How to use loopback4-authorization - 10 common examples

To help you get started, we’ve selected a few loopback4-authorization examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github sourcefuse / loopback4-starter / src / modules / auth / login.controller.ts View on Github external
@repository(AuthClientRepository)
    public authClientRepository: AuthClientRepository,
    @repository(UserRepository)
    public userRepo: UserRepository,
    @repository(UserTenantRepository)
    public userTenantRepo: UserTenantRepository,
    @repository(UserTenantPermissionRepository)
    public utPermsRepo: UserTenantPermissionRepository,
    @repository(RefreshTokenRepository)
    public refreshTokenRepo: RefreshTokenRepository,
  ) {}
  // sonarignore_end

  @authenticateClient(STRATEGY.CLIENT_PASSWORD)
  @authenticate(STRATEGY.LOCAL)
  @authorize(['*'])
  @post('/auth/login', {
    responses: {
      [STATUS_CODE.OK]: {
        description: 'Auth Code',
        content: {
          [CONTENT_TYPE.JSON]: Object,
        },
      },
    },
  })
  async login(
    @requestBody()
    req: LoginRequest,
  ): Promise<{
    code: string;
  }> {
github sourcefuse / loopback4-starter / src / application.ts View on Github external
);
    this.bind(Strategies.Passport.LOCAL_PASSWORD_VERIFIER).toProvider(
      LocalPasswordVerifyProvider,
    );
    this.bind(Strategies.Passport.BEARER_TOKEN_VERIFIER).toProvider(
      BearerTokenVerifyProvider,
    );
    this.bind(Strategies.Passport.RESOURCE_OWNER_PASSWORD_VERIFIER).toProvider(
      ResourceOwnerVerifyProvider,
    );
    this.bind(Strategies.Passport.GOOGLE_OAUTH2_VERIFIER).toProvider(
      GoogleOauth2VerifyProvider,
    );

    // Add authorization component
    this.bind(AuthorizationBindings.CONFIG).to({
      allowAlwaysPaths: ['/explorer'],
    });
    this.component(AuthorizationComponent);

    this.projectRoot = __dirname;
    // Customize @loopback/boot Booter Conventions here
    this.bootOptions = {
      controllers: {
        // Customize ControllerBooter Conventions here
        dirs: ['controllers', 'modules'],
        extensions: ['.controller.js'],
        nested: true,
      },
      repositories: {
        dirs: ['repositories'],
        extensions: ['.repository.js'],
github sourcefuse / loopback4-starter / src / modules / auth / login.controller.ts View on Github external
constructor(
    @inject(AuthenticationBindings.CURRENT_CLIENT)
    private readonly client: AuthClient | undefined,
    @inject(AuthenticationBindings.CURRENT_USER)
    private readonly user: AuthUser | undefined,
    @inject(AuthorizationBindings.USER_PERMISSIONS)
    private readonly getUserPermissions: UserPermissionsFn,
    @repository(AuthClientRepository)
    public authClientRepository: AuthClientRepository,
    @repository(UserRepository)
    public userRepo: UserRepository,
    @repository(UserTenantRepository)
    public userTenantRepo: UserTenantRepository,
    @repository(UserTenantPermissionRepository)
    public utPermsRepo: UserTenantPermissionRepository,
    @repository(RefreshTokenRepository)
    public refreshTokenRepo: RefreshTokenRepository,
  ) {}
  // sonarignore_end
github sourcefuse / loopback4-starter / src / modules / audit / audit-log.controller.ts View on Github external
@patch('/audit-logs/{id}', {
    responses: {
      '204': {
        description: 'AuditLog PATCH success',
      },
    },
  })
  async updateById(
    @param.path.number('id') id: number,
    @requestBody() auditLog: AuditLog,
  ): Promise {
    await this.auditLogRepository.updateById(id, auditLog);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.UpdateAudit])
  @put('/audit-logs/{id}', {
    responses: {
      '204': {
        description: 'AuditLog PUT success',
      },
    },
  })
  async replaceById(
    @param.path.number('id') id: number,
    @requestBody() auditLog: AuditLog,
  ): Promise {
    await this.auditLogRepository.replaceById(id, auditLog);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.DeleteAudit])
github sourcefuse / loopback4-starter / src / modules / user-tenants / tenant.controller.ts View on Github external
responses: {
      '200': {
        description: 'Tenant model count',
        content: {'application/json': {schema: CountSchema}},
      },
    },
  })
  async count(
    @param.query.object('where', getWhereSchemaFor(Tenant))
    where?: Where,
  ): Promise {
    return await this.tenantRepository.count(where);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.ViewTenant])
  @get('/tenants', {
    responses: {
      '200': {
        description: 'Array of Tenant model instances',
        content: {
          'application/json': {
            schema: {type: 'array', items: {'x-ts-type': Tenant}},
          },
        },
      },
    },
  })
  async find(
    @param.query.object('filter', getFilterSchemaFor(Tenant))
    filter?: Filter,
  ): Promise {
github sourcefuse / loopback4-starter / src / modules / auth / login.controller.ts View on Github external
subject: req.username,
        issuer: process.env.JWT_ISSUER,
      });
      return {
        code: token,
      };
    } catch (error) {
      throw new HttpErrors.InternalServerError(
        AuthErrorKeys.InvalidCredentials,
      );
    }
  }

  @authenticateClient(STRATEGY.CLIENT_PASSWORD)
  @authenticate(STRATEGY.OAUTH2_RESOURCE_OWNER_GRANT)
  @authorize(['*'])
  @post('/auth/login-token', {
    responses: {
      [STATUS_CODE.OK]: {
        description: 'Token Response Model',
        content: {
          [CONTENT_TYPE.JSON]: {
            schema: {'x-ts-type': TokenResponse},
          },
        },
      },
    },
  })
  async loginWithClientUser(
    @requestBody() req: LoginRequest,
  ): Promise {
    if (!this.client || !this.user) {
github sourcefuse / loopback4-starter / src / modules / user-tenants / tenant.controller.ts View on Github external
@authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.CreateTenant])
  @post('/tenants', {
    responses: {
      '200': {
        description: 'Tenant model instance',
        content: {'application/json': {schema: {'x-ts-type': Tenant}}},
      },
    },
  })
  async create(@requestBody() tenant: Tenant): Promise {
    return await this.tenantRepository.create(tenant);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.ViewTenant])
  @get('/tenants/count', {
    responses: {
      '200': {
        description: 'Tenant model count',
        content: {'application/json': {schema: CountSchema}},
      },
    },
  })
  async count(
    @param.query.object('where', getWhereSchemaFor(Tenant))
    where?: Where,
  ): Promise {
    return await this.tenantRepository.count(where);
  }

  @authenticate(STRATEGY.BEARER)
github sourcefuse / loopback4-starter / src / modules / audit / audit-log.controller.ts View on Github external
@authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.ViewAudit])
  @get('/audit-logs/{id}', {
    responses: {
      '200': {
        description: 'AuditLog model instance',
        content: {'application/json': {schema: {'x-ts-type': AuditLog}}},
      },
    },
  })
  async findById(@param.path.number('id') id: number): Promise {
    return await this.auditLogRepository.findById(id);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.UpdateAudit])
  @patch('/audit-logs/{id}', {
    responses: {
      '204': {
        description: 'AuditLog PATCH success',
      },
    },
  })
  async updateById(
    @param.path.number('id') id: number,
    @requestBody() auditLog: AuditLog,
  ): Promise {
    await this.auditLogRepository.updateById(id, auditLog);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.UpdateAudit])
github sourcefuse / loopback4-starter / src / modules / roles / role.controller.ts View on Github external
@patch('/roles/{id}', {
    responses: {
      '204': {
        description: 'Role PATCH success',
      },
    },
  })
  async updateById(
    @param.path.number('id') id: number,
    @requestBody() role: Role,
  ): Promise {
    await this.roleRepository.updateById(id, role);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.UpdateRole])
  @put('/roles/{id}', {
    responses: {
      '204': {
        description: 'Role PUT success',
      },
    },
  })
  async replaceById(
    @param.path.number('id') id: number,
    @requestBody() role: Role,
  ): Promise {
    await this.roleRepository.replaceById(id, role);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([PermissionKey.DeleteRole])
github sourcefuse / loopback4-starter / src / modules / user-tenants / user.controller.ts View on Github external
PermissionKey.ViewTenantUser,
  ])
  @get('/users/{id}', {
    responses: {
      '200': {
        description: 'User model instance',
        content: {'application/json': {schema: {'x-ts-type': User}}},
      },
    },
  })
  async findById(@param.path.number('id') id: number): Promise {
    return await this.userRepository.findById(id);
  }

  @authenticate(STRATEGY.BEARER)
  @authorize([
    PermissionKey.UpdateAnyUser,
    PermissionKey.UpdateOwnUser,
    PermissionKey.UpdateTenantUser,
  ])
  @patch('/users/{id}', {
    responses: {
      '204': {
        description: 'User PATCH success',
      },
    },
  })
  async updateById(
    @param.path.number('id') id: number,
    @requestBody() user: User,
  ): Promise {
    await this.userRepository.updateById(id, user);