Utility for validating patient and user level scopes for the SMART on FHIR specification.
yarn add @bluehalo/sof-scope-checkerconst scopeChecker = require('@bluehalo/sof-scope-checker');
let hasValidScopes = (name, action) => {
return function (req, res, next) {
let scopes = parseScopes(req && req.user);
let { error, success } = scopeChecker(name, action, scopes);
// Log the error, wrap in operation outcome or GraphQL specific error
// You can check the type of the error as well since we use custom errors
if (error) {
next(error);
} else {
next();
}
}
};
app.get(
'/Patient',
hasValidScopes('Patient', 'read'),
patientController
)
See sof-scope-checker tests for more usage examples.
NOTE: The error returned is an extension of the native JS error. It adds a type property to the error which can have a value of 'internal' representing a misconfiguration, or 'forbidden' representing a case where the scopes are not sufficient.
@bluehalo/sof-scope-checker exports a single function which takes three arguments.
Name of the resource or patient.
Type: String
Required: true
The action the user wants to take. Can be read, write, or *.
Type: String
Required: true
The scopes available to the user.
Type: Array<String>
Required: true