SiteGenesis Server-side Javascript - Module: guardmenu | Infocenter

SiteGenesis / Server-side JS / Module: guard

This is a collection of decorators for functions which performs several security checks. They can be combined with each other to configure the necessary constraints for a function that is exposed to the Internet.

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 3

Example

Example of an Account controller

function show() {
    // shows account landing page
}

// allow only GET requests via HTTPS for logged in users
exports.Show = require('~/guard').ensure(['get','https','loggedIn'],show);

Namespaces

Filters

Members

(static) all

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 170

See:

module:guard~expose

(static) ensure

Use this method to combine different filters, typically this is used to secure methods when exporting them as publicly avaiblable endpoints in controllers.

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 205

Example

// allow only GET requests for the Show endpoint
exports.Show = require('~/guard').ensure(['get'],show);

// allow only POST requests via HTTPS for the Find endpoint
exports.Find = require('~/guard').ensure(['post','https'],find);

// allow only logged in customer via HTTPS for the Profile endpoint
exports.Profile = require('~/guard').ensure(['https','loggedIn'],profile);

Methods

(static) httpsGet()

Deprecated:

Use ensure(['https','get'], action) instead

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 178

See:

module:guard~https
module:guard~get

(static) httpsPost()

Deprecated:

Use ensure(['https','post'], action) instead

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 187

See:

module:guard~https
module:guard~post

(inner) ensure(filters, action, params)

This function should be used to secure public endpoints by applying a set of predefined filters.

Parameters:

Name	Type	Description
`filters`	Array.<string>	The filters which need to be passed to access the page
`action`	function	The action which represents the resource to show
`params`	Object	Additional parameters which are passed to all filters and the action

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 117

See:

(inner) expose()

Exposes the given action to be accessible from the web. The action gets a property which marks it as exposed. This property is checked by the platform.

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 161

(inner) requireLogin(params)

This method contains the login to handle a not logged in customer

Parameters:

Name	Type	Description
`params`	Object	Parameters passed along by by ensure

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 29

(inner) switchToHttps()

Performs a protocol switch for the URL of the current request to HTTPS. Responds with a redirect to the client.

Source:

app_storefront_controllers/cartridge/scripts/guard.js, line 48

Returns:

false, if switching is not possible (for example, because its a POST request)