From 82b6e9d4493b37654c0efddce122775da52744b8 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Thu, 1 Jun 2017 00:25:37 +0000
Subject: [PATCH] allow '*' scope for full account access

---
 lib/apis.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/apis.js b/lib/apis.js
index c417132..ca109b6 100644
--- a/lib/apis.js
+++ b/lib/apis.js
@@ -136,6 +136,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
         req.oauth3.accountIdx = accountIdx;
         req.oauth3.ppid = ppid;
         req.oauth3.accountHash = crypto.createHash('sha1').update(accountIdx).digest('hex');
+        //console.log('[com.daplie.walnut] accountIdx:', accountIdx);
+        //console.log('[com.daplie.walnut] ppid:', ppid);
 
         next();
       });
@@ -269,6 +271,8 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
           }
 
           return function (req, res, next) {
+            var tokenScopes;
+
             if (!(req.oauth3 || req.oauth3.token)) {
               // TODO some error generator for standard messages
               res.send({ error: { message: "You must be logged in", code: "E_NO_AUTHN" } });
@@ -279,11 +283,18 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
               return;
             }
 
+            tokenScopes = req.oauth3.token.scp.split(/[,\s]+/mg);
+            if (-1 !== tokenScopes.indexOf('*')) {
+              // has full account access
+              next();
+              return;
+            }
+
             // every grant in the array must be present
             if (!grants.every(function (grant) {
               var scopes = grant.split(/\|/g);
               return scopes.some(function (scp) {
-                return req.oauth3.token.scp.split(/[,\s]+/mg).some(function (s) {
+                return tokenScopes.some(function (s) {
                   return scp === s;
                 });
               });