Skip to content

adalcinojunior/simple-express-authorization

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Simple Express Authorization -

Scopes based authorization middleware. Ideal for app express or derivative such as express-gateway

node npm mocha chai supertest nyc Coverage Status Build Status

Installation

$ npm i simple-express-authorization

Usage the simple-express-authorization

When there is a single setting

const app = require('express')
const guard = require('simple-express-authorization')

const settings = {
    responseCaseError: {
        code: 403,
        message: "FORBIDDEN",
        description: "Authorization failed due to insufficient permissions.",
        redirect_link: "/auth"
    },
    logicalStrategy: 'AND',
    flowStrategy: "NEXTWITHERROR"
};

guard.config(settings)

app.get('/users', guard.check(['users:read', 'users:readAll']), () => {
    return [];
}))

app.get('/users/:userId', guard.check(['users:read']), () => {
    return {};
}))
...

When there are local settings

const app = require('express')
const guard = require('simple-express-authorization')

const settingsGetAll = {
    responseCaseError: {
        code: 403,
        message: "FORBIDDEN",
        description: "Authorization failed due to insufficient permissions.",
        redirect_link: "/auth"
    },
    logicalStrategy: 'AND',
    flowStrategy: "NEXTWITHERROR"
};

const settingsGet = {
    responseCaseError: {
        code: 403,
        message: "FORBIDDEN",
        description: "Authorization failed due to insufficient permissions.",
        redirect_link: "/auth"
    },
    logicalStrategy: 'AND',
    flowStrategy: "RETURNRESPONSE"
};

guard.config(options)

app.get('/users', guard.check(['users:read', 'users:readAll'],settingsGetAll), () => {
    return [];
}))

app.get('/users/:userId', guard.check(['users:read'],settingsGet), () => {
    return {};
}))
...

Possibles settings

settings = {
    /** Specific where we find user scopes
    * By default we use -> req.user.scope
    * Observation: 
    *      - userScopesLocation is a string
    *      - req.user.scope is expected to be of type Array.
    * 
    * When informed "a.b.c" we use -> req['a']['b']['c']
    */
    userScopesLocation: "DEFAULT",

    /** Specifies the logical strategy used to evaluate user scopes
    * By default we use -> OR
    * Observation: 
    *      - logicalStrategy is a string
    *      - We currently only support "OR" and "AND".
    */
    logicalStrategy: "OR",

    /** Specifies the return object if the user does not have the expected scopes.
     *  responseCaseError is the content returned in the response body when flowStrategy
     *  is not modified, or when it is set to the default value "RETURNRESPONSE"
     */
    responseCaseError: {
        code: 403,
        message: "FORBIDDEN",
        description: "Authorization failed due to insufficient permissions.",
        redirect_link: "/auth"
    },

    /** Specifies the flow strategy used when the user does not have the expected scopes
     * By default we use -> RETURNRESPONSE
     * Observation: 
     *      - flowStrategy is a string
     *      - "RETURNRESPONSE"-> When the user does not have the required scopes,
     *      the object responseCaseError is returned.
     *      - "NEXTWITHERROR"-> When the user does not have the required scopes,
     *      the next() function is called passing the responseCaseError object.
     *      -  We currently only support "RETURNRESPONSE" and "NEXTWITHERROR".
     */
    flowStrategy: "RETURNRESPONSE"
}

Running tests

Unitary tests

Run npm run test:unit to execute the unit tests.

Integration tests

Run npm run test:integration to execute the integration tests.

Coverage tests

Run npm run test:coverage to execute the coverage tests.

About

Scopes based authorization middleware for express applications.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published