npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

abilityjs

v1.0.1

Published

Simple routed-based ACL component for express.js base on Ability (https://github.com/scottkf/ability-js)

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

damianfabiandamianfabian

Keywords

abilityaclauthenticaterolespermissions

Readme

Ability-js

A simple route-based ACL component for express.js. This won't handle actual authentication, you can use everyauth for that.

Installing

npm install ability

With everyauth:

This assumes you have, in your everyauth setup, a field called "role" (customizable, see below). For example, if you're using facebook:

everyauth.facebook.extractExtraRegistrationParams( function (req) {
  return {
    role: "some default role"
  }
});

Obviously this doesn't make much sense without persistence, so you can change the roles, but you can achieve that with mongoose-auth or a custom solution.

If you have everyauth working in an expressjs app, all you have to do to your app.js is add the following

abilities = {
  editor: {
    index: ['read'],
    protected: ['read']
  },
  default: {
    index: ['read'],
  }
}
var ability = require('ability');
ability.add(abilities);

This is route-based, and assumes you're going to have 2 routes, app.get /protected and app.get /. Note: You must specify a 'default'.

Then, in the route:

app.get('/protected', function(req, res) {
  authorize();
  res.render('protected');
});

This will check to see if the user is authorized based on the setup above. According to the above setup, an un-authenticated user would not be authorized for this route.

Optionally, you can specify the action and route:

app.get('/protected', function(req, res) {
  authorize('read', 'index');
  res.render('protected');
});

Even further, you can specify the role you want to check

app.get('/protected', function(req, res) {
  authorize('read', 'index', 'default');
  res.render('protected');
});

Now you could use authorizeHandler as a middleware with your express application:

app.get('/protected', authorizeHandler, function(req, res) {
  res.render('protected');
});

This will check from the req if you have a valid user entity, check the property you had configured in ability as the role property name and it will validate if it's authorize to see the resource.

###Route translations:

On the routes, you may specify one of 4 options, 'read', 'write', 'delete', or 'all'.

  1. Read -> Get
  2. Write -> Put/post
  3. Delete -> Delete
  4. All -> Read/Write/Delete

Options

ability = require('ability');
ability.configure({
	redirect: true,
	role_name: role,
	redirect_to: '/',
	redirect_message: 'Unauthorized'
})

  • redirect, whether or not to redirect to the user if they're not authorized. By default, it will redirect a user to the home page if they're not authorized, without a flash.

  • redirect_to, where to redirect the user if authentication fails

  • redirect_message, if you're using req.flash, it will put the messages in there

  • role_name, the name of the everyauth field for your role (everyauth only)

Todo:

  • Add logger functions
  • Add options to map the container object for user model

NOTE: I just take the old source and make some changes to used in my project with express v4, I'm plannig to add more feautures on the route, but for now I'm happy to be available to use this simple and awesome library. Hope you find this usefull.