1.0.0 • Published 2 years ago
@permify/permify-express-middleware v1.0.0
Permify Express.js Authorization Middleware
Perform authorization check in your Express.js API endpoints using Permify
Installation
Use npm
to install:
npm install @permify/permify-express-middleware
Use yarn
to install:
yarn add @permify/permify-express-middleware
Usage
Creating Middleware
Call createMiddleware
function with your coresponding keys to get a configured middleware function isAuthorized:
const Permify = require("@permify/permify-express-middleware");
const { isAuthorized } = Permify.createMiddleware({"workspace_id", "private_API_token"});
Using the IsAuthorized
Once you've initialized the middleware as shown above, you can use isAuthorized
middleware to protect your API routes.
Parameters
PolicyName
(mandatory)
Custom Permify Policy name.
UserID
(mandatory)
Id of the User
ResourceID
(optional)
Id of the Resource, mandatory if any resource used or accessed when creating Rule.
ResourceType
(optional)
Type or name of the Resource, mandatory if any resource used or accessed when creating Rule.
// Example case: Is user has a access to see specific contact details or not.
// We pass optional params resource id and resource type
// because of the condition: is user contact itself (resource owner)
app.get(
"/api/contact/:contactId",
isAuthorized("contact-show", req.user.id, req.params.contactId, "contact"),
(req, res) => {
const { contactId } = req.params;
const contact = geContact(contactId);
if (!contact) {
res.sendStatus(404);
return;
}
res.json(contact);
}
);
Documentation
1.0.0
2 years ago