👤 User Validator Blocks

User validator blocks provide validation functions for user-related operations in Nodeblocks applications. These validators ensure proper access control and data validation for user profiles and user management operations.

---

🎯 Overview

User validator blocks are designed to:

• Validate user profile access based on ownership and permissions
• Ensure proper user management with role-based access control
• Support multiple access patterns (self, admin, user, guest)
• Handle user-specific validation logic for secure operations
• Provide reusable validation for user workflows

---

📋 User Validator Types

Access Control Validators

Validators that check user permissions for user resources.

---

🔧 Available User Validators

validateUserProfileAccess

Validates user profile access based on allowed subjects and token information.

Purpose: Ensures users can only access their own profiles or have appropriate permissions

Parameters:

• allowedSubjects: string[] - Array of allowed user types/subjects
• authenticate: Authenticator - Authentication function (optional, defaults to getBearerTokenInfo)
• payload: RouteHandlerPayload - Contains request context and data

Returns: void - Passes through if user has appropriate permissions

Throws:

• NodeblocksError (401) with message "App token is not valid" or "User token is not valid" for invalid tokens
• NodeblocksError (401) with message "Identity not found" if user identity doesn't exist
• NodeblocksError (404) with message "User profile not found" if user profile doesn't exist
• NodeblocksError (403) with message "User is not authorized to access this user profile" for unauthorized access
• NodeblocksError (401) with message "Token does not have a valid access type" for invalid token types

Supported Subjects:

• 'self' - User can access their own profile (email-based matching)
• 'admin' - Administrator access (typeId: '100')
• 'user' - Regular user access (typeId: '001')
• 'guest' - Guest access (typeId: '000')

User Profile ID Sources (checked in order):

• payload.context.data.userId
• payload.params.requestParams.userId
• payload.params.requestQuery.userId
• payload.params.requestBody.userId

User Type Configuration (defaults):

{
  admin: '100',
  guest: '000', 
  user: '001'
}

Access Logic:

• App tokens: Always pass if appId is valid
• User tokens:
  • For 'self' subject: Match user email with profile email
  • For role subjects: Match user typeId with configured typeId
  • At least one subject must match for access to be granted

Usage:

import { validators } from '@nodeblocks/backend-sdk';

const { validateUserProfileAccess } = validators;

// Self access only
compose(validateUserProfileAccess(['self']), userProfileHandler);

// Self or admin access
compose(validateUserProfileAccess(['self', 'admin']), userProfileHandler);

// Admin only access
compose(validateUserProfileAccess(['admin']), adminUserHandler);

---

🔗 Related Documentation

• User Schema Blocks - User data validation and contracts
• User Handler Blocks - User business logic functions
• User Route Blocks - User HTTP endpoint definitions
• User Feature Blocks - User composed features