource`,
status: httpStatus.FORBIDDEN,
};
callback(new APIError(error), false);
}
},
credentials: false,const requestHostUrl = request.headers.host
if (this.config.hostUrl && requestHostUrl !== this.config.hostUrl) {
Server.terminateResponse(response, HTTPStatus.FORBIDDEN, 'Forbidden Host.')
return false
}
if (this.origins.indexOf(requestOriginUrl) === -1) {
if (!requestOriginUrl) {
Server.terminateResponse(
response,
HTTPStatus.FORBIDDEN,
'CORS is configured for this server. All requests must set a valid "Origin" header.'
)
} else {
Server.terminateResponse(
response,
HTTPStatus.FORBIDDEN,
`Origin "${requestOriginUrl}" is forbidden.`
)
}
return false
}
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
response.setHeader('Access-Control-Allow-Origin', requestOriginUrl)
response.setHeader('Access-Control-Allow-Credentials', 'true')
response.setHeader('Vary', 'Origin')
return true
}private verifyOrigin (
request: http.IncomingMessage,
response: http.ServerResponse
): boolean {
const requestOriginUrl = request.headers.origin as string || request.headers.referer as string
const requestHostUrl = request.headers.host
if (this.pluginOptions.hostUrl && requestHostUrl !== this.pluginOptions.hostUrl) {
this.terminateResponse(response, HTTPStatus.FORBIDDEN, 'Forbidden Host.')
return false
}
if (this.origins!.indexOf(requestOriginUrl) === -1) {
if (!requestOriginUrl) {
this.terminateResponse(
response,
HTTPStatus.FORBIDDEN,
'CORS is configured for this this. All requests must set a valid "Origin" header.'
)
} else {
this.terminateResponse(
response,
HTTPStatus.FORBIDDEN,
`Origin "${requestOriginUrl}" is forbidden.`
)
}
return false
}
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
response.setHeader('Access-Control-Allow-Origin', requestOriginUrl)
response.setHeader('Access-Control-Allow-Credentials', 'true')
response.setHeader('Vary', 'Origin')constructor(message) {
super(message || 'Forbidden', httpStatus.FORBIDDEN);
}
};(req, res, next) => {
if (config.userRoles.indexOf(req.user.role) >= config.userRoles.indexOf(roleRequired)) {
next();
} else {
res.status(httpStatus.FORBIDDEN).json({
code: 'ACCESS_FORBIDDEN',
error: 'Access forbidden'
});
}
}
);request(requestOptions, function (err, res, body) {
if ( err )
return callback(err);
debug("Response body: " + JSON.stringify(body));
debug("Response headers: " + JSON.stringify(res.headers));
switch ( res.statusCode ) {
case HTTPStatus.OK:
callback(null, body, res.headers);
break;
case HTTPStatus.UNAUTHORIZED:
callback(new UnauthorizedAccessError("Resource access denied"));
break;
case HTTPStatus.FORBIDDEN:
callback(new ForbiddenAccessError(body.message));
break;
case HTTPStatus.NOT_FOUND:
callback(new ResourceNotFoundError("Resource not found"));
break;
case HTTPStatus.PRECONDITION_FAILED:
callback(new PreconditionFailedError(body.message));
break;
default:
callback(new Error("Expected status code " + HTTPStatus.OK + " and received " + res.statusCode));
}
});
}try {
if (error || !user) throw error;
await logIn(user, { session: false });
} catch (e) {
return next(apiError);
}
if (roles === LOGGED_USER) {
if (user.role !== 'admin' && req.params.userId !== user._id.toString()) {
apiError.status = httpStatus.FORBIDDEN;
apiError.message = 'Forbidden';
return next(apiError);
}
} else if (!roles.includes(user.role)) {
apiError.status = httpStatus.FORBIDDEN;
apiError.message = 'Forbidden';
return next(apiError);
} else if (err || !user) {
return next(apiError);
}
req.user = user;
return next();
};(req, res, next, _scopes, _logger) =>
rejectRequest(res, _logger, HttpStatus.FORBIDDEN);function recognizeCommonProblems(response: request.Response, url: string): Error | undefined
{
if (response.statusCode >= 400) {
if (response.statusCode === httpstatus.FORBIDDEN ||
response.statusCode === httpstatus.UNAUTHORIZED)
{
return new Error(safeGetHost(url) + ERRORS.DOWNLOAD_FORBIDDEN);
}
numErrors += 1;
log.error({ statusCode : response.statusCode, url, numDownloads, numErrors }, 'Failed to request url');
return new Error(ERRORS.DOWNLOAD_FAIL + url);
}
if (downloadTooBig(response.headers)) {
return new Error(ERRORS.DOWNLOAD_TOO_BIG);
}
if (response.headers['content-type'] &&
response.headers['content-type'].startsWith('text/html') &&
Popular http-status functions
- http-status.ACCEPTED
- http-status.BAD_REQUEST
- http-status.CONFLICT
- http-status.CREATED
- http-status.FAILED_DEPENDENCY
- http-status.FORBIDDEN
- http-status.INTERNAL_SERVER_ERROR
- http-status.METHOD_NOT_ALLOWED
- http-status.MOVED_PERMANENTLY
- http-status.NO_CONTENT
- http-status.NOT_FOUND
- http-status.NOT_IMPLEMENTED
- http-status.OK
- http-status.PRECONDITION_FAILED
- http-status.SEE_OTHER
- http-status.SERVICE_UNAVAILABLE
- http-status.TOO_MANY_REQUESTS
- http-status.UNAUTHORIZED
- http-status.UNPROCESSABLE_ENTITY
- http-status.UNSUPPORTED_MEDIA_TYPE