feathers-mongoose-casl
Version 2 - Support feathers 4
1.0.0Version 2.1.2Version 2 - Support feathers 4
Version 2 - Support feathers 4
1.0.0Version 2.1.2Version 2 - Support feathers 4
  • feathers-mongoose-casl
  • Docs
    • Migrating
    • START A NEW PROJECT
      • Generate a new project.
      • install feathers-mongoose-casl
      • feathers-logger
      • Update config
      • Add mongoose
      • Email service
      • App hooks
      • Import required services
      • Verify user
      • Swagger, Logger, BodyParser
      • Email templates
      • public HTML
      • Run the server
      • Create you first user
      • vs code snippet extension
      • Test Login
      • Dashboard
      • Create a new Service with casl&Dashboard
      • Posts Postman snippet
      • Add Admin role
      • Done!
    • Advanced
      • Security - eslint-plugin-security
      • Security - rate limiting
      • Development tools
    • Guides
      • Throw errors
      • Auth Flow
      • Authentication
      • Authouriztion
      • /me
      • Rules Cache
      • Create a new service
      • Custom service validtor client data
      • validators
        • Example of use
        • Types
        • Mongoose schema
      • Default value
      • $Populate
      • Upload service
      • Upload files
        • Create upload service
        • Sign File After Populate
        • Storage support
          • Google-cloud
      • Error
      • feathers Client examples
      • Dashboard
        • Online dashboard
        • Add to your react app
        • Service Configuration
        • Field configuration
      • customized feathers-mongoose-casl/services
      • Redis - in progress
      • S3
      • Postman
      • Swagger
      • debug
    • Production
    • Feathers wiki
      • Good links
    • utils
      • send email example
      • Async For Each
      • Create heroku server
      • pick
      • vs code snippet extension
      • Persist user request
    • Ecosystem
    • TODO
    • Versions updates
Powered by GitBook
On this page
  • 1 - Create new service
  • 2. Create Validator file
  • 3. Update Posts model
  • 4. Define abilities and config dashboard
  • 6. Protect posts.hooks
  • 7. Commit changes

Was this helpful?

  1. Docs
  2. START A NEW PROJECT

Create a new Service with casl&Dashboard

1 - Create new service

 feathers generate service
   ? What kind of service is it? Mongoose
   ? What is the name of the service? posts
   ? Which path should the service be registered on? /posts
   ? Does the service require authentication? Yes

2. Create Validator file

inside your new service folder create new file - [YOUR_SERVICE_NAME].validators.js

const {Joi} = require('feathers-mongoose-casl');

const getJoiObject = function(withRequired){
  const required = withRequired ? 'required' : 'optional';
  return Joi.object({
    author: Joi.objectId().meta({
      type: 'ObjectId',
      ref: 'users',
      displayKey: 'email'
    })[required](),
    title: Joi.string().min(5)[required]().meta({
      dashboard: {
        label: 'Post title',
        inputProps: JSON.stringify({style: {background: 'red'}})
      }
    }),
    body: Joi.string()[required](),
    rating: Joi.number().max(5).meta({
      dashboard: {
        hideOnUpdate: true,
        hideOnCreate: true,
      }
    }),
    image: Joi.objectId().meta({
      type: 'ObjectId',
      ref: 'files',
      displayKey: 'name'
    })
  });
};

module.exports = getJoiObject;

3. Update Posts model

To connect the joi validator we use createModelFromJoi,

in this way we can validation the Mongoose models without the hassle of maintaining two schemas.

open src > models > posts.models.js

src\models\posts.model.js
// posts-model.js - A mongoose model
// 
// See http://mongoosejs.com/docs/models.html
// for more of what you can do here.

const validator = require('./posts.validators.js');
const {createModelFromJoi} = require('feathers-mongoose-casl');

module.exports = function (app) {
  return createModelFromJoi(app, 'posts', validator);
};

You can still use a Mongoose schema

4. Define abilities and config dashboard

open src > services > posts > posts.service.js 

    const options = {
    ...,
    serviceRules: [
      {'actions': ['read'], 'anonymousUser': true, fields: ['title']},
      {'actions': ['create','read','update'], 'conditions': { 'author': '{{ user._id }}' }},
      { 'actions': ['manage'], 'roles': ['admin']},
    ],
    dashboardConfig: {
      sideBarIconName: 'table',
      i18n: {
        'heIL': {
          serviceName: 'פוסטים',
          serviceNameMany: 'פוסטים',
          serviceNameOne: 'פוסט',
          fields: {
            '_id': 'מזהה',
            'updatedAt': 'תאריך עדכון',
            'createdAt': 'נוצר בתאריך',
          }
        }
      }
    }
    }

6. Protect posts.hooks

const {hooks} = require('feathers-mongoose-casl');
const {authenticate, validateAbilities, validateSchema, sanitizedData, } = hooks;


module.exports = {
  before: {
    all: [authenticate, validateAbilities],
    find: [],
    get: [],
    create: [validateSchema],
    update: [validateSchema],
    patch: [validateSchema],
    remove: []
  },

  after: {
    all: [sanitizedData],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  },

  error: {
    all: [],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  }
};

  • hooks.validateAbilities This is a wrapper of Casl, in this hook, we will define abilities and block client without the ability to run this request Casl will add to mongoose query object a relevant key value before making the request, and validate Abilities will remove fields from user request by id abilities

  • hooks.validateSchema This hook will use JOI to validate request data follow the scheme

  • hooks.sanitizedData This hook will remove data from response follow the user abilities

7. Commit changes

git add .
git commit -m "Added joi validtors to posts serives"

dashboard:

Try to create a new posts from the dashboard

PreviousDashboardNextPosts Postman snippet

Last updated 5 years ago

Was this helpful?

hook.authenticate This is wrapper of - Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS.

Now you can see the posts service inside the dashboard Anyone can read the posts title User can create/update only if he the author Only admin user can delete posts

Mongoose schema
@feathersjs/authentication
https://feathersjs-mongoose-casl-admin.herokuapp.com/