npm.io
0.2.2 • Published 20h ago

@rbacbee-lib/postgres

Licence
MIT
Version
0.2.2
Deps
2
Size
52 kB
Vulns
0
Weekly
0
Stars
1

RBACBee logo

RBACBee Lib

A pragmatic TypeScript RBAC toolkit for backend and frontend authorization flows.

core npm client npm nest npm postgres npm cli npm license

Overview

RBACBee Lib separates authorization decisions from transport, persistence and authentication. The core engine is framework-agnostic; adapters connect it to frontend apps, NestJS, PostgreSQL and generated backend templates.

Use it when you need:

  • Role-based authorization with permissions, tenant context and resource scope.
  • A framework-agnostic frontend client for simple UI permission checks.
  • A NestJS guard and decorators that stay independent from your auth strategy.
  • PostgreSQL persistence for roles, permissions and assignments.
  • A CLI that can generate a full NestJS backend and a React frontend demo.
  • Test utilities for fast authorization checks without a database.

Packages

Package Purpose NPM
@rbacbee-lib/core Framework-agnostic RBAC engine, ports, policies and value objects. npm
@rbacbee-lib/client Frontend-friendly client for UI permission checks. npm
@rbacbee-lib/nest NestJS module, decorators, identity resolvers and global guard. npm
@rbacbee-lib/postgres PostgreSQL store and schema migrator for RBAC data. npm
@rbacbee-lib/cli Project generator, migration helpers and diagnostics. npm
@rbacbee-lib/testing Internal test helpers and in-memory repository. workspace

Installation

Install only what your app needs:

pnpm add @rbacbee-lib/core
pnpm add @rbacbee-lib/client @rbacbee-lib/core
pnpm add @rbacbee-lib/nest @rbacbee-lib/core
pnpm add @rbacbee-lib/postgres @rbacbee-lib/core pg

Or generate a ready-to-run NestJS backend:

pnpm dlx @rbacbee-lib/cli create my-api --install
cd my-api
cp .env.example .env
pnpm run db:up
pnpm run db:migrate
pnpm run db:seed
pnpm run start:dev

Generate a matching React frontend:

pnpm dlx @rbacbee-lib/cli create my-web --template react-rbac-client --install
cd my-web
cp .env.example .env
pnpm run dev

The frontend template uses Atomic Design, Zustand stores, TanStack Query and @rbacbee-lib/client for UI authorization checks.

Usage

Create an engine with any repository that implements AccessRepository:

import { createRbacEngine, type AccessRepository } from '@rbacbee-lib/core';

const accessRepository: AccessRepository = {
  async getAccessProfile({ userId }) {
    return {
      userId,
      loadedAt: new Date(),
      roles: [{ id: 'admin', name: 'Admin' }],
      permissions: [{ key: 'users:read', sourceRoleId: 'admin' }]
    };
  }
};

const rbac = createRbacEngine({ accessRepository, cacheTtlMs: 30_000 });
const result = await rbac.can({ userId: 'user-1' }, 'users:read');

console.log(result.decision); // allow | deny

Frontend applications can use the client facade:

import { createRbacClient } from '@rbacbee-lib/client/client';
import { createHttpAccessRepository } from '@rbacbee-lib/client/http';

const rbac = createRbacClient({
  principal: { userId: 'user-1', tenantId: 'tenant-1' },
  accessRepository: createHttpAccessRepository({
    endpoint: '/api/rbac/access-profile',
    credentials: 'include'
  })
});

const showEditButton = await rbac.can('posts:update');

Examples

NestJS Guard
import { Module } from '@nestjs/common';
import { APP_GUARD } from '@nestjs/core';
import { RbacGuard, RbacModule, RequirePermission } from '@rbacbee-lib/nest';

@Module({
  imports: [
    RbacModule.forRoot({
      accessRepository,
      identity: { strategy: 'jwt', userIdPath: 'user.sub', tenantIdPath: 'user.tenantId' },
      cacheTtlMs: 30_000
    })
  ],
  providers: [{ provide: APP_GUARD, useExisting: RbacGuard }]
})
export class AppModule {}

class UsersController {
  @RequirePermission('users:read')
  listUsers() {
    return [];
  }
}
PostgreSQL Store
import { createPostgresRbacStore } from '@rbacbee-lib/postgres';

const store = createPostgresRbacStore({ connectionString: process.env.DATABASE_URL });

await store.migrate();
await store.createRole({ id: 'admin', name: 'Admin', permissions: ['users:read'] });
await store.assignRole({ userId: 'user-1', roleId: 'admin', tenantId: 'tenant-1' });

Documentation

  • docs/installation.md - setup guide.
  • docs/quickstart-nest.md - NestJS quickstart.
  • docs/frontend-client.md - framework-agnostic frontend integration.
  • docs/postgres.md - PostgreSQL adapter details.
  • docs/security.md - security model and defaults.
  • examples/ - integration examples.

Contributing

Contributions are welcome. Please keep changes small, typed and tested.

pnpm install
pnpm typecheck
pnpm test
pnpm build

For package changes, update the relevant README and add a changeset when a release is needed.

Author

Created and maintained by Bryan-Herrera-DEV.

License

MIT

Keywords