2.0.0 • Published 7 years ago
@terrajs/imperium v2.0.0
Node.js module to control your user's authorizations (ACL).
Installation
npm install --save @terrajs/imperium
Usage
const imperium = require('imperium')
Roles
Define the different roles of your applications.
You can use imperium.role('...', (req) => {})
as a setter to create a role.
The function (can be asynchronous
by returning a Promise
) will be used to determine if your user has the role.
You can for example get your user in MongoDB and return :
- a
Boolean
(true
if user has the corresponding role, otherwisefalse
) - an
Object
to compare with the route actions
imperium.role('admin', async (req) => {
return req.session.role === 'admin'
})
imperium.role('user', async (req) => {
return { user: req.session.userId }
})
Actions
You can use imperium.role('...')
as a getter in order to use the can
and is
functions.
imperium.role('user')
.can('seeUser', { user: '@' })
.can('manageUser', { user: '@' }) // '@' means itself
imperium.role('admin')
.is('user', { user: '*' }) // '*' means all, so admin can see and manage all users
Middleware
You can use Imperium middleware (can / is) in any Express app.
// Use imperium.can(...) to secure the route with actions
app.get('/users', imperium.can('seeUser'), ...)
app.get('/users', imperium.can(['seeUser', 'manageUser']), ...) // array acts as an AND
app.get('/users/:userId', imperium.can({ action: 'seeUser', user: ':userId' }), ...)
app.put('/users/:userId', imperium.can([{ action: 'manageUser', user: ':userId' }]), ...)
// Use imperium.is(...) to secure the route with roles
app.get('/users', imperium.is('admin', ...))
app.get('/users', imperium.is(['admin', 'user'], ...)) // array acts as an OR
Credits
This project has been possible thanks to Neo9.
Inspired by the work of Matthieu Oviedo.
Logo made by Romane Forgue.
License
MIT