Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Implement Authorization for $batch request XSJS

sunojmichael1
Explorer

‎2020 Jul 11 4:22 PM

0 Likes
1,470

Hi,

I have an oData on SCP Cloud foundry XSA.

I want to implement authorization check for $batch request. Basically i am having express + passport for the user auth related aspects.

A set of users have GET privilege, another set have update prevliage etc.

The logics works perfectly fine for GET/PUT/POST/DELETE request.

But for $batch as we know its at POST request with multiple request in request body. It can be a GET/PUT etc.

So how do we do such a thing?

4 REPLIES 4
Read only

jhodel18
Active Contributor

‎2020 Jul 12 6:57 AM

0 Likes
1,358

Hi Sunoj,

You don't put authorization check on batch request itself. You do the authorization check on those individual CRUD operations that are put inside the batch request.

Read only

sunojmichael1
Explorer
In response to jhodel18

‎2020 Jul 12 5:13 PM

0 Likes
1,358

Hi Jhodel,

Thanks!.

Ya, totally agree that we put authorization check for CRUD requests inside batch.

That's my doubt as well.

How do we get the request details inside. I know about that the code added below can give me the request body content as a string which, I might be able to phase based on boundary and changeset. But rather than that, is there any npm package ? Or is there a better way to do that?

Basically what I need, is to get the all the requests that are inside the request body, as a request array. So that, I can process them in sequence.

var body = [];
req.on('data', (chunk) => {
  body.push(chunk);
}).on('end', () => {
  body = Buffer.concat(body).toString();<br>
Read only

jhodel18
Active Contributor
In response to jhodel18

‎2020 Jul 13 2:41 PM

0 Likes
1,358

Wait?! Where did you inject that code? To me, it looks like you have injected a middleware to your XSJS or XSODATA implementation, is this correct assumption?

If you are using XSJS just like what you mentioned on the title of your post, the parsing of the body of the $batch request is already handled by the XSODATA framework and you shouldn't really bother yourself about parsing it yourself. The only thing you need to do is use the XSJS event hooks (before, on, and after events) that the framework provided to you.

Read only

sunojmichael1
Explorer

‎2020 Jul 14 11:30 AM

0 Likes
1,358

Yes Jhodel.

We have a middleware+ passport in server.js file. and process some of the odata request there - which is needed.

My only issue was with $batch, I can have validation exits like you said.

But do the hook evens trigger for GET requests[I would be bypassing the $batch from server.js].