1.0.1 • Published 5 years ago

ottis v1.0.1

Weekly downloads
6
License
ISC
Repository
github
Last release
5 years ago

Ottis

:cop: An authorization library for nodejs server applications. This library is ideal for both large and small applications with numerous user entities.(roles)

Usage :

Routes are parsed with regex, hence you should declare them in the order which they are arranged in your main application. Else the regex parser used will match the wrong routes. 

// filename: auth.js 
const Ottis = require('../lib');
const router = Ottis.router;

const auth = Ottis(["admin","manager"]);

// looad configuration for various users
auth
.addConfigFor('admin')
.forResource('customers')({
  config: [router("*").all()]
}) 
.forResource('anonymous-customers')({
  config: [router("*").all()]
}).forResource('products')({
  config: [
    router("/").get().post().done(),
    router("/:id").get().put().delete().done(),
    router("/:id/location/:name").get().done()
  ]
})

module.exports = auth.User;
// filename: middleware.js

const User = require('./auth.js');

function authorizeRequestTo(resource) {
  return (req, res, next) {
    /* 
      This is all on you. You can decide to populate 
      the user's rolename on a different variable
      (other than roleName). This just an example. 
    */
    const roleName = req.user.role.toLowercase();
    const canAccess = User(roleName).canAccess({
      resource: resource.toLowerCase(), 
      request: req
    });
    if (canAccess) {
      next()
    } else {
      next(new unAuthorizedError())
    }
  }
}

function authenticateRequest() {
  /* your authentication code here */
}

module.exports = {
  authenticateRequest,
  authorizeRequestTo
}
// filename: routes/customers.js

const {authorizeRequestTo} = require('./middleware.js');
const router = require('express').Router;

router('/', authorizeRequestTo('customers'), (req, res) => {
  console.log('admin can access this route')
})
// filename: routes/anonymousUsers.js

const {authorizeRequestTo} = require('./middleware.js');
const router = require('express').Router;

router('/', authorizeRequestTo('anonymous-users'), (req, res) => {
  console.log('admin can access this route')
})
role-based-access-controlauthorizationnodejs
regexparam
@infinitebrahmanuniverse/nolb-ot@everything-registry/sub-chunk-2392@zalastax/nolb-ot
1.0.1

5 years ago

1.0.0

5 years ago