Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
    Justin Headley

    @wowtech_gitlab apologies for the lack of documentation on authentication, I'll have to fix that.

    Short answer: use a hapi auth plugin such as hapi-auth-jwt2and set the config.authStrategy option.

    You can see a working example in the appy project:

    I will work on getting a better explanation in the docs and let you know once it's done.

    Naveen N
    i just created a file called auth.js in api folder. i added /public endpoint with auth set to null.
    when i access /public via postman. im getting 401 status
    what am i missing?
    Naveen N
    hapi-auth-jwt2 ive added this one
    Justin Headley
    @resistancet9 it's hard to tell without more information. If you can direct me to your repo or post some code here I will try to take a look.
    Justin Headley
    @wowtech_gitlab @resistancet9 please see the updated docs for information on how to set up authentication:
    Anyone know how to create an array inside a collection?
    Ronald J Kimball
    Is it possible to specify the collection name for a MANY_MANY linking table? I've created a linking model named questionCategoryLink.model.js, which results in a collection named questionCategoryLink. I want the collection to be named questionCategoryLinks, to match the pluralization of all my other collection names.
    David Clarkson
    This project is great. Thank you!
    Would be really cool for a bit more examples for auth as mentioned earlier. Would love a basic hapi-rest hapi-auth-jwt2 example with a few routes (appy is great, but theres a lot of extra stuff going on in there which makes it a bit of a leap for something my level).
    Bonus would be inclusion of how to protect route like{userid}/profile
    Just not quite clear to me with the scope info in the docs.
    Rudrika Fichadiya
    Anyone know how can I fix issue regarding "UnhandledPromiseRejectionWarning: MongoError: TTL index 'expireAfterSeconds' option must be numeric, but received a type of 'null'." ? I have cloned But when I try to run server/api.js it always stop with this unHandled promise.
    Aboud Akhdir
    hey all, can I use rest-hapi with Postgres or MySQL?

    Anyone know how can I fix issue regarding "UnhandledPromiseRejectionWarning: MongoError: TTL index 'expireAfterSeconds' option must be numeric, but received a type of 'null'." ? I have cloned But when I try to run server/api.js it always stop with this unHandled promise.

    I'm having the same issue!

    Justin Headley

    @djclarkson Thanks! Sorry for the late reply, but you can find a simple auth example here:

    There is also a link to it in the docs:

    Justin Headley
    @akhdir currently rest-hapi only supports MongoDB, however supporting multiple dbs is definitely a long-term goal.
    Hello, first thing, I searched for some years something like rest hapi, thank you!
    About my questiom, I have users, and this users can create some resources and groups, users in the same groups can see the resources with this group, but not the resources of other groups. Is possible to create some dynamic scopes where I can tag "group-{id}", or have a hook where I can add my own scopes?
    Justin Headley

    @felipeprov Thanks for the comment, glad you find it useful!

    As for your question, if I understand it correctly then it sounds like you have a many-many association with groups and users and a one-many association with groups and resources (i.e. a resource can only belong to one group). You would like for only users that belong to the same group as a resource to be able to access that resource.

    If this is the case then this can be accomplished through association middleware. Basically, whenever a resource is added to a group, you should add group-{id} to the resource's documentScope. This can be done in the add->resources association middleware function for the group model. Also, whenever a user is added to the group, you would have to make sure group-{id} is added to their scope as well. In appy this is done with the permissions model. You could alternatively just have a simple scope field in your user model. Then when the user authenticates, you use this scope field (or the associated permission) to calculate the scope stored in the user's token. In this case when the user's scope is calculated it should end up containing group-{id}. Now when the user attempts to access a resource in the same group, rest-hapi will compare the resources documentScope with the user's calculated scope and find a matching scope (group-{id}) and allow the user to access the resource.

    You could also accomplish this with policies rather than leveraging documentScope, however it would essentially be the same process with some extra work.

    This is an overview of how it can be accomplished. Document authorization is one of the more nuanced features in rest-hapi, so I would highly recommend reading through the docs to make sure you understand the concepts before attempting this. It may be helpful to reference appy for examples of how user scopes are created.

    If you would like more explanations of a particular topic, let me know and I'll try to help.

    Rudrika Fichadiya
    @mescalito , Issue solved using library file modification just to set true/false instead null.
    Diswarin Saiphanas
    Anyone know how can I fix issue regarding Error starting server: Error: Invalid mongodb uri "mongodb+srv://<username>:<password>" I connnect to MongoDB Atlas Clusters
    Hello, is there something I'm missing about building my model? I'm trying to make my users belong to one or more companies and when a user logs in to a company he finds the contacts of that company. Any ideas?
    Pradeep Raput
    How to recover soft deleted documents?