@terrajs/imperium v2.0.0

Node.js module to control your user's authorizations (ACL).

Installation

npm install --save @terrajs/imperium

Usage

const imperium = require('imperium')

Roles

Define the different roles of your applications.

You can use imperium.role('...', (req) => {}) as a setter to create a role.

The function (can be asynchronous by returning a Promise) will be used to determine if your user has the role.

You can for example get your user in MongoDB and return :

• a Boolean (true if user has the corresponding role, otherwise false)
• an Object to compare with the route actions

imperium.role('admin', async (req) => {
	return req.session.role === 'admin'
})

imperium.role('user', async (req) => {
	return { user: req.session.userId }
})

Actions

You can use imperium.role('...') as a getter in order to use the can and is functions.

imperium.role('user')
	.can('seeUser', { user: '@' })
	.can('manageUser', { user: '@' }) // '@' means itself

imperium.role('admin')
	.is('user', { user: '*' }) // '*' means all, so admin can see and manage all users

Middleware

You can use Imperium middleware (can / is) in any Express app.

// Use imperium.can(...) to secure the route with actions
app.get('/users', imperium.can('seeUser'), ...)
app.get('/users', imperium.can(['seeUser', 'manageUser']), ...) // array acts as an AND

app.get('/users/:userId', imperium.can({ action: 'seeUser', user: ':userId' }), ...)

app.put('/users/:userId', imperium.can([{ action: 'manageUser', user: ':userId' }]), ...)

// Use imperium.is(...) to secure the route with roles
app.get('/users', imperium.is('admin', ...))
app.get('/users', imperium.is(['admin', 'user'], ...)) // array acts as an OR

Credits

This project has been possible thanks to Neo9.

Inspired by the work of Matthieu Oviedo.

Logo made by Romane Forgue.

License

MIT