fix: use loopback-context to access context info

Tom Kirkpatrick · Tom Kirkpatrick · commit 8ca5d8ec6891 · 2017-05-29T10:45:30.000+02:00
BREAKING CHANGE: now requires loopback-context to be installed and configured
diff --git a/lib/middleware/user-context.js b/lib/middleware/user-context.js
@@ -1,14 +1,14 @@
 'use strict'
 
 const debug = require('debug')('loopback:component:access:context')
-const loopback = require('loopback')
 const Promise = require('bluebird')
+const LoopBackContext = require('loopback-context')
 
 module.exports = function userContextMiddleware() {
   debug('initializing user context middleware')
   // set current user to enable user access for remote methods
   return function userContext(req, res, next) {
-    const loopbackContext = loopback.getCurrentContext()
+    const loopbackContext = LoopBackContext.getCurrentContext()
 
     if (!loopbackContext) {
       debug('No user context (loopback current context not found)')
diff --git a/lib/mixins/get-current-user.js b/lib/mixins/get-current-user.js
@@ -1,13 +1,13 @@
 'use strict'
 
-const loopback = require('loopback')
 const debug = require('debug')('loopback:component:access:utils')
+const LoopBackContext = require('loopback-context')
 
 module.exports = function getCurrentUserMixin(Model) {
   debug('initializing GetCurrentUser Mixin for model %s', Model.modelName)
 
   Model.getCurrentUser = function getCurrentUser() {
-    const ctx = loopback.getCurrentContext()
+    const ctx = LoopBackContext.getCurrentContext()
     const currentUser = (ctx && ctx.get('currentUser')) || null
 
     if (ctx) {
diff --git a/lib/utils.js b/lib/utils.js
@@ -5,6 +5,7 @@ const { createPromiseCallback } = require('loopback-datasource-juggler/lib/utils
 const _defaults = require('lodash').defaults
 const _get = require('lodash').get
 const Promise = require('bluebird')
+const LoopBackContext = require('loopback-context')
 
 module.exports = class AccessUtils {
   constructor(app, options) {
@@ -58,7 +59,7 @@ module.exports = class AccessUtils {
       if (typeof Model.observe === 'function') {
         debug('Attaching access observer to %s', modelName)
         Model.observe('access', (ctx, next) => {
-          const currentUser = this.getCurrentUser()
+          const currentUser = AccessUtils.getCurrentUser()
 
           if (currentUser) {
             // Do not filter if options.skipAccess has been set.
@@ -74,7 +75,7 @@ module.exports = class AccessUtils {
             }
 
             // Do not apply filters if no group access acls were applied.
-            const loopbackContext = this.app.loopback.getCurrentContext()
+            const loopbackContext = LoopBackContext.getCurrentContext()
             const groupAccessApplied = Boolean(loopbackContext && loopbackContext.get('groupAccessApplied'))
 
             if (!groupAccessApplied) {
@@ -197,8 +198,8 @@ module.exports = class AccessUtils {
   getUserGroups(userId, force, cb) {
     force = force || false
     cb = cb || createPromiseCallback()
-    const currentUser = this.getCurrentUser()
-    const currentUserGroups = this.getCurrentUserGroups()
+    const currentUser = AccessUtils.getCurrentUser()
+    const currentUserGroups = AccessUtils.getCurrentUserGroups()
 
     // Return from the context cache if exists.
     if (!force && currentUser && currentUser.getId() === userId) {
@@ -227,8 +228,8 @@ module.exports = class AccessUtils {
    *
    * @returns {Object} Returns the currently logged in user.
    */
-  getCurrentUser() {
-    const ctx = this.app.loopback.getCurrentContext()
+  static getCurrentUser() {
+    const ctx = LoopBackContext.getCurrentContext()
     const currentUser = (ctx && ctx.get('currentUser')) || null
 
     return currentUser
@@ -239,8 +240,8 @@ module.exports = class AccessUtils {
    *
    * @returns {Array} Returnds a list of access groups the user is a member of.
    */
-  getCurrentUserGroups() {
-    const ctx = this.app.loopback.getCurrentContext()
+  static getCurrentUserGroups() {
+    const ctx = LoopBackContext.getCurrentContext()
     const currentUserGroups = (ctx && ctx.get('currentUserGroups')) || []
 
     return currentUserGroups
@@ -295,7 +296,7 @@ module.exports = class AccessUtils {
         return cb.promise
       }
 
-      this.app.loopback.getCurrentContext().set('groupAccessApplied', true)
+      LoopBackContext.getCurrentContext().set('groupAccessApplied', true)
 
       /**
        * Basic application that does not cover static methods. Similar to $owner. (RECOMMENDED)
@@ -368,7 +369,7 @@ module.exports = class AccessUtils {
 
           // Note the fact that we are allowing access due to passing an ACL.
           if (res) {
-            this.app.loopback.getCurrentContext().set('groupAccessApplied', true)
+            LoopBackContext.getCurrentContext().set('groupAccessApplied', true)
           }
 
           return cb(null, res)
diff --git a/package.json b/package.json
@@ -38,7 +38,9 @@
     "lodash": "^4.17.4"
   },
   "peerDependencies": {
-    "loopback": "^2.25.0"
+    "loopback": "^2.25.0",
+    "loopback-context": "^3.1.0",
+    "cls-hooked": "^4.1.5"
   },
   "optionalDependencies": {
     "loopback-component-explorer": "2.3.0"
@@ -54,6 +56,8 @@
     "eslint-config-fullcube": "^2.0.2",
     "loopback": "^2.25.0",
     "loopback-boot": "^2.24.0",
+    "loopback-context": "^3.1.0",
+    "cls-hooked": "^4.1.5",
     "loopback-component-fixtures": "^1.1.0",
     "mocha": "^3.4.1",
     "mocha-sinon": "latest",
diff --git a/test/fixtures/simple-app/server/config.json b/test/fixtures/simple-app/server/config.json
@@ -3,9 +3,7 @@
   "host": "0.0.0.0",
   "port": 3000,
   "remoting": {
-    "context": {
-      "enableHttpContext": false
-    },
+    "context": false,
     "rest": {
       "normalizeHttpPath": false,
       "xml": false
@@ -23,5 +21,6 @@
       "disableStackTrace": false
     }
   },
-  "legacyExplorer": false
+  "legacyExplorer": false,
+  "logoutSessionsOnSensitiveChanges": true
 }
diff --git a/test/fixtures/simple-app/server/middleware.json b/test/fixtures/simple-app/server/middleware.json
@@ -1,11 +1,15 @@
 {
-  "initial:before": {
-    "loopback#favicon": {},
-    "loopback#context": {},
-    "loopback#token": {}
+  "initial": {
+    "loopback-context#per-request": {
+      "params": {
+        "enableHttpContext": true
+      }
+    }
   },
   "session": {},
-  "auth": {},
+  "auth": {
+    "loopback#token": {}
+  },
   "parse": {},
   "routes": {
     "loopback#rest": {
diff --git a/test/middleware-test.js b/test/middleware-test.js
@@ -2,6 +2,8 @@
 
 const path = require('path')
 const chai = require('chai')
+const LoopBackContext = require('loopback-context')
+
 const { expect } = chai
 
 chai.use(require('dirty-chai'))
@@ -23,8 +25,8 @@ describe('User Context Middleware', function() {
 
   describe('With user in loopback context', function() {
     it('should return the user', function() {
-      app.loopback.runInContext(function() {
-        const loopbackContext = app.loopback.getCurrentContext()
+      LoopBackContext.runInContext(function() {
+        const loopbackContext = LoopBackContext.getCurrentContext()
         const user = {
           id: 'generalUser',
           username: 'generalUser',
