@clocklimited/secure
v1.0.0
Published
ACL for Node.JS. Including authentication and express middleware for authorization.
Downloads
5
Keywords
Readme
secure
ACL for Node.JS. Including authentication and express middleware for authorization.
Installation
npm install secure
Usage
1. Setup
Register the access control list:
var authenticatedAcl = require('secure/access-control-list')(customLogger)
You can define a custom logger and pass it through, else console
will be used by default.
Add resources to the access control list:
authenticatedAcl.addResource('Admin')
This will add create
, read
, update
, delete
, and *
as resource actions by default.
var accessControl = require('secure/access-control')(
authenticationProvider, // Function to determine if user is authenticated
authenticatedAcl, // Access control list for authenticated users
unauthenticatedAcl, // Access control list for unauthenticated users (can use {} if not necessary)
'admin', // Type, used to set req.session[type] for checking roles
console, // Custom logger, if used
function(req, res) {
// Default failure callback
res.redirect('/login')
})
2. Middleware ACL
Add middleware to redirect users trying to access a resource without the appropriate permissions to a failure URL:
app.get(
'/secure/',
accessControl.requiredAccess(resource, action, failureUrl),
function(req, res) {
...
}
)
3. Non-middleware ACL Checks
The ACL can also be checked from within functions, rather than through middleware, for resource/action-specific functionality:
accessControl.isAllowed(req, resource, action) // Returns true/false
Credits
Licence
Licenced under the New BSD License