Skip to content
This repository has been archived by the owner on Jul 22, 2020. It is now read-only.

Example integration of CASL in expressjs app

License

Notifications You must be signed in to change notification settings

stalniy/casl-express-example

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Example of CASL integration in expressjs app

DEPRECATED

The example has been moved to https://github.com/stalniy/casl-examples/tree/master/packages/express-blog


Read CASL in Expressjs app for details.

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access.

This is an example application which shows how integrate CASL in blog application. There are 3 entities:

  • User
  • Post
  • Comment

Application uses passport-jwt for authentication. Permission logic (i.e., abilities) are define in src/auth/abilities.js. Rules can be specified for authenticated and anonymous users, so potentially it's quite easy to give access anonymous users to leave comments in blog. The main logic is built on top of modules (src/modules)

Note: refactored to use CASL 2.0. See @casl/ability and @casl/mongoose for details. Warning: this code is just an example and doesn't follow best practices everywhere (e.g. it stores passwords without hashing).

Note #2: in order to use with Vuex example switch to branch vue-api

Installation

git clone https://github.com/stalniy/casl-express-example.git
cd casl-express-example
npm install
npm start # `npm run dev` to run in dev mode

Also you need mongodb database up and running. Application will connect to mongodb://localhost:27017/blog

Instruction to login

  1. Create new user
POST http://localhost:3030/users
{
  "user": {
    "email": "casl@medium.com",
    "password": "password"
  }
}
  1. Create new session
POST http://localhost:3030/session
{
  "session": {
    "email": "casl@medium.com",
    "password": "password"
  }
}

201 Created
{ "accessToken": "...." }
  1. Put access token in Authorization header for all future requests

Routes

  • /posts
  • /posts/:id/comments
  • /users
  • /session

To create or update an entity you need to send parameters in wrapper object, which key equals entity name. For example, to create new user you send:

{
  "user": {
    "....": "...."
  }
}

to create a post you send

{
  "post": {
    "....": "...."
  }
}

About

Example integration of CASL in expressjs app

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published