4.0.0 • Published 4 years ago
@ryanburnette/authorization v4.0.0
authorization
An excruciatingly simple authorization strategy for Node.js http apps.
Installation
npm install @ryanburnette/authorizationUsage
This strategy makes a couple assumptions.
req.useris an object that describes this userreq.user.rolesis an array of strings that describes the roles this user has
A basic implementation looks something like this.
var authorization = require('@ryanburnette/authorization');
// use it on a group of endpoints
app.use(
'/api/widgets',
authorization({ methods: ['GET', 'POST'], roles: ['user', 'admin'] }),
authorization({ methods: ['DELETE'], roles: ['admin'] }),
function (req, res) {
res.statusCode = 200;
res.end();
return;
}
);
// use it on a single endpoint
app.get(
'/api/employees',
authorization({ roles: ['user', 'admin'] }),
function (req, res) {
res.statusCode = 200;
res.end();
return;
}
);
app.use(function (err, req, res, next) {
// catch errors from this strategy
if (err.code === 'UNAUTHORIZED') {
res.statusCode = 401;
res.end();
return;
}
console.error(err);
res.statusCode = 500;
res.end();
});Test
npm install --no-save express axios
node test.js