Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Latest commit

 

History

History
128 lines (106 loc) · 2.65 KB

README.md

File metadata and controls

128 lines (106 loc) · 2.65 KB

koa-accesscontrol

This is koa middleware for accesscontrol

Middleware filters request body and also response body.

Installation

npm i koa-accesscontrol

Grants

Grants can be loaded from the database or file.

export default {
  admin: {
    users: {
      'create:any': ['*'],
      'read:any': ['*'],
      'update:any': ['*'],
      'delete:any': ['*'],
    },
  },
  user: {
    users: {
      'create:any': ['uuid'],
      'read:own': ['uuid', 'firstname', 'lastname'],
      'update:own': ['firstname', 'lastname', 'email', 'phone'],
      'delete:own': ['uuid'],
    },
  },
};

Usage Example

Use grants object when initializing the Middleware. Also specify the location of user role. If no operands are specified when using the middleware, checking the ownership of the resource will be skipped.

TypeScript

import * as Koa from 'koa';
import * as Router from 'koa-router';
import { Authorization } from 'koa-accesscontrol';

const grants = {
  user: {
    users: {
      'create:any': ['uuid'],
      'read:own': ['uuid', 'firstname', 'lastname'],
      'update:own': ['firstname', 'lastname', 'email', 'phone'],
      'delete:own': ['uuid'],
    },
  },
};

const app = new Koa();
const router = new Router();
const auth = Authorization(grants, `request.headers.x-something-role`);

router.get('/users',
  auth({
    resource: 'users',
  }), (ctx, next) => {
    ctx.body = 'All users';
  });

router.get('/users/:uuid',
  auth({
    resource: 'users',
    operands: [`request.headers.x-something-uuid`, `params.uuid`],
  }), (ctx, next) => {
    ctx.body = 'One user';
  });

app
  .use(router.routes())
  .use(router.allowedMethods());

app.listen(8080);

JavaScript

const Koa = require('koa');
const Router = require('koa-router');
const { Authorization } = require('koa-accesscontrol');

const grants = {
  user: {
    users: {
      'create:any': ['uuid'],
      'read:own': ['uuid', 'firstname', 'lastname'],
      'update:own': ['firstname', 'lastname', 'email', 'phone'],
      'delete:own': ['uuid'],
    },
  },
};

const app = new Koa();
const router = new Router();
const auth = Authorization(grants, `request.headers.x-something-role`);

router.get('/users',
  auth({
    resource: "users",
  }), (ctx, next) => {
    ctx.body = "All users";
  });

router.get('/users/:uuid',
  auth({
    resource: "users",
    operands: [`request.headers.x-something-uuid`, `params.uuid`],
  }), (ctx, next) => {
    ctx.body = "One user";
  });

app
  .use(router.routes())
  .use(router.allowedMethods());

app.listen(8080);

Todo

  • Enable option to overwrite actions used for methods