Skip to content

ACL for Node.JS. Including authentication and express middleware for authorization.

Notifications You must be signed in to change notification settings

domharrington/secure

Repository files navigation

secure

ACL for Node.JS. Including authentication and express middleware for authorization.

build status

Installation

npm install secure

Usage

1. Setup

Register the access control list:

var authenticatedAcl = require('secure/access-control-list')(customLogger)

You can define a custom logger and pass it through, else console will be used by default.

Add resources to the access control list:

authenticatedAcl.addResource('Admin')

This will add create, read, update, delete, and * as resource actions by default.

var accessControl = require('secure/access-control')(
  authenticationProvider, // Function to determine if user is authenticated
  authenticatedAcl, // Access control list for authenticated users
  unauthenticatedAcl, // Access control list for unauthenticated users (can use {} if not necessary)
  'admin', // Type, used to set req.session[type] for checking roles
  console, // Custom logger, if used
  function(req, res) {
    // Default failure callback
    res.redirect('/login')
  })

2. Middleware ACL

Add middleware to redirect users trying to access a resource without the appropriate permissions to a failure URL:

app.get(
  '/secure/',
  accessControl.requiredAccess(resource, action, failureUrl),
  function(req, res) {
    ...
  }
)

3. Non-middleware ACL Checks

The ACL can also be checked from within functions, rather than through middleware, for resource/action-specific functionality:

accessControl.isAllowed(req, resource, action) // Returns true/false

Credits

Dom Harrington

Paul Serby

Luke Wilde

Licence

Licenced under the New BSD License

About

ACL for Node.JS. Including authentication and express middleware for authorization.

Resources

Stars

Watchers

Forks

Packages

No packages published