@anyfin/acl
v1.1.13
Published
Access control utilities for nodejs services
Downloads
79
Keywords
Readme
🛡 Anyfin ACL
Access control utilities for nodejs services. These can be used with/without graphql.
This is required for all services that are contributing to the client facing apollo federation graph.
Why dont we just implement this in the apollo federation gateway ?
Because apollo federation is a gateway. Its only job is to route the requests. It doesnt allow any modification of schema. Hence we cant add any directives at the gateway level that can be used by upstream services.
Since the roles and permissions for each field in the schema is controlled by the respective services the logic needs to live within these services itself.
Hence this npm module aims to share the common acl code that is required for these services and aims to keep all the services in sync.
Installation
yarn add @anyfin/acl
Make sure you have installed these peer dependencies on your services
"graphql": ">=15.0.0",
"apollo-server-express": ">=2.16.0"
GraphQL Usage
import { authDirectiveTypeDef, AuthDirective } from '@anyfin/acl';
.
.
.
// Register the schema directive
SchemaDirectiveVisitor.visitSchemaDirectives(schema, {
auth: AuthDirective,
});
.
.
.
// Make sure to add authDirectiveTypeDef to your typedefs
const schema = makeExecutableSchema({
typeDefs:[...yourTypeDefs, authDirectiveTypeDef],
resolvers
});
This will add the following directive on your graphql schema
@auth(permissions: [String!], roles: [String!]) on FIELD_DEFINITION
Also, the directive expects that the graphql context has user
object from the decoded jwt present in it.
So make sure you decode the jwt from the request header and add it to the context.
export default new ApolloServer({
schema,
context: ({ req }: Params) => ({
.
.
user: req.user,
.
.
.
})
});
Non GraphQL usage:
import { hasUserAccess, Roles, Permissions } from '@anyfin/acl';
const user = {
roles: [Roles.customer.key],
permissions: [Permissions.Application.LIST],
};
// Check if user has a permission
hasUserAccess(user, [Permissions.Aml.LIST]); // ---> false
hasUserAccess(user, [Permissions.Application.LIST]); // ---> true
hasUserAccess(user, [Customer.Read.SELF]); // ---> true
// check if user matches a complete role
hasUserAccess(user, [], [Roles.employee.key]); // ---> false
hasUserAccess(user, [Roles.customer.key]); // ---> true
Getting started
git clone
this repo.yarn install
installs dependenciesyarn test
for test mode.yarn lint
for linting.yarn build
for building the library.
Deploy/Publish
In order to deploy new versions, simply bump the version in package.json
and create a new github release.
Github action should automagically deploy it to npm. ✨