Skip to content
This repository has been archived by the owner on Jul 30, 2022. It is now read-only.

Sails.js policy handling? #1

Open
romandecker opened this issue Jun 25, 2015 · 9 comments
Open

Sails.js policy handling? #1

romandecker opened this issue Jun 25, 2015 · 9 comments

Comments

@romandecker
Copy link

Hello,

I've found that sails-policies aren't called when using swagger-sails.

Minimum example to reproduce:

swagger project create hello-world

Change line in config/policies.js from

// '*': true,

to

'*': "testpolicy"

This will actually break startup, because now sails is looking for a policy that does not yet exist. Now, create the file api/policies/testpolicy.js:

module.exports = function( req, res, next ) {
    sails.log( "IN TEST POLICY" );    
};

The application will now start up again:

swagger project start

But the policy is not called when accessing the default controller via "localhost:10010/hello"! Is this the expected behaviour? Is there another way of implementing policy-like semantics with swagger-node?
@mikermcneil
Copy link

Hi @DEX3 - I'm definitely not an expert on swagger tools, but looks like what's happening is that the hook is applying the routes manually.

One way you could work around this problem is by adding another hook. I'll put together an example momentarily.

@mikermcneil
Copy link

@DEX3 https://gist.github.com/mikermcneil/af307979566c84922c3c

@romandecker
Copy link
Author

Hm, I see. I think I might fork the swagger-sails-hook project and adapt it to better suit my needs. Thanks for the help!

@theganyo
Copy link
Contributor

If there's a better way to handle this, please let us know or offer a PR. We want this to be a proper integration for Sails folks!

@mikermcneil
Copy link

@DEX3 definitely- if you're running up against something broadly applicable, let's fold it in 👍

@molexx
Copy link

molexx commented Sep 11, 2015

Doing this at the sails level means that you can't use 'security' definitions in swagger.yaml, which could be preferred because it makes clear to users what is and isn't protected.
But if you've not considered swagger security then it's not obvious that anything you've defined in swagger ignores your carefully crafted sails' policies.js.
Maybe we should have both?

In an attempt to make swagger's security configuration sails-y I've added /api/swagger/securityHandlers.js and added to the config defined in swagger-sails-hook:

securityHandlers: require(path.resolve(sails.config.paths.controllers, '..', 'swagger', 'securityHandlers'))

Seems to work although it will fall over if the file doesn't exist. Happy to submit a pull request if someone can suggest the neatest way to resolve that.

@rajeevb2
Copy link

rajeevb2 commented Oct 8, 2015

I have the same issue as @DEX3. How can I use sails policies with Swagger/sails? It appears to be skipping the policies.

@theganyo
Copy link
Contributor

theganyo commented Oct 8, 2015

There's something going on with the way the Sails Hook works that Policies are not run that I don't understand. I'm hoping @mikermcneil could shed some light on this.

@cgalibern
Copy link

@mikermcneil I have your gist hook, but it fails finding policy function.
I have done a small correction here https://gist.github.com/cgalibern/26bf5ea54f644d8d198c
changing:
return sails.hooks.policies.testpolicy(req, res, next);
into
return sails.hooks.policies.middleware.testpolicy(req, res, next);

then it work as expected.

Many thanks

@cgalibern cgalibern mentioned this issue Nov 6, 2015
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@molexx @romandecker @mikermcneil @theganyo @rajeevb2 @cgalibern