diff options
Diffstat (limited to 'services')
| -rw-r--r-- | services/feedback/feedback.hooks.ts | 23 | ||||
| -rw-r--r-- | services/polls/polls.hooks.ts | 6 | ||||
| -rw-r--r-- | services/users/users.hooks.ts | 16 | ||||
| -rw-r--r-- | services/votes/votes.hooks.ts | 6 |
4 files changed, 45 insertions, 6 deletions
diff --git a/services/feedback/feedback.hooks.ts b/services/feedback/feedback.hooks.ts index 56e9000..5bc2552 100644 --- a/services/feedback/feedback.hooks.ts +++ b/services/feedback/feedback.hooks.ts @@ -1,9 +1,30 @@ +import { populate, discard, disallow } from 'feathers-hooks-common'; import requireAuth from '../../hooks/requireAuth'; import signAuthority from '../../hooks/signAuthority'; +import sortByDate from '../../hooks/sortByDate'; + + +const populateAuthor = populate({ + schema: { + include: { + service: 'users', + nameAs: 'author', + parentField: 'authorId', + childField: '_id' + } + } +}); export default { before: { - create: [requireAuth, signAuthority] + create: [requireAuth, signAuthority], + find: sortByDate, + remove: disallow('external'), + patch: disallow('external'), + update: disallow('external') + }, + after: { + all: [populateAuthor, discard('authorId')] } }; diff --git a/services/polls/polls.hooks.ts b/services/polls/polls.hooks.ts index e3d04e7..35eae29 100644 --- a/services/polls/polls.hooks.ts +++ b/services/polls/polls.hooks.ts @@ -1,4 +1,5 @@ import { HookContext } from '@feathersjs/feathers'; +import { disallow } from 'feathers-hooks-common'; import { Types } from 'mongoose'; import bluebird from 'bluebird'; import _ from 'lodash'; import { Poll } from 'which-types'; @@ -46,7 +47,10 @@ const convertPoll = async (context: HookContext): Promise<HookContext> => { export default { before: { find: sortByDate, - create: signAuthority + create: signAuthority, + remove: disallow('external'), + update: disallow('external'), + patch: disallow('external') }, after: { all: convertPoll diff --git a/services/users/users.hooks.ts b/services/users/users.hooks.ts index 48843be..125f418 100644 --- a/services/users/users.hooks.ts +++ b/services/users/users.hooks.ts @@ -1,7 +1,9 @@ import _ from 'lodash'; import { hooks } from '@feathersjs/authentication-local'; -import { discard } from 'feathers-hooks-common'; +import { discard, disallow } from 'feathers-hooks-common'; import { HookContext } from '@feathersjs/feathers'; +import { NotAuthenticated } from '@feathersjs/errors'; +import requireAuth from '../../hooks/requireAuth'; const hashPassword = hooks.hashPassword('password'); @@ -12,6 +14,13 @@ const ignoreCaseRegex = async (context: HookContext): Promise<HookContext> => { return context; }; +const compareUser = async (context: HookContext): Promise<HookContext> => { + if (context.arguments[0] !== context.params.user._id) { + throw new NotAuthenticated('You can only PATCH/UPDATE your own user!'); + } + return context; +}; + export default { after: { all: hooks.protect('password'), @@ -20,8 +29,9 @@ export default { before: { find: ignoreCaseRegex, create: hashPassword, - patch: hashPassword, - update: hashPassword + patch: [hashPassword, requireAuth, compareUser], + update: [hashPassword, requireAuth, compareUser], + remove: disallow('external') } }; diff --git a/services/votes/votes.hooks.ts b/services/votes/votes.hooks.ts index 56e9000..923e897 100644 --- a/services/votes/votes.hooks.ts +++ b/services/votes/votes.hooks.ts @@ -1,9 +1,13 @@ +import { disallow } from 'feathers-hooks-common'; import requireAuth from '../../hooks/requireAuth'; import signAuthority from '../../hooks/signAuthority'; export default { before: { - create: [requireAuth, signAuthority] + create: [requireAuth, signAuthority], + remove: disallow('external'), + update: disallow('external'), + patch: disallow('external') } }; |