LoopBack is an open source Node.js framework built on top of Express optimized for mobile, web, and other devices. Connect to multiple data sources, write business logic in Node.js, glue on top of your existing services and data, connect using JS, iOS & Android SDKs.
@lamtrinhdev_gitlab Thanks to the flexibility of LoopBack 4, It's possible to mutate the results of the repository functions (e.g. .count() and .find()) and then return that mutation as the response in the controller.
You'll also need to...
- Modify the expected Typescript return type for that controller function
- (Optional, but strongly recommended) Mutate the output of
getModelSchemaRefinside the decorator (e.g.get()) to ensure the correct OpenAPI spec is generated to reflect the new response.
For the 2nd point, this is strongly recommended so as to ensure OpenAPI client generators and other OpenAPI Spec consumers are not misled to assuming the API is returning something different. Though LoopBack 4 currently only validates client requests and does not validate the server response against the OpenAPI spec.
@claudiothewall There seems to be 3 questions, do correct me if I misunderstood:
Do I need to use @authenticate on every controller method?
From my understanding, yes. Though it might be a good idea to open a new question issue on the GitHub repo to get clarification.
Do I need to manually map the matrix in @authorize myself, even for standard operations?
AFAIK, yes: you'll need to use the @authorize decorator and map the matrix yourself. Due to the flexibility of LoopBack 4, the Authorization component will not be able figure out if you're using a standard CRUD repository operation.
For example, a create() controller function may be actually calling the repository findById() function. Therefore, it's not possible to infer the actual intent of a controller function.
Do I need to store the matrix in every controller Typescript file?
LoopBack 4 gives the developers liberty on how to store and manage this matrix. As long valid parameters are passed into @authorize.
You can store this matrix in a dedicated file and then import it into the different controllers. Or you can use LoopBack's dependency injection system and store it in a binding key. So the best way to store this matrix is dependent on your requirements.
Hello every one
I have data in monogdb look like this
"value": {
"EN": "Please write to us for Queries",
"UR": "سوالات کے لئے ہم پر لکھ کریں"
},
My model like
@property({
type: "object",
required: true,
default: ""
})
value: Object;
And I am trying to get value of EN in filed
{
"where": {
"additionalProp1": {}
},
"fields": {
"_id": true,
"language_id": true,
"title": true,
"code": true,
"created_at": true,
"updated_at": true,
"status": true,
"additionalProp1": {}
},
"offset": 0,
"limit": 100,
"skip": 0,
"order": [
"string"
]
}
So how can Get value.EN in filed
@Fr4nZ82 AFAIK, app.service() uses BindingScope.SINGLETON.
I'm not too sure I follow your 2nd question. Could you clarify?
@meet02 This may be better-suited as a new question issue with a reproduction sandbox so that we can more quickly diagnose the issue.
@claudiothewall just wanna clarify @achrinza's comment above:
Do I need to use @authenticate on every controller method?
You can use the @authenticate on every method and also at the controller class level. If you set on the class level and want to skip particular method, can use @authentication.skip()
@achrinza I found the solution, thanks anyway: in the services/my-service.service.ts
@bind({scope: BindingScope.SINGLETON, tags: 'MYSERVICE'})
export class MyService {
private heartbeat: Subject<number>
constructor() {
this.heartbeat = new Subject()
interval(10000).pipe(map(() => Date.now())).subscribe(this.heartbeat)
}
get heartbeat$(){ return this.heartbeat }
}this signleton service expose an interval Subject to which I can subscribe from other services or classes:
export class MyOtherService{
constructor(@service(MyService) public myService: Myservice) {
this.myService.heartbeat$.subscribe( date => this.doSomething() )
}For example I use it to check if a "reset password" link has expired and in that case I delete it
in the backand part i also check if the token contains right info about the user, because the admin can change roles or level and the token must be updated
@post('/users/renewjwtoken', {
security: OPERATION_SECURITY_SPEC,
responses: {
'200': {
description: 'The new token',
content: {
'application/json': {
schema: {JWToken: 'string'},
},
},
},
},
})
@authenticate('jwt')
async renewToken(
@inject(SecurityBindings.USER) currentUserProfile: UserProfile,
): Promise<{JWToken?: string}> {
let user = await this.userRepository.findById(currentUserProfile.id)
let userData = await this.getFullUserData(user as UserSchema)
/*
user is the actual user information memorized in the token, userData are the actual user information in the database;
if they do not match a new token is needed
*/
let JWToken: string
if (
user.level != userData.level ||
!_.isEqual(_.sortBy(user.roles), _.sortBy(userData.roles))
) {
let updatedUser = _.pick(userData, ['id', 'email', 'roles', 'level']) as User
JWToken = await this.jwtService.generateToken(this.userService.convertToUserProfile(updatedUser))
} else JWToken = await this.jwtService.generateToken(this.userService.convertToUserProfile(user))
return {JWToken}
}to only get a new token only generate a new one and send to the frontend
i use angular 8 as frontend... this is on the authentication service constructor
setRenewalInterval(exp:number,iat:number){
interval(10000).pipe(takeUntil(this.stopInterval), tap(n=>{
let jwtokenDuration = exp - iat
let datenowsec = Date.now() / 1000
let remaining = exp - datenowsec
let remainingP = remaining / jwtokenDuration
this.ls.log(['authentication'],'JWToken renewal interval; tokenDuration: '+jwtokenDuration+' remaining: '+remaining+' remainingP: '+remainingP)
//this.renewJWToken method is launched from the interceptor!
if( remainingP < 0.333 ){
this.stopInterval.next()
this.getNewJWToken()
.subscribe(res => {
this.ls.log(['authentication'],'JW TOKEN RENEWED, res:',JSON.stringify(res))
if(res.JWToken && res.JWToken.length > 0) this.renewToken(res.JWToken)
})
}
})).subscribe()
}and the interceptor:
@Injectable()
export class JwtInterceptor implements HttpInterceptor {
isLogin=false
constructor(
private authenticationService: AuthenticationService,
private ls:LoggingService
) { }
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
if(request.url.startsWith('http')) this.ls.log(['interceptors'],'request intercepted by JWT interceptor: ',JSON.stringify(request))
if(request.url.endsWith('/users/login')) this.isLogin = true
else this.isLogin = false
// add authorization header with JWToken if available
let currentUserJWToken = this.authenticationService.currentUserJWToken;
if (currentUserJWToken) {
request = request.clone({
setHeaders: {
Authorization: `Bearer ${currentUserJWToken}`
}
});
}
//intercept response and renew JWToken if present
return next.handle(request).pipe(
map( event => {
if (!this.isLogin && event instanceof HttpResponse && event.body && event.body.JWToken && event.body.JWToken.length > 0){
this.authenticationService.renewToken(event.body.JWToken)
}
this.ls.log(['interceptors'],'JWT interceptor handle event:',JSON.stringify(event))
return event
})
)
}
}
guys if you want to share a starter we left a package with basic email template and sms authentication 🤣🤣🤣🤣
const w = new WhereBuilder<TokenLink>().and({expires: {gt: 1}}, {expires: {lte: now}}).build()
return this.tkr.deleteAll(w)@Fr4nZ82 Filter builders are currently not documented in the traditional sense; I believe it's currently being tracked by strongloop/loopback-next#1973
But there are API docs:
https://loopback.io/doc/en/lb4/apidocs.repository.filterbuilder.html
https://loopback.io/doc/en/lb4/apidocs.repository.wherebuilder.html
@MwSpaceLLC Thanks for sharing!
@lakshmansai1980 Nested properties can be targeted using the dot-notation (e.g. “user.email”)
The “Working with Data” docs are currently being migrated from LoopBack 3 to 4 (see: strongloop/loopback-next#4970)
In the mean time, we can reference the LoopBack 3 docs:
https://loopback.io/doc/en/lb3/Querying-data.html#filtering-nested-properties
@property({
type: 'string',
id: true,
generated: true,
})
id?: string;
@property({
type: 'string',
})
name?: string;
@property({
type: MediaType,
})
webMedia?: MediaType;
MediaType :
@property({
type: 'string',
})
type?: string;
@property({
type: 'string',
})
media?: string;
@lakshmansai1980 Thanks for providing a sample model;
Unfortunately this would be difficult to debug via chat. Could you create a new "question" issue and provide a link to a GitHub repo with a minimum-reproduction sandbox? This would allow the other maintainers to provide assistance on the issue.
Providing a reproduction sandbox in the issue would help speed up debugging the issue.
@lakshmansai1980 It is strongly recommended to use the lb4 relation command to generate the relations. Unfortunately, without a minimum reproduction sandbox, we can't easily debug the issue as there's too many variables involved.
With the MongoDB connector, strictObjectIDCoercion should be consistently used or not used to ensure that LoopBack can resolve ObjectID
If there's any issues with using lb4 relation, please create a new "question" issue with a link to a GitHub repo containing a minimum reproduction sandbox. This will allow the other maintainers (who may be more versed in MongoDB than me) to look into it and check if this may be a bug.
More information on strictObjectIDCoercion can be found on the docs: https://loopback.io/doc/en/lb4/MongoDB-connector.html#strictobjectidcoercion-flag