The App object represents a Loopback application.

The App object extends Express and supports Express middleware. See Express documentation for details.

var loopback = require('loopback');
var app = loopback();

app.get('/', function(req, res){
  res.send('hello world');
});

app.listen(3000);

Register a connector.

When a new data-source is being added via app.dataSource, the connector name is looked up in the registered connectors first.

Connectors are required to be explicitly registered only for applications using browserify, because browserify does not support dynamic require, which is used by LoopBack to automatically load the connector module.

Define a DataSource.

Enable app wide authentication.

Listen for connections and update the configured port.

When there are no parameters or there is only one callback parameter, the server will listen on app.get('host') and app.get('port').

For example, to listen on host/port configured in app config:

app.listen();

Otherwise all arguments are forwarded to http.Server.listen.

For example, to listen on the specified port and all hosts, and ignore app config.

app.listen(80);

The function also installs a listening callback that calls app.set('port') with the value returned by server.address().port. This way the port param contains always the real port number, even when listen was called with port number 0.

Attach a model to the app. The Model will be available on the app.models object.

Example - Attach an existing model:

var User = loopback.User;
app.model(User);

Example - Attach an existing model, alter some aspects of the model:

var User = loopback.User;
app.model(User, { dataSource: 'db' });

Get the models exported by the app. Returns only models defined using app.model()

There are two ways to access models:

1. Call app.models() to get a list of all models.

var models = app.models();

models.forEach(function(Model) {
 console.log(Model.modelName); // color
});

1. Use app.model to access a model by name. app.models has properties for all defined models.

The following example illustrates accessing the Product and CustomerReceipt models using the models object.

var loopback = require('loopback');
 var app = loopback();
 app.boot({
  dataSources: {
    db: {connector: 'memory'}
  }
});

app.model('product', {dataSource: 'db'});
app.model('customer-receipt', {dataSource: 'db'});

// available based on the given name
var Product = app.models.Product;

// also available as camelCase
var product = app.models.product;

// multi-word models are avaiable as pascal cased
var CustomerReceipt = app.models.CustomerReceipt;

// also available as camelCase
var customerReceipt = app.models.customerReceipt;

Get all remote objects.

Lazily load a set of remote objects.

NOTE: Calling app.remotes() more than once returns only a single set of remote objects.

Register a middleware using a factory function and a JSON config.

Example

app.middlewareFromConfig(compression, {
  enabled: true,
  phase: 'initial',
  params: {
    threshold: 128
  }
});

Register (new) middleware phases.

If all names are new, then the phases are added just before "routes" phase. Otherwise the provided list of names is merged with the existing phases in such way that the order of phases is preserved.

Examples

// built-in phases:
// initial, session, auth, parse, routes, files, final

app.defineMiddlewarePhases('custom');
// new list of phases
// initial, session, auth, parse, custom, routes, files, final

app.defineMiddlewarePhases([
  'initial', 'postinit', 'preauth', 'routes', 'subapps'
]);
// new list of phases
// initial, postinit, preauth, session, auth, parse, custom,
// routes, subapps, files, final

Register a middleware handler to be executed in a given phase.

LoopBack core module. It provides static properties and methods to create models and data sources. The module itself is a function that creates loopback app. For example:

var loopback = require('loopback');
var app = loopback();

Attach any model that does not have a dataSource to the default dataSource for the type the Model requests

Alter an existing Model class.

Create a data source with passing the provided options to the connector.

Create a named vanilla JavaScript class constructor with an attached set of properties and options.

This function comes with two variants:

• loopback.createModel(name, properties, options)
• loopback.createModel(config)

In the second variant, the parameters name, properties and options are provided in the config object. Any additional config entries are interpreted as options, i.e. the following two configs are identical:

{ name: 'Customer', base: 'User' }
{ name: 'Customer', options: { base: 'User' } }

Example

Create an Author model using the three-parameter variant:

loopback.createModel(
  'Author',
  {
    firstName: 'string',
    lastName: 'string'
  },
  {
    relations: {
      books: {
        model: 'Book',
        type: 'hasAndBelongsToMany'
      }
    }
  }
);

Create the same model using a config object:

loopback.createModel({
  name: 'Author',
  properties: {
    firstName: 'string',
    lastName: 'string'
  },
  relations: {
    books: {
      model: 'Book',
      type: 'hasAndBelongsToMany'
    }
  }
});

Look up a model class by name from all models created by loopback.createModel()

Get the default dataSource for a given type.

Look up a model class by name from all models created by loopback.createModel(). Throw an error when no such model exists.

Look up a model class by the base model class. The method can be used by LoopBack to find configured models in models.json over the base model.

Expose path to the default favicon file

only in node

Get an in-memory data source. Use one if it already exists.

Add a remote method to a model.

Set the default dataSource for a given type.

Create a template helper.

var render = loopback.template('foo.ejs');
var html = render({foo: 'bar'});

Define and reference Models and DataSources.

Add the acl entry to the acls

Attach any model that does not have a dataSource to the default dataSource for the type the Model requests

Alter an existing Model class.

Create a data source with passing the provided options to the connector.

Create a named vanilla JavaScript class constructor with an attached set of properties and options.

This function comes with two variants:

• loopback.createModel(name, properties, options)
• loopback.createModel(config)

In the second variant, the parameters name, properties and options are provided in the config object. Any additional config entries are interpreted as options, i.e. the following two configs are identical:

{ name: 'Customer', base: 'User' }
{ name: 'Customer', options: { base: 'User' } }

Example

Create an Author model using the three-parameter variant:

loopback.createModel(
  'Author',
  {
    firstName: 'string',
    lastName: 'string'
  },
  {
    relations: {
      books: {
        model: 'Book',
        type: 'hasAndBelongsToMany'
      }
    }
  }
);

Create the same model using a config object:

loopback.createModel({
  name: 'Author',
  properties: {
    firstName: 'string',
    lastName: 'string'
  },
  relations: {
    books: {
      model: 'Book',
      type: 'hasAndBelongsToMany'
    }
  }
});

Look up a model class by name from all models created by loopback.createModel()

Get the default dataSource for a given type.

Look up a model class by name from all models created by loopback.createModel(). Throw an error when no such model exists.

Look up a model class by the base model class. The method can be used by LoopBack to find configured models in models.json over the base model.

Get an in-memory data source. Use one if it already exists.

Set the default dataSource for a given type.

Get the current context object. The context is preserved across async calls, it behaves like a thread-local storage.

Run the given function in such way that loopback.getCurrentContext returns the provided context object.

NOTE

The method is supported on the server only, it does not work in the browser at the moment.

Create a new LoopBackContext instance that can be used for loopback.runInContext.

NOTES

At the moment, loopback.getCurrentContext supports a single global context instance only. If you call createContext() multiple times, getCurrentContext will return the last context created.

The method is supported on the server only, it does not work in the browser at the moment.

Access context represents the context for a request to access protected resources

Add a principal to the context

Get the application id

Get the user id

Check if the access context has authenticated principals

A request to access protected resources.

Does the given ACL apply to this AccessRequest.

Is the request for access allowed?

Does the request contain any wildcards?

This class represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id

Compare if two principals are equal Returns true if argument principal is equal to this principal.

The base class for all models.

Inheriting from Model

var properties = {...};
var options = {...};
var MyModel = loopback.Model.extend('MyModel', properties, options);

Options

• trackChanges - If true, changes to the model will be tracked. Required for replication.

Events

Event: changed

Emitted after a model has been successfully created, saved, or updated. Argument: inst, model instance, object

MyModel.on('changed', function(inst) {
  console.log('model with id %s has been changed', inst.id);
  // => model with id 1 has been changed
});

Event: deleted

Emitted after an individual model has been deleted. Argument: id, model ID (number).

MyModel.on('deleted', function(id) {
  console.log('model with id %s has been deleted', id);
  // => model with id 1 has been deleted
});

Event: deletedAll

Emitted after an individual model has been deleted. Argument: where (optional), where filter, JSON object.

MyModel.on('deletedAll', function(where) {
  if (where) {
    console.log('all models where ', where, ' have been deleted');
    // => all models where
    // => {price: {gt: 100}}
    // => have been deleted
  }
});

Event: attached

Emitted after a Model has been attached to an app.

Event: dataSourceAttached

Emitted after a Model has been attached to a DataSource.

Event: set

Emitted when model property is set. Argument: inst, model instance, object

MyModel.on('set', function(inst) {
  console.log('model with id %s has been changed', inst.id);
  // => model with id 1 has been changed
});

Check if the given access token can invoke the specified method.

Disable remote invocation for the method with the given name.

Get the Application object to which the Model is attached.

Enabled deeply-nested queries of related models via REST API.

Enable remote invocation for the specified method. See Remote methods for more information.

Static method example:

Model.myMethod();
Model.remoteMethod('myMethod');

The loopback.Model.extend() method calls this when you create a model that extends another model. Add any setup or configuration code you want executed when the model is created. See Setting up a custom model.

Extends Model with basic query and CRUD support.

Change Event

Listen for model changes using the change event.

MyPersistedModel.on('changed', function(obj) {
   console.log(obj) // => the changed model
});

Apply an update list.

Note: this is not atomic

Get the changes to a model since the specified checkpoint. Provide a filter object to reduce the number of results returned.

Create a checkpoint.

Return the number of records that match the optional "where" filter.

Create new instance of Model, and save to database.

Create a change stream. See here for more info

Create an update list (for Model.bulkUpdate()) from a delta list (result of Change.diff()).

Get the current checkpoint ID.

Destroy all model instances that match the optional where specification.

Destroy model instance with the specified ID.

Get a set of deltas and conflicts since the given checkpoint.

See Change.diff() for details.

Enable the tracking of changes made to the model. Usually for replication.

Check whether a model instance exists in database.

Find all model instances that match filter specification. See Querying models.

Find object by ID with an optional filter for include/fields.

Find one model instance that matches filter specification. Same as find, but limited to one result; Returns object, not collection.

Finds one record matching the optional filter object. If not found, creates the object using the data provided as second argument. In this sense it is the same as find, but limited to one object. Returns an object, not collection. If you don't provide the filter object argument, it tries to locate an existing object that matches the data argument.

Get the Change model. Throws an error if the change model is not correctly setup.

Get the id property name of the constructor.

Get the source identifier for this model or dataSource.

Handle a change error. Override this method in a subclassing model to customize change error handling.

Specify that a change to the model with the given ID has occurred.

Replicate changes since the given checkpoint to the given target model.

Update multiple instances that match the where clause.

Example:

Employee.updateAll({managerId: 'x001'}, {managerId: 'x002'}, function(err, info) {
    ...
});

Update or insert a model instance

Deletes the model from persistence. Triggers destroy hook (async) before and after destroying object.

Get the id value for the PersistedModel.

Get the id property name of the constructor.

Determine if the data model is new.

Reload object from persistence. Requires id member of object to be able to call find.

Save model instance. If the instance doesn't have an ID, then calls create instead. Triggers: validate, save, update, or create.

Set the correct id property for the PersistedModel. Uses the setId method if the model is attached to connector that defines it. Otherwise, uses the default lookup. Override this method to handle complex IDs.

Update a single attribute. Equivalent to updateAttributes({name: 'value'}, cb)

Update set of attributes. Performs validation before updating.

Triggers: validation, save and update hooks

Context middleware.

var app = loopback();
app.use(loopback.context(options);
app.use(loopback.rest());
app.listen();

Serve the LoopBack favicon.

Expose models over REST.

For example:

app.use(loopback.rest());

For more information, see Exposing models over a REST API.

Serve static assets of a LoopBack application.

Return HTTP response with basic application status information: date the application was started and uptime, in JSON format. For example:

{
 "started": "2014-06-05T00:26:49.750Z",
 "uptime": 9.394
}

Rewrite the url to replace current user literal with the logged in user id

Check for an access token in cookies, headers, and query string parameters. This function always checks for the following:

• access_token (params only)
• X-Access-Token (headers only)
• authorization (headers and cookies)

It checks for these values in cookies, headers, and query string parameters in addition to the items specified in the options parameter.

NOTE: This function only checks for signed cookies.

The following example illustrates how to check for an accessToken in a custom cookie, query string parameter and header called foo-auth.

app.use(loopback.token({
  cookies: ['foo-auth'],
  headers: ['foo-auth', 'X-Foo-Auth'],
  params: ['foo-auth', 'foo_auth']
}));

Convert any request not handled so far to a 404 error to be handled by error-handling middleware.

Token based authentication and access control.

Default ACLs

• DENY EVERYONE *
• ALLOW EVERYONE create

Create a cryptographically random access token id.

Find a token for the given ServerRequest.

Validate the token.

A Model for access control meta data.

System grants permissions to principals (users/applications, can be grouped into roles).

Protected resource: the model data and operations (model/property/method/relation/…)

For a given principal, such as client application and/or user, is it allowed to access (read/write/execute) the protected resource?

Check if the request has the permission to access.

Check if the given access token can invoke the method

Check if the given principal is allowed to access the model/property

Calculate the matching score for the given rule and request

Check if the given principal is mapped to the role

Resolve a principal by type/id

Get matching score for the given AccessRequest.

Manage client applications and organize their users.

Authenticate the application id and key.

Register a new application

Reset keys for a given application by the appId

Reset keys for the application instance

Change list entry.

Are both changes deletes?

Determine the differences for a given model since a given checkpoint.

The callback will contain an error or result.

result

{
  deltas: Array,
  conflicts: Array
}

deltas

An array of changes that differ from remoteChanges.

conflicts

An array of changes that conflict with remoteChanges.

Find or create a change for the given model.

Get the checkpoint model.

Create a hash of the given string with the options.hashAlgorithm. Default: sha1

Get an identifier for a given model.

Correct all change list entries.

Track the recent change of the given modelIds.

Get the revision string for the given object

Does this change conflict with the given change.

Get a change's current revision based on current data.

Compare two changes.

Get the Model class for change.modelName.

Determine if the change is based on the given change.

Update (or create) the change with the current revision.

Get a change's type. Returns one of:

• Change.UPDATE
• Change.CREATE
• Change.DELETE
• Change.UNKNOWN

When two changes conflict a conflict is created.

Note: call conflict.fetch() to get the target and source models.

Get the conflicting changes.

Fetch the conflicting models.

Resolve the conflict.

Set the source change's previous revision to the current revision of the (conflicting) target change. Since the changes are no longer conflicting and appear as if the source change was based on the target, they will be replicated normally as part of the next replicate() call.

This is effectively resolving the conflict using the source version.

Resolve the conflict using the supplied instance data.

Resolve the conflict using the instance data in the source model.

Resolve the conflict using the instance data in the target model.

Return a new Conflict instance with swapped Source and Target models.

This is useful when resolving a conflict in one-way replication, where the source data must not be changed:

conflict.swapParties().resolveUsingTarget(cb);

Determine the conflict type.

Possible results are

• Change.UPDATE: Source and target models were updated.
• Change.DELETE: Source and or target model was deleted.
• Change.UNKNOWN: the conflict type is uknown or due to an error.

Email model. Extends LoopBack base Model.

Send an email with the given options.

Example Options:

{
  from: "Fred Foo <foo@blurdybloop.com>", // sender address
  to: "bar@blurdybloop.com, baz@blurdybloop.com", // list of receivers
  subject: "Hello", // Subject line
  text: "Hello world", // plaintext body
  html: "<b>Hello world</b>" // html body
}

See https://github.com/andris9/Nodemailer for other supported options.

A shortcut for Email.send(this).

The Role model

List roles for a given principal.

Check if the user ID is authenticated

Check if a given principal is in the specified role.

Check if a given user ID is the owner the model instance.

Add custom handler for roles.

The RoleMapping model extends from the built in loopback.Model type.

Get the application principal

Get the child role principal

Get the user principal

Resource owner grants/delegates permissions to client applications

For a protected resource, does the client application have the authorization from the resource owner (user or system)?

Scope has many resource access entries

Check if the given scope is allowed to access the model/property

Built-in User model. Extends LoopBack PersistedModel.

Default User ACLs.

• DENY EVERYONE *
• ALLOW EVERYONE create
• ALLOW OWNER deleteById
• ALLOW EVERYONE login
• ALLOW EVERYONE logout
• ALLOW OWNER findById
• ALLOW OWNER updateAttributes

Confirm the user's identity.

A default verification token generator which accepts the user the token is being generated for and a callback function to indicate completion. This one uses the crypto library and 64 random bytes (converted to hex) for the token. When used in combination with the user.verify() method this function will be called with the user object as it's context (this).

Login a user by with the given credentials.

   User.login({username: 'foo', password: 'bar'}, function (err, token) {
     console.log(token.id);
   });

Logout a user with the given accessToken id.

   User.logout('asd0a9f8dsj9s0s3223mk', function (err) {
     console.log(err || 'Logged out');
   });

Normalize the credentials

Create a short lived acess token for temporary login. Allows users to change passwords if forgotten.

Create access token for the logged in user. This method can be overridden to customize how access tokens are generated

Compare the given password with the users hashed password.

Verify a user's identity by sending them a confirmation email.

   var options = {
     type: 'email',
     to: user.email,
     template: 'verify.ejs',
     redirect: '/',
     tokenGenerator: function (user, cb) { cb("random-token"); }
   };

   user.verify(options, next);