@permify/permify-express-middleware v1.0.0

Permify Express.js Authorization Middleware

Perform authorization check in your Express.js API endpoints using Permify

Installation

Use npm to install:

npm install @permify/permify-express-middleware

Use yarn to install:

yarn add @permify/permify-express-middleware

Usage

Creating Middleware

Call createMiddleware function with your coresponding keys to get a configured middleware function isAuthorized:

const Permify = require("@permify/permify-express-middleware");
const { isAuthorized } = Permify.createMiddleware({"workspace_id", "private_API_token"});

Using the IsAuthorized

Once you've initialized the middleware as shown above, you can use isAuthorized middleware to protect your API routes.

Parameters

• PolicyName (mandatory)

Custom Permify Policy name.

• UserID (mandatory)

Id of the User

• ResourceID (optional)

Id of the Resource, mandatory if any resource used or accessed when creating Rule.

• ResourceType (optional)

Type or name of the Resource, mandatory if any resource used or accessed when creating Rule.

// Example case: Is user has a access to see specific contact details or not.
// We pass optional params resource id and resource type 
// because of the condition: is user contact itself (resource owner)
app.get(
  "/api/contact/:contactId",
  isAuthorized("contact-show", req.user.id, req.params.contactId, "contact"),
  (req, res) => {
    const { contactId } = req.params;
    const contact = geContact(contactId);

    if (!contact) {
      res.sendStatus(404);
      return;
    }

    res.json(contact);
  }
);

Documentation

• Permify Docs