Skip to content

Commit

Permalink
Create permission library (#26)
Browse files Browse the repository at this point in the history
- conf: move session config into http.yml
- permission: create,get,put,delete,destroy & tests, fixes #20
- chore(config): guard against prototype pollution
  • Loading branch information
msimerson authored Feb 29, 2024
1 parent 62789cb commit a3734f9
Show file tree
Hide file tree
Showing 14 changed files with 283 additions and 145 deletions.
16 changes: 16 additions & 0 deletions .npmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
.github
.DS_Store
.editorconfig
.gitignore
.gitmodules
.lgtm.yml
appveyor.yml
codecov.yml
.release
.travis.yml
.eslintrc.yaml
.eslintrc.json
.codeclimate.yml
test/
DEVELOP.md
.prettierrc.yml
30 changes: 30 additions & 0 deletions conf.d/http.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,33 @@
default:
host: localhost
port: 3000
cookie:
# https://hapi.dev/module/cookie/api/?v=12.0.1
name: sid-nictool
password: af1b926a5e21f535c4f5b6c42941c4cf
ttl: 3600000 # 1 hour
# domain:
path: /
clearInvalid: true
isSameSite: Strict
isSecure: true
isHttpOnly: true
keepAlive: false
# redirectTo:
group: NicTool

production:
port: 8080
cookie:
# Set your own secret password. hint: openssl rand -hex 16
# password:

test:
cookie:
isSecure: false
password: ^NicTool.Is,The#Best_Dns-Manager$

development:
cookie:
isSecure: false
password: ^NicTool.Is,The#Best_Dns-Manager$
31 changes: 0 additions & 31 deletions conf.d/session.yml

This file was deleted.

2 changes: 2 additions & 0 deletions lib/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ class Config {

function applyDefaults(cfg = {}, defaults = {}) {
for (const d in defaults) {
/* c8 ignore next */
if (d === '__proto__' || d === 'constructor') continue
if ([undefined, null].includes(cfg[d])) {
cfg[d] = defaults[d]
} else if (typeof cfg[d] === 'object' && typeof defaults[d] === 'object') {
Expand Down
21 changes: 7 additions & 14 deletions lib/config.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,9 @@ describe('config', () => {
process.env.NODE_DEBUG = ''
})

it(`loads session test config`, async () => {
const cfg = await Config.get('session', 'test')
assert.deepEqual(cfg, sessCfg)
})

it(`loads session test config syncronously`, () => {
const cfg = Config.getSync('session', 'test')
assert.deepEqual(cfg, sessCfg)
it(`loads http test config`, async () => {
const cfg = await Config.get('http', 'test')
assert.deepEqual(cfg, httpCfg)
})

it(`loads http test config syncronously`, () => {
Expand Down Expand Up @@ -68,7 +63,9 @@ const mysqlTestCfg = {
decimalNumbers: true,
}

const sessCfg = {
const httpCfg = {
host: 'localhost',
port: 3000,
cookie: {
clearInvalid: true,
isHttpOnly: true,
Expand All @@ -80,9 +77,5 @@ const sessCfg = {
ttl: 3600000,
},
keepAlive: false,
}

const httpCfg = {
host: 'localhost',
port: 3000,
group: 'NicTool',
}
7 changes: 4 additions & 3 deletions lib/mysql.js
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ class Mysql {
}

whereConditions(query, params) {
let newQuery = query
let paramsArray = []

if (Array.isArray(params)) {
Expand All @@ -81,13 +82,13 @@ class Mysql {
// Object to WHERE conditions
let first = true
for (const p in params) {
if (!first) query += ' AND'
query += ` ${p}=?`
if (!first) newQuery += ' AND'
newQuery += ` ${p}=?`
paramsArray.push(params[p])
first = false
}
}
return [query, paramsArray]
return [newQuery, paramsArray]
}

async delete(query, params) {
Expand Down
Loading

0 comments on commit a3734f9

Please sign in to comment.