Skip to content
This repository has been archived by the owner on Oct 13, 2022. It is now read-only.

Tethik/express-rbac-authz-middleware

BranchesTags

Repository files navigation

README

Work in progress. A simple RBAC Authorization middleware for Express. Written in typescript for all your code autocompletion needs.

npm i --save express-rbac-authz-middleware

import { AuthzMiddleware } from 'express-rbac-authz-middleware';

Sample usage

import { AuthzMiddleware } from 'express-rbac-authz-middleware';

const app = express()

const options = {
tokenDecoder: (req) => ({
    id: '123',
    roles: ['user']
})
}

app.use(AuthzMiddleware(options))
app.get('/user', (req, resp) => {
    req.authz.all('user')
    resp.json({ msg: 'Hello User' })    
})
app.get('/admin', (req, resp) => {
    req.authz.is('admin') // throws AuthzError
    resp.json({ msg: 'Hello Admin' })    
})
app.get('/guest', (req, resp) => {    
    resp.json({ msg: 'Hello Guest' })    
})

Setup

In your express app:

const options = {
tokenDecoder: (req) => ({
    id: '123',
    roles: ['user']
})
}

app.use(AuthzMiddleware(options))

API

The API is exposed on the Express Request interface via the authz property.

It has the following functions which you can use to assert authorization rules: is,all,any

On authorization failure, e.g. a token with roles [user] trying to access a resource protected by req.auth.is("admin"), the function throws an AuthzError. If you want to use a boolean interface instead, you can use the auth.checks methods. These are the same predicates as above but they return booleans as result instead of throwing an error.

Roles as an enum

Alternatively you don't have to use strings as your roles. Here's an example using enums:

  enum Roles {
    Admin = 1,
    User = 2,
    Support = 3
  }

  const options: AuthzMiddlewareOptions = {
    tokenDecoder: req => ({
      id: '123',
      roles: [Roles.Admin, Roles.Support]
    })
  }

Then later in your route you could do the following:

app.get('/admin', (req, resp) => {
    req.authz.is(Roles.Admin)
    resp.json({ msg: 'Hello Admin' })
})

NPM scripts

  • npm t: Run test suite
  • npm start: Run npm run build in watch mode
  • npm run test:watch: Run test suite in interactive watch mode
  • npm run test:prod: Run linting and generate coverage
  • npm run build: Generate bundles and typings, create docs
  • npm run lint: Lints code
  • npm run commit: Commit using conventional commit style (husky will tell you to use it if you haven't 😉)

About

An authorization middleware for Express

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages