feat: setup authentication

2 files changed, 26 insertions, 1 deletions

diff --git a/src/services/users/user.hooks.js b/src/services/users/user.hooks.js
new file mode 100644
index 0000000..daeda68
--- /dev/null
+++ b/src/services/users/user.hooks.js
@@ -0,0 +1,21 @@
+const { hooks } = require ('@feathersjs/authentication-local');
+const { NotAuthenticated } = require('@feathersjs/errors');
+
+const compareUser = async context => {
+  if (context.id !== context.params.user._id.toString()) {
+    throw new NotAuthenticated('You can only PATCH/UPDATE your own user!');
+  }
+  return context;
+};
+
+
+module.exports = {
+  after: {
+    all: hooks.protect('password')
+  },
+  before: {
+    patch: [compareUser],
+    update: [compareUser]
+  }
+};
+
diff --git a/src/services/users/user.service.js b/src/services/users/user.service.js
index 67f2ae6..afb3b9e 100644
--- a/src/services/users/user.service.js
+++ b/src/services/users/user.service.js
@@ -1,7 +1,11 @@
 const service = require('feathers-mongoose');
 const Model = require('./user.model.js');
+const hooks = require('./user.hooks.js');
 
 const UserService = service({ Model })
 
-module.exports = app => app.use('/users', UserService);
+module.exports = app => {
+  app.use('/users', UserService);
+  app.service('users').hooks(hooks);
+};