moze v0.1.0

Moze

A dead simple expressjs middleware for activity based authorization. It lets you easily define what routes your users are allowed to access.

Moze is an authorization middleware. This is not the same thing as authentication. If you're looking for an authentication middleware, we recommend passport.

Installation

npm install --save moze

Usage

var express = require('express');
var moze = require('moze');

var app = express();

// ...

// Initialize moze. We specify how to get the activities the
// current user is allowed to perform.
app.use(moze.init(function(req) {
  // For this example, we assume that our authentication middleware defines the
  // req.user object which holds an array of the activities that the user is
  // allowed perform.
  return req.user.allowedActivities;
}))

// ...

// routes
app.get('/posts',
  authenticate, // some authentication middleware
  moze.may('browse blog'),
  getBlogAllPosts // handler
);

app.post('/posts',
  authenticate, // some authentication middleware
  moze.may('write blog posts'),
  createBlogPost // handler
);

app.get('/posts/:id',
  authenticate, // some authentication middleware
  moze.may('browse blog', 'write blog posts'),
  getBlogPost // handler
);

app.put('/posts/:id',
  authenticate, // some authentication middleware
  moze.may('write blog posts'),
  editBlogPost // handler
);

app.get('/posts/:id/comments',
  authenticate, // some authentication middleware
  moze.may('browse blog'),
  getBlogPostComments // handler
);

app.post('/posts/:id/comments',
  authenticate, // some authentication middleware
  moze.may('write comments'),
  createComment // handler
);

Development

Setup

Install dependencies

npm install

Testing

You can run the tests once with

npm test

You can have the tests run every time you change something with

npm test -- --watch