SecurityContext

flitter-auth/SecurityContext~ SecurityContext

Request-specific security context that provides helper functions with regard to security checks for the relevant request.

Constructor

new SecurityContext(req, res)

Instantiate the security context.

Parameters:
Name Type Description
req express/request

the relevant request
res express/response

the relevant response
Source:

Extends

Members

(static) services

Defines the services required by this unit.

Source:

(private) _di_allow_defer :boolean

If true, the injector will defer the class if the class requests any services that the container is missing. These services are filled in later and added to the prototype and any instances. True by default.

Type:
  • boolean
Overrides:
Source:

(private) _di_deferred_instances :Array.<module:flitter-di/src/Injectable~Injectable>

Collection of instances of this class that need to have the deferred service instances injected into them when the deferred services are finally provided.

Type:
Overrides:
Source:

(private) _di_deferred_services :Array.<string>

List of services that were deferred and not provided at the time of injection.

Type:
  • Array.<string>
Overrides:
Source:

(private) request :express/request

The relevant request.

Type:
  • express/request
Source:

(private) response :express/response

The relevant response.

Type:
  • express/response
Source:

Methods

ban(messageopt)

Deny the client access to the requested resource. Displays the 401 error page and passes along the specified message. If the request has a user in the session, the user's block_login flag will be set, and they will be forcibly signed out.

WARNING: this flag will prevent the user from signing into the application AT ALL.

Parameters:
Name Type Attributes Default Description
message string <optional>
 'Access Denied'
Source:

deny(messageopt)

Deny the client access to the requested resource. Displays the 401 error page and passes along the specified message.

Parameters:
Name Type Attributes Default Description
message string <optional>
 'Access Denied'
Source:

(async) key_action(handler) → {Promise.<module:flitter-auth/model/KeyAction~KeyAction>}

Generate a key action that will resolve to the specified handler.

Parameters:
Name Type Description
handler string

canonical name of the handler - e.g. "controller::Home.welcome"
Source:
Returns:
Type
Promise.<module:flitter-auth/model/KeyAction~KeyAction>
Example 
const action = await request.security.key_action('controller::Home.password_reset')
return res.send(`Reset your password at: ${action.url()}`)

kickout(messageopt)

Deny the client access to the requested resource. Displays the 401 error page and passes along the specified message. If the request has a user in the session, the user will be forcibly signed out.

Parameters:
Name Type Attributes Default Description
message string <optional>
 'Access Denied'
Source:

provider() → {module:flitter-auth/Provider~Provider}

Get the auth provider for the request.

Source:
Returns:
Type
module:flitter-auth/Provider~Provider

provider_name() → {string}

Get the name of the auth provider for the request. If the request is authenticated, use the user's provider. Otherwise, if a provider exists in the route params, use that. Otherwise, use the default_provider specified in the config.

Source:
Returns:
Type
string