{"id":41284047,"url":"https://github.com/funny-bytes/hapi-field-auth","last_synced_at":"2026-01-23T02:58:42.408Z","repository":{"id":41571915,"uuid":"144505991","full_name":"funny-bytes/hapi-field-auth","owner":"funny-bytes","description":"Hapi plug-in for field-level authorization","archived":false,"fork":false,"pushed_at":"2025-01-16T15:09:56.000Z","size":1170,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-09-28T08:45:12.163Z","etag":null,"topics":["authorization","hapi","plug-in"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/funny-bytes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-08-12T22:44:56.000Z","updated_at":"2025-01-16T15:09:57.000Z","dependencies_parsed_at":"2025-08-18T22:33:04.921Z","dependency_job_id":"03a4211a-1b2d-490b-8f18-d2195e5f7af6","html_url":"https://github.com/funny-bytes/hapi-field-auth","commit_stats":null,"previous_names":["frankthelen/hapi-field-auth"],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/funny-bytes/hapi-field-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/funny-bytes%2Fhapi-field-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/funny-bytes%2Fhapi-field-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/funny-bytes%2Fhapi-field-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/funny-bytes%2Fhapi-field-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/funny-bytes","download_url":"https://codeload.github.com/funny-bytes/hapi-field-auth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/funny-bytes%2Fhapi-field-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28679139,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T01:00:35.747Z","status":"online","status_checked_at":"2026-01-23T02:00:08.296Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","hapi","plug-in"],"created_at":"2026-01-23T02:58:42.338Z","updated_at":"2026-01-23T02:58:42.389Z","avatar_url":"https://github.com/funny-bytes.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hapi-field-auth\n\nHapi server plugin for field-level authorization.\n\n![main workflow](https://github.com/funny-bytes/hapi-field-auth/actions/workflows/main.yml/badge.svg)\n[![Coverage Status](https://coveralls.io/repos/github/funny-bytes/hapi-build-auth/badge.svg?branch=master)](https://coveralls.io/github/funny-bytes/hapi-build-auth?branch=master)\n[![Dependencies Status](https://david-dm.org/funny-bytes/hapi-field-auth.svg)](https://david-dm.org/funny-bytes/hapi-field-auth)\n[![Maintainability](https://api.codeclimate.com/v1/badges/9a28b9cc8e829ae17a80/maintainability)](https://codeclimate.com/github/funny-bytes/hapi-field-auth/maintainability)\n[![node](https://img.shields.io/node/v/hapi-field-auth.svg)]()\n[![code style](https://img.shields.io/badge/code_style-airbnb-brightgreen.svg)](https://github.com/airbnb/javascript)\n[![License Status](http://img.shields.io/npm/l/hapi-field-auth.svg)]()\n\nTested with\n\n* Node 22, Hapi 20/21\n\n## Install\n\n```bash\nnpm install hapi-field-auth\n```\n\n## Purpose\n\nThis plugin provides field-level authorization (not authentication)\nfor Hapi routes -- particularly useful for *PATCH* routes.\nIf the request payload has fields with special constraints\nin respect to the `scope` of the authenticated user,\nthis plugin allows restricting access on field-level\nand adding field validation depending on the `scope`.\n\nA prerequisite is authentication.\nUse any authentication plugin, e.g., `hapi-auth-basic` or `hapi-auth-bearer-token`.\nThe authentication plugin must properly set `request.auth.credentials.scope`\nwith the authenticated user's scope for this plugin to work.\n\nDynamic scopes referring to the request object (query, params, payload, and credentials)\nare supported, e.g., `user-{params.id}`. Prefix characters `!` and `+` are not (yet) supported.\n\n## Usage\n\nRegister the plugin with Hapi server like this:\n```js\nconst Hapi = require('@hapi/hapi');\nconst hapiAuthBasic = require('@hapi/basic');\nconst hapiFieldAuth = require('hapi-field-auth');\n\nconst server = new Hapi.Server({\n  port: 3000,\n});\n\nconst provision = async () =\u003e {\n  await server.register([hapiAuthBasic, hapiFieldAuth]);\n  // ...\n  await server.start();\n};\n\nprovision();\n```\n\nYour route configuration may look like this:\n```js\nserver.route({\n  method: 'PATCH',\n  path: '/example',\n  options: {\n    auth: {\n      access: { // route-level auth -\u003e HTTP 401/403\n        scope: ['write', 'write.extended'], // multiple scopes on route-level\n      },\n    },\n    validate: {\n      payload: ExampleSchema, // Joi schema validation -\u003e HTTP 400\n    },\n    plugins: {\n      'hapi-field-auth': [{ // add field-level authorization -\u003e HTTP 403\n        fields: ['myProtectedField'], // request payload properties\n        scope: ['write.extended'], // restricted scopes on field-level\n      }, {\n        fields: ['activeUntil', 'validUntil'],\n        scope: ['write.extended'], // restricted scopes on field-level...\n        validate: Joi.date().min('now').allow(null), // ...OR additional Joi schema -\u003e HTTP 400\n      }],\n    },\n  },\n  handler: function (request, h) {\n    // ...\n  }\n});\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffunny-bytes%2Fhapi-field-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffunny-bytes%2Fhapi-field-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffunny-bytes%2Fhapi-field-auth/lists"}