allowif
allowIf is Express.js middleware that handles role- and permission-based authorization.
Last updated 5 years ago by jontanderson .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install allowif 
SYNC missed versions from official npm registry.

Synopsis

Authorization is needed in most websites to control access to sensitive information. AllowIf provides a light-weight, flexible Express.js middleware solution that controls access based on roles, activities, or both.

Installation

$ npm install allowif

Usage

In the Express configuration, specify the can and/or isa Authorities. These should be functions that assign a list of valid authorization strings to the req object (req.allowif.can or req.allowif.isa). Usually the permissions are based on a user that has been authenticated. For example, AllowIf works very well if added to the middleware stack after modules such as Passport. See the examples in GitHub.

NOTE: You do not need to use both the can and isa Authorities.

Either can work independently or can be combined to handle more complex permission conditions

var allowIf = require('allowif')
var express = require('express')
var express-session = require('express-session')
var passport = require('passport')

app = express()
app.use(passport.initialize())
app.use(passport.session())

// using the can Authority
app.use(allowIf.canAuthority(function() {
  return function(req,res,next) {
    if (typeof req.user != 'undefined') {
      if (typeof req.allowif == 'undefined') req.allowif = {}
      Users.findById(req.user.id,function(err,user) {
        if (err) return next(err)
        req.allowif.can = user.can
      })
    }
    next()
  })
})

// using the isa Authority
app.use(allowIf.isaAuthority(function(req,res,next) {
  return function(req,res,next) {
    if (typeof req.user != 'undefined') {
      if (typeof req.allowif == 'undefined') req.allowif = {}
      Users.findById(req.user.id,function(err,user) {
        if (err) return next(err)
        req.allowif.isa = user.isa
      })
    }
    next()
  })
})

In specifying an Express route, use the following syntax:

app.get("/users"
      , allowIf.isa("user")
      , UserController.list)

app.get("/users/edit/:userid"
      , allowIf.isa("administrator")
      , UserController.edit)

See the examples and test folders for more usage tips here.

Contributors

Feel free to contribute to the project through GitHub.

License

This code is licensed through the MIT license agreement. See LICENSE file for more information.

Current Tags

  • 0.0.2                                ...           latest (5 years ago)

2 Versions

  • 0.0.2                                ...           5 years ago
  • 0.0.1                                ...           5 years ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 1
Last Day 0
Last Week 1
Last Month 1
Dependencies (2)
Dev Dependencies (3)
Dependents (2)

Copyright 2014 - 2016 © taobao.org |