1.6.0 • Published 2 years ago

mongodb-security v1.6.0

Weekly downloads
340
License
SSPL
Repository
github
Last release
2 years ago

mongodb-security npm

Portable business logic of MongoDB security model, mostly string formatting.

Usage

var security = require('mongodb-security');

security.humanize({cluster: true})
.should.equal('For the deployment');

security.humanize({collection: 'users', db: 'mscope'})
.should.equal('On mscope.users');

security.humanize({collection: '', db: 'mscope'})
.should.equal('On any any collection in the mscope database');

security.humanize({collection: 'users', db: ''})
.should.equal('On the users collection in any database');

Example

var MongoClient = require('mongodb').MongoClient;
var security = require('../');
var format = require('util').format;

var username = 'reportsUser';
var password = 'foo';
var authDB = 'reporting';

var url = 'mongodb://localhost:30000/%s';

MongoClient.connect(format(url, authDB), function(err, db) {
    if (err) {
        throw err;
    }

    // log in as that user
    db.authenticate(username, password, function(err, res) {
    // get the user info with privileges
        db.command({
            usersInfo: {
                user: username,
                db: authDB
            },
            showPrivileges: true
        }, function(err, res) {
            if (err) {
                throw err;
            }

            var user = res.users[0];
            console.log(JSON.stringify(user, null, 2));

            // check if user has listDatabases privilege with cluster resource
            var listDatabasesAllowed = security.getResourcesWithActions(
                user, ['listDatabases']).length === 1;

            // if allowed, run listDatabases command, if not, set to [].

            // merge with databases from user info on which the user is allowed to
            // call listCollections
            var databases = security.getResourcesWithActions(
                user, ['listCollections'], 'database').map(function(resource) {
                return resource.db;
            });

            console.log('user can run listCollections on:', databases);

            // run listCollections on all databases, gather all namespaces

            // add required privilege actions here
            // @see https://docs.mongodb.org/manual/reference/privilege-actions/
            var compassActions = ['find', 'collStats'];

            // combine namespaces with ones that user has find+collStats privilege
            var namespaces = security.getResourcesWithActions(
                user, compassActions, 'collection').map(function(resource) {
                return resource.db + '.' + resource.collection;
            });

            console.log('user can run find + collStats on:', namespaces);

            db.close();
        });
    });
});

api

security.humanize(:resource)

Take the :resource of a MongoDB grant and hand back a literate sentence prefix.

todo

mongodbmongodb.js
debuglodash.everylodash.foreach
@infinitebrahmanuniverse/nolb-mongod@everything-registry/sub-chunk-2198@zalastax/nolb-mongod
1.6.0

2 years ago

1.5.0

2 years ago

1.4.0

2 years ago

1.3.0

3 years ago

1.2.1

3 years ago

1.2.0

3 years ago

1.1.1

3 years ago

1.1.0

3 years ago

1.0.0

3 years ago

0.2.1

3 years ago

0.2.0

4 years ago

0.1.0

4 years ago

0.0.4

8 years ago

0.0.3

8 years ago

0.0.1

8 years ago