@policer-io/pdp-ts
v1.0.10
Published
The Policer PDP SDKs allow to control access within your application based the Policer Access Control Policy.
Downloads
11
Maintainers
Readme
Policy Decision Point — Typescript/Javascript
The policer.io Policy Decision Point (PDP) client library for typescript and javascript projects.
:star: Give us a Star!
Support the project by giving it a GitHub Star!
:gem: Why @policer-io/pdp-ts
?
Advanced access control with one line of code with policy as data:
const {
grant, // allow or deny access
filter, // generate DB query filters
projection, // show or hide document properties
setter, // set document properties
} = pdp.can(
['editor', 'publisher'], // the user's roles
'article:publish', // the operation to check
{
user: { _id: 'some-user-id-003' },
document: {
published: false,
createdBy: 'other-user-id-007',
},
} // attributes of user, document or context
)
Learn more about the benefits and features of policer.io!
:floppy_disk: Installation
Prerequisites
- Node >= v20.x is required
- policer.io Policy Center instance (learn more)
- self-hosted
- https://cloud.policer.io (coming soon)
Install
Use yarn command
yarn add @policer-io/pdp-ts
or npm command
npm install --save @policer-io/pdp-ts
:orange_book: Usage
Connect to Policy Center
The PDP connects to a policer.io Center Instance to load the policy (roles and permissions) for a given application. Therefore create and connect a PDP
instance with:
import PDP from '@policer-io/pdp-ts'
type RoleName = 'reader' | 'editor' | 'publisher'
const pdp = await PDP.create<RoleName>({
applicationId: '65f0674f39d8a1a5ef805ca7',
hostname: 'cloud.policer.io',
})
Make Policy Decisions
//// 1. prepare policy decision inputs
/** the user's roles */
const roles: RoleName[] = ['editor', 'publisher']
/** the operation to check */
const operation: string = 'article:publishBatch'
/** attributes of user, document or context */
const attributes: Record<string, unknown> = {
user: {
_id: 'some-user-id-003',
magazine: 'The New Yorker',
},
document: {
published: false,
createdBy: 'other-user-id-007',
},
}
//// 2. perform policy decision/check
const { grant, filter, projection, setter } = pdp.can(roles, operation, attributes)
//// 3. use policy decision result
if (grant) {
// if authorized
// query documents and document properties based on policy decision result (`filter` & `projection`)
const articles = await db.articles.find({ $and: [{ status: 'ready' }, filter] }, projection).exec()
// set or overwrite some document fields based on policy decision result (`setter`), for example `article.magazine`
articles.forEach((article) => {
publish({ ...article, ...setter })
})
} else {
// if not authorized
throw new Error('403 Forbidden')
}
:bug: Bugs
Please report bugs by creating a bug issue.
:construction_worker_man: Contribute
You can contribute to policer.io by
- improving typescript PDP (this package)
- implementing policer.io PDP for other programming languages
- developing on the policer.io ecosystem in general
Either way, let's talk!
Development
Prerequisites
- Node Version Manager
- node: version specified in
.nvmrc
- node: version specified in
- Yarn
Install
yarn install
Test
yarn test
or
yarn test:watch
Commit
This repository uses commitlint to enforce commit message conventions. You have to specify the type of the commit in your commit message. Use one of the supported types.
git commit -m "[type]: my perfect commit message"
:speech_balloon: Contact
Talk to us via policer.io
:lock_with_ink_pen: License
The code is licensed under the MIT License