1.2.4 • Published 4 years ago

@leonardofurnielis1/express-accesscontrol v1.2.4

Weekly downloads
-
License
MIT
Repository
github
Last release
4 years ago

Express Access Control

Codacy Badge License npm Coverage Status

Express Middleware for Role Based Access Control library enable you to manage the requests made to your express server.

Installation

You can download express-accesscontrol from NPM

$ npm install @leonardofurnielis1/express-accesscontrol

then in your project require @leonardofurnielis1/express-accesscontrol

const accessControl = require('@leonardofurnielis1/express-accesscontrol');

or GitHub

$ git clone https://github.com/leonardofurnielis1/express-accesscontrol.git

Guide

First step is to create a file policies.json and place this in project folder. This is the file where we will define the roles that can access our application, and the policies that restrict or give access to certain resources.

Configuration Example

[
  {
    "group": "admin",
    "permissions": [
      {
        "resource": "*",
        "methods": "*",
        "action": "allow"
      }
    ]
  }
  {
    "group": "guest",
    "permissions": [
      {
        "resource": "/auth",
        "methods": ["POST"],
        "action": "allow"
      }
    ]
  }
]
PropertyTypeDescription
groupstringThis property defines the access group to which a user can belong to user, guest, admin.
permissionsstringThis property contains an array of objects that define the resources exposed to a group and the methods allowed/denied.
methodsstring || ArrayThis are http methods that a user is allowed or denied from executing. ["POST", "GET", "PUT"]. use glob * if you want to include all http methods.
actionstringThis property tell access control what action to perform on the permission given. Using the above example, the user policy specifies a deny action, meaning all traffic.

Middleware

config[type: function, params: options { filename,path, prefix, policies}]

This methods loads the configuration json file or array os policies.

config

··filename: Name of the policies file policies.json ··path: Location of the policies file ··prefix: The base url of your API /api/v1 ··policies: Allows you to set policies directly without using config file.

const app = require('express');
const accessControl = require('@leonardofurnielis1/express-accesscontrol');
const path = require('path');

// Using policies file

accessControl.config({
  prefix: '/api/v1',
  path: path.join(__dirname, '/'),
  filename: 'polices.json'
});

// Using policies from array

accessControl.config({
  accessControl: policiesArray,
  prefix: '/api/v1'
});

// Setting express access control middleware

app.use(accessControl.authorize());

Customization

To set custom message error / search path

accessControl.config(options, {
	customMessage: '<Your denied message>',
	// by default the middleware search user group into [req.group, req.session.group, default = 'guest']
	// use `searchPath`, to get user group from diffetent path into request
	searchPath: 'session.user.group' 
	});
};
1.2.4

5 years ago

1.2.3

5 years ago

1.2.2

5 years ago

1.2.1

5 years ago

1.2.0

5 years ago

1.0.1

5 years ago

1.0.0

5 years ago