MCPcopy
hub / github.com/hapijs/hapi / _access

Method _access

lib/auth.js:304–373  ·  view source on GitHub ↗
(request, route)

Source from the content-addressed store, hash-verified

302 }
303
304 _access(request, route) {
305
306 const config = this.lookup(route || request.route);
307 if (!config?.access) {
308 return true;
309 }
310
311 const credentials = request.auth.credentials;
312 if (!credentials) {
313 if (config.mode !== 'required') {
314 return false;
315 }
316
317 throw Boom.forbidden('Request is unauthenticated');
318 }
319
320 const requestEntity = (credentials.user ? 'user' : 'app');
321
322 const scopeErrors = [];
323 for (const access of config.access) {
324
325 // Check entity
326
327 const entity = access.entity;
328 if (entity &&
329 entity !== 'any' &&
330 entity !== requestEntity) {
331
332 continue;
333 }
334
335 // Check scope
336
337 let scope = access.scope;
338 if (scope) {
339 if (!credentials.scope) {
340 scopeErrors.push(scope);
341 continue;
342 }
343
344 scope = internals.expandScope(request, scope);
345 if (!internals.validateScope(credentials, scope, 'required') ||
346 !internals.validateScope(credentials, scope, 'selection') ||
347 !internals.validateScope(credentials, scope, 'forbidden')) {
348
349 scopeErrors.push(scope);
350 continue;
351 }
352 }
353
354 return true;
355 }
356
357 // Scope error
358
359 if (scopeErrors.length) {
360 request._log(['auth', 'scope', 'error']);
361 throw Boom.forbidden('Insufficient scope', { got: credentials.scope, need: scopeErrors });

Callers 2

testAccessMethod · 0.80
accessMethod · 0.80

Calls 2

lookupMethod · 0.45
_logMethod · 0.45

Tested by

no test coverage detected