1.0.2 • Published 6 years ago

express-voter v1.0.2

Weekly downloads
2
License
MIT
Repository
github
Last release
6 years ago

Express-voter

Instal

npm i --save express-voter

How to use

Before use validation from request or from middleware, you have to implement your system user management, for example with passport.

  1. Add voters
// app.js

// Require module
const expressVoter = require('express-voter');

// ...

// Add voter
expressVoter.addVoter({
    roles: ['view', 'edit'],
    supports: function(role, subject) {

        // Check if role is in voter roles
        if (!this.roles.find((r) => r.toLowerCase() === role.toLowerCase())) {
            return false;
        }

        // Do other check, if subject instance of SomeThing for example
        // ...

        return true;
    },
    validate: function(role, subject, user, callback) {
        // Validate by role
        switch(role){
            case this.roles[0]:

                // ... 

                // Validation OK
                return callback(null, true);
        }
        callback(new Error('this code should not be reached'));
    }
});

/*
// Or
expressVoter.addVoters([
    {
        "name": "voter_A"
        //...
    },{
        "name": "voter_B"
        // ...
    }
]);
*/

// Apply middleware
app.use(expressVoter());
  1. a) Handle validation from request
app.get('/:subjectId', function(req, res, next){

    // Get subject from "subjectId" parameter
    const subject = {};

    req.validateVoters('view', subject, function(err){
        if(err){
            // One or more voters are not valid
            return next(err);
        }

        // Go on
        // ...
    })
});
  1. b) Handle validation from middleware
const subjectGetter = function(req, callback){

    // Get subject from "subjectId" parameter
    const subject = {};

    callback(null, subject);
}

app.get('/:subject', expressVoter.validate('view', subjectGetter), function(req, res, next){

    // Go on
    // ...

});

Voter configuration

KeyTypeRequiredDefaultDescription
namestringno'voter_${index}'The voter name
rolesarray\<string>yesAn array of roles for the voter
supportsfunctionyesThe supports function to know if the voter supports role and subject. Must return true if role and subject are supported by the voter. Pass two arguments, the role and the subject to check
validatefunctionyesThe validate function to know if the current user is granted. This function is called if the supports function return true. Voter pass the validation function if you call callback like "callback(null, true)". Pass four arguments: role, subject, the current user and the callback function
errorTextstringno'ACCESS_DENIED'The voter error text when not valid

Global configuration

app.use(expressVoter({
    // ...
    requestUserKey: 'user'
}));
KeyTypeRequiredDefaultDescription
onNoVotersfunctionnoA function to handle on no voters found
onNoUserfunctionnoA function to handle on user is not found from "request.${requestUserKey}"
formatErrorfunctionnofunction(){...}A function to format error on voters not valid
requestUserKeystringno'user'The request user key to find current user
uservoteraccessroleexpressmiddleware
asyncdebug
@everything-registry/sub-chunk-1637@infinitebrahmanuniverse/nolb-express-v
1.0.2

6 years ago

1.0.1

6 years ago

1.0.0

6 years ago