How to use the Forbidden function from http-errors

httpErrors.js

GitHub: fastify/fastify-sensible

27
28
29
30
31
32
33
34
35
36
paymentRequired: function paymentRequired (message) {
  return new createError.PaymentRequired(message)
},

forbidden: function forbidden (message) {
  return new createError.Forbidden(message)
},

notFound: function notFound (message) {
  return new createError.NotFound(message)

30

340

17

+ 55 other calls in file

cloudprofiles.js

GitHub: gardener/dashboard

57
58
59
60
61
62
63
64
65
66
67
68
}


exports.list = async function ({ user }) {
  const allowed = await authorization.canListCloudProfiles(user)
  if (!allowed) {
    throw new Forbidden('You are not allowed to list cloudprofiles')
  }


  const cloudProfiles = getCloudProfiles()
  const seeds = getVisibleAndNotProtectedSeeds()

88

199

22

+ 21 other calls in file

index.js

GitHub: AlexRogalskiy/dashboard-2

170
171
172
173
174
175
176
177
178
179
const { namespace, name } = body

try {
  const terminal = await getTerminalResource(client, { namespace, name })
  if (terminal.metadata.annotations['gardener.cloud/created-by'] !== username) {
    throw new Forbidden(`You are not allowed to delete terminal with name ${name}`)
  }
  await client['dashboard.gardener.cloud'].terminals.delete(namespace, name)
} catch (err) {
  if (!isHttpError(err, 404)) {

87

0

0

index.js

GitHub: nikmeiser/covid-tracker-backend-api

43
44
45
46
47
48
49
50
51
    control
  })
)

if (controlRows.length === 0) {
  throw new Forbidden()
}

const [{ lastAttempt }] = controlRows

16

0

1

+ 5 other calls in file

lock.js

GitHub: kapouer/upcache

100
101
102
103
104
105
106
107
108
109
                if (!locked) {
                        debug("unlocked");
                } else if (!user.grants) {
                        err = new HttpError.Unauthorized("No user grants");
                } else {
                        err = new HttpError.Forbidden("No allowed user grants");
                }
                next(err);
        };
}

1

15

1

member.js

GitHub: RPSoftCompany/tower

197
198
199
200
201
202
203
204
205
206
  },
});

if (foundUser && foundUser.blocked) {
  this.log("debug", "login", "FINISHED");
  throw new HttpErrors.Forbidden("User blocked");
}

if (this.ldapServer && credentials.username !== "admin" && !foundUser) {
  try {

1

8

0

+ 3 other calls in file

errors.js

GitHub: Allocentrique-Inc/smartsplit

16
17
18
19
20
21
22
23
24
25
/* User emails related errors */
module.exports.EmailNotFound = new HTTPErrors.NotFound('Email not found')
module.exports.ConflictingEmail = new HTTPErrors.Conflict(
        'A user already exists with this email'
)
module.exports.InvalidActivationToken = new HTTPErrors.Forbidden(
        'The supplied email activation token is invalid or has expired'
)
module.exports.DeleteNotAllowed = new HTTPErrors.PreconditionFailed(
        'Cannot delete the supplied email because users should have at least one email address linked to their account'

1

0

7

+ 377 other calls in file

userController.js

GitHub: avijit-gos/Modern-TODO-app

229
230
231
232
233
234
235
236
237
238
const result = await comparePassword(
  req.body.password,
  user.password
);
if (!result) {
  throw createError.Forbidden("Old password is not correct");
} else {
  const hash = await generateHashPassword(req.body.newPassword);
  if (!hash) {
    throw createError.Conflict("Password is not secure");

0

1

0

authErrors.js

GitHub: ridvanaltun/node-restful-api

11
12
13
14
15
16
17
18

exports.userNotFound = () => createError.NotFound('User not found')

exports.passwordIncorrect = () => createError.BadRequest('Password incorrect')

exports.refreshTokenRevoked = () => createError.Forbidden('Refresh token revoked')

exports.refreshTokenMalformed = () => createError.Forbidden('Refresh token malformed')

0

3

2

+ 3 other calls in file

auth.controller.js

GitHub: mohammadrezachegini/NodeJs-Ecommerce

57
58
59
60
61
62
63
64
65
66
}
const user = await this.checkExistUser(mobile);

if (user){
    console.log(otp.code, now);
    if (+user.otp.expiresIn > now) throw createError.Forbidden("Your code is not expired")
    return (await this.updateUser(mobile, { otp }))
}
return (await UserModel.create({
mobile,

0

0

1

+ 4 other calls in file

user.js

GitHub: aiotrope/memento

207
208
209
210
211
212
213
214
215
216
const sess = req.session
const user = await User.findOne({ where: { username: username } })

if (!user) throw createError.NotFound(`No account for ${username}`)
if (sess.username !== username) {
  throw createError.Forbidden(`Not allowed to edit user: ${sess.username}`)
}
if (!sess) throw createError.Unauthorized('Login to your account')

const passwordMatch = await bcrypt.compare(sess.password, user.passwordHash)

0

0

0

httpouterror.js

GitHub: doing-things-with-node-red/node-red-contrib-http-out-error

61
62
63
64
65
66
67
68
69
70
case 402: {
  httpError = createError.PaymentRequired();
  break;
}
case 403: {
  httpError = createError.Forbidden();
  break;
}
case 404: {
  httpError = createError.NotFound();

0

0

2

+ 41 other calls in file