How to use the loopback4-authorization.authorize function in loopback4-authorization
To help you get started, we’ve selected a few loopback4-authorization examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
sourcefuse / loopback4-starter / src / modules / auth / login.controller.ts View on Github 
@repository(AuthClientRepository)
public authClientRepository: AuthClientRepository,
@repository(UserRepository)
public userRepo: UserRepository,
@repository(UserTenantRepository)
public userTenantRepo: UserTenantRepository,
@repository(UserTenantPermissionRepository)
public utPermsRepo: UserTenantPermissionRepository,
@repository(RefreshTokenRepository)
public refreshTokenRepo: RefreshTokenRepository,
) {}
// sonarignore_end
@authenticateClient(STRATEGY.CLIENT_PASSWORD)
@authenticate(STRATEGY.LOCAL)
@authorize(['*'])
@post('/auth/login', {
responses: {
[STATUS_CODE.OK]: {
description: 'Auth Code',
content: {
[CONTENT_TYPE.JSON]: Object,
},
},
},
})
async login(
@requestBody()
req: LoginRequest,
): Promise<{
code: string;
}> {@patch('/audit-logs/{id}', {
responses: {
'204': {
description: 'AuditLog PATCH success',
},
},
})
async updateById(
@param.path.number('id') id: number,
@requestBody() auditLog: AuditLog,
): Promise {
await this.auditLogRepository.updateById(id, auditLog);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateAudit])
@put('/audit-logs/{id}', {
responses: {
'204': {
description: 'AuditLog PUT success',
},
},
})
async replaceById(
@param.path.number('id') id: number,
@requestBody() auditLog: AuditLog,
): Promise {
await this.auditLogRepository.replaceById(id, auditLog);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.DeleteAudit])responses: {
'200': {
description: 'Tenant model count',
content: {'application/json': {schema: CountSchema}},
},
},
})
async count(
@param.query.object('where', getWhereSchemaFor(Tenant))
where?: Where,
): Promise {
return await this.tenantRepository.count(where);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.ViewTenant])
@get('/tenants', {
responses: {
'200': {
description: 'Array of Tenant model instances',
content: {
'application/json': {
schema: {type: 'array', items: {'x-ts-type': Tenant}},
},
},
},
},
})
async find(
@param.query.object('filter', getFilterSchemaFor(Tenant))
filter?: Filter,
): Promise {subject: req.username,
issuer: process.env.JWT_ISSUER,
});
return {
code: token,
};
} catch (error) {
throw new HttpErrors.InternalServerError(
AuthErrorKeys.InvalidCredentials,
);
}
}
@authenticateClient(STRATEGY.CLIENT_PASSWORD)
@authenticate(STRATEGY.OAUTH2_RESOURCE_OWNER_GRANT)
@authorize(['*'])
@post('/auth/login-token', {
responses: {
[STATUS_CODE.OK]: {
description: 'Token Response Model',
content: {
[CONTENT_TYPE.JSON]: {
schema: {'x-ts-type': TokenResponse},
},
},
},
},
})
async loginWithClientUser(
@requestBody() req: LoginRequest,
): Promise {
if (!this.client || !this.user) {@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.CreateTenant])
@post('/tenants', {
responses: {
'200': {
description: 'Tenant model instance',
content: {'application/json': {schema: {'x-ts-type': Tenant}}},
},
},
})
async create(@requestBody() tenant: Tenant): Promise {
return await this.tenantRepository.create(tenant);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.ViewTenant])
@get('/tenants/count', {
responses: {
'200': {
description: 'Tenant model count',
content: {'application/json': {schema: CountSchema}},
},
},
})
async count(
@param.query.object('where', getWhereSchemaFor(Tenant))
where?: Where,
): Promise {
return await this.tenantRepository.count(where);
}
@authenticate(STRATEGY.BEARER)@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.ViewAudit])
@get('/audit-logs/{id}', {
responses: {
'200': {
description: 'AuditLog model instance',
content: {'application/json': {schema: {'x-ts-type': AuditLog}}},
},
},
})
async findById(@param.path.number('id') id: number): Promise {
return await this.auditLogRepository.findById(id);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateAudit])
@patch('/audit-logs/{id}', {
responses: {
'204': {
description: 'AuditLog PATCH success',
},
},
})
async updateById(
@param.path.number('id') id: number,
@requestBody() auditLog: AuditLog,
): Promise {
await this.auditLogRepository.updateById(id, auditLog);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateAudit])@patch('/roles/{id}', {
responses: {
'204': {
description: 'Role PATCH success',
},
},
})
async updateById(
@param.path.number('id') id: number,
@requestBody() role: Role,
): Promise {
await this.roleRepository.updateById(id, role);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateRole])
@put('/roles/{id}', {
responses: {
'204': {
description: 'Role PUT success',
},
},
})
async replaceById(
@param.path.number('id') id: number,
@requestBody() role: Role,
): Promise {
await this.roleRepository.replaceById(id, role);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.DeleteRole])PermissionKey.ViewTenantUser,
])
@get('/users/{id}', {
responses: {
'200': {
description: 'User model instance',
content: {'application/json': {schema: {'x-ts-type': User}}},
},
},
})
async findById(@param.path.number('id') id: number): Promise {
return await this.userRepository.findById(id);
}
@authenticate(STRATEGY.BEARER)
@authorize([
PermissionKey.UpdateAnyUser,
PermissionKey.UpdateOwnUser,
PermissionKey.UpdateTenantUser,
])
@patch('/users/{id}', {
responses: {
'204': {
description: 'User PATCH success',
},
},
})
async updateById(
@param.path.number('id') id: number,
@requestBody() user: User,
): Promise {
await this.userRepository.updateById(id, user);@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.ViewTenant])
@get('/tenants/{id}', {
responses: {
'200': {
description: 'Tenant model instance',
content: {'application/json': {schema: {'x-ts-type': Tenant}}},
},
},
})
async findById(@param.path.number('id') id: number): Promise {
return await this.tenantRepository.findById(id);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateTenant])
@patch('/tenants/{id}', {
responses: {
'204': {
description: 'Tenant PATCH success',
},
},
})
async updateById(
@param.path.number('id') id: number,
@requestBody() tenant: Tenant,
): Promise {
await this.tenantRepository.updateById(id, tenant);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateTenant])'application/json': {
schema: {type: 'array', items: {'x-ts-type': Role}},
},
},
},
},
})
async find(
@param.query.object('filter', getFilterSchemaFor(Role))
filter?: Filter,
): Promise {
return await this.roleRepository.find(filter);
}
@authenticate(STRATEGY.BEARER)
@authorize([PermissionKey.UpdateRole])
@patch('/roles', {
responses: {
'200': {
description: 'Role PATCH success count',
content: {'application/json': {schema: CountSchema}},
},
},
})
async updateAll(
@requestBody() role: Role,
@param.query.object('where', getWhereSchemaFor(Role)) where?: Where,
): Promise {
return await this.roleRepository.updateAll(role, where);
}
@authenticate(STRATEGY.BEARER)loopback4-authorization
An authorization extension for loopback-next applications
