ACL for Node.JS. Including authentication and express middleware for authorization.
npm install secure
Register the access control list:
var authenticatedAcl = require('secure/access-control-list')(customLogger)
You can define a custom logger and pass it through, else console will be used by default.
Add resources to the access control list:
authenticatedAcl.addResource('Admin')
This will add create, read, update, delete, and * as resource actions by default.
var accessControl = require('secure/access-control')(
authenticationProvider, // Function to determine if user is authenticated
authenticatedAcl, // Access control list for authenticated users
unauthenticatedAcl, // Access control list for unauthenticated users (can use {} if not necessary)
'admin', // Type, used to set req.session[type] for checking roles
console, // Custom logger, if used
function(req, res) {
// Default failure callback
res.redirect('/login')
})
Add middleware to redirect users trying to access a resource without the appropriate permissions to a failure URL:
app.get(
'/secure/',
accessControl.requiredAccess(resource, action, failureUrl),
function(req, res) {
...
}
)
The ACL can also be checked from within functions, rather than through middleware, for resource/action-specific functionality:
accessControl.isAllowed(req, resource, action) // Returns true/false
Licenced under the New BSD License