casbin
v5.34.0
Published
An authorization library that supports access control models like ACL, RBAC, ABAC in Node.JS
Downloads
247,394
Readme
Node-Casbin
News: still worry about how to write the correct node-casbin
policy? Casbin online editor is coming to help!
node-casbin
is a powerful and efficient open-source access control library for Node.JS projects. It provides support for enforcing authorization based on various access control models.
All the languages supported by Casbin:
| | | | | | -------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | | Casbin | jCasbin | node-Casbin | PHP-Casbin | | production-ready | production-ready | production-ready | production-ready |
| | | | | | ---------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------- | | PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS | | production-ready | production-ready | beta-test | production-ready |
Documentation
https://casbin.org/docs/overview
Installation
# NPM
npm install casbin --save
# Yarn
yarn add casbin
Get started
New a node-casbin
enforcer with a model file and a policy file, see Model section for details:
// For Node.js:
const { newEnforcer } = require('casbin');
// For browser:
// import { newEnforcer } from 'casbin';
const enforcer = await newEnforcer('basic_model.conf', 'basic_policy.csv');
Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.
Add an enforcement hook into your code right before the access happens:
const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.
// Async:
const res = await enforcer.enforce(sub, obj, act);
// Sync:
// const res = enforcer.enforceSync(sub, obj, act);
if (res) {
// permit alice to read data1
} else {
// deny the request, show an error
}
Besides the static policy file, node-casbin
also provides API for permission management at run-time.
For example, You can get all the roles assigned to a user as below:
const roles = await enforcer.getRolesForUser('alice');
See Policy management APIs for more usage.
Policy management
Casbin provides two sets of APIs to manage permissions:
- Management API: the primitive API that provides full support for Casbin policy management.
- RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.
Official Model
https://casbin.org/docs/supported-models
Policy persistence
https://casbin.org/docs/adapters
Policy consistence between multiple nodes
https://casbin.org/docs/watchers
Role manager
https://casbin.org/docs/role-managers
Contributors
This project exists thanks to all the people who contribute.
Backers
Thank you to all our backers! 🙏 [Become a backer]
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
License
This project is licensed under the Apache 2.0 license.
Contact
If you have any issues or feature requests, please contact us. PR is welcomed.
- https://github.com/casbin/node-casbin/issues
- [email protected]
- Tencent QQ group: 546057381