Merge pull request #573 from cloudinary/feat/mutliple-acls

Support multiple ACLs for generate_auth_token()

Author: dannyv-cloudinary

lib-es5/auth_token.js

@@ -35,7 +35,7 @@ function escapeToLower(url) {
  * @property {number} start_time=now The start time of the token in seconds from epoch.
  * @property {string} expiration The expiration time of the token in seconds from epoch.
  * @property {string} duration The duration of the token (from start_time).
- * @property {string} acl The ACL for the token.
+ * @property {string|Array<string>} acl The ACL(s) for the token.
  * @property {string} url The URL to authentication in case of a URL token.
  *
  */
@@ -65,6 +65,9 @@ module.exports = function (options) {
   }
   tokenParts.push(`exp=${options.expiration}`);
   if (options.acl != null) {
+    if (Array.isArray(options.acl) === true) {
+      options.acl = options.acl.join("!");
+    }
     tokenParts.push(`acl=${escapeToLower(options.acl)}`);
   }
   var toSign = [].concat(tokenParts);

lib/auth_token.js

@@ -33,7 +33,7 @@ function escapeToLower(url) {
  * @property {number} start_time=now The start time of the token in seconds from epoch.
  * @property {string} expiration The expiration time of the token in seconds from epoch.
  * @property {string} duration The duration of the token (from start_time).
- * @property {string} acl The ACL for the token.
+ * @property {string|Array<string>} acl The ACL(s) for the token.
  * @property {string} url The URL to authentication in case of a URL token.
  *
  */
@@ -63,6 +63,9 @@ module.exports = function (options) {
   }
   tokenParts.push(`exp=${options.expiration}`);
   if (options.acl != null) {
+    if (Array.isArray(options.acl) === true) {
+      options.acl = options.acl.join("!");
+    }
     tokenParts.push(`acl=${escapeToLower(options.acl)}`);
   }
   let toSign = [...tokenParts];

test/unit/authToken/authTokenUtils_spec.js

@@ -66,4 +66,15 @@ describe("AuthToken tests using utils.generate_auth_token", function () {
       });
     }).not.to.throwError();
   });
+
+  it("should support multiple ACLs", function () {
+    let token = utils.generate_auth_token({
+      start_time: 222222222,
+      key: "00112233FF99",
+      duration: 300,
+      acl: ["/*/t_foobar", "t_foobar/*/"]
+    });
+
+    expect(token).to.eql("__cld_token__=st=222222222~exp=222222522~acl=%2f*%2ft_foobar!t_foobar%2f*%2f~hmac=45d51dd32dd26a3c2339155f454076c1d8fbd93c611965461569a0b4279bbdd5");
+  });
 });