rac
v0.0.13
Published
Resource Access Control - resource based access control that allows you to define your resources through code and assign permissions for each role to that resource. This way you can easly add new roles and allow them access to resources without making any
Downloads
7
Maintainers
domagojjercicReadme
RAC
Resource based access control for nodejs
Rac uses mongodb for storing resource information and redisdb for caching resources for runtime.
It requires property roleId to be loaded in request object. For example :
req.session = {};
req.session.roleId = 2;So you have to have middleware in front of rac that loads role for every request
#Quick start
var redisClient = require('redis').createClient(6379, 'localhost'),
MongoClient = MongoClient = require('mongodb').MongoClient;
mongoclient = new MongoClient(new Server("localhost", 27017), {native_parser: true});
;
var Rac = require('rac'); //load rac
var rac = Rac(mongoClient, redisClient);
rac.defineResource({
uri : '/users/:userId',
verb : 'GET',
name : 'Read user',
description : 'API endpoint that reads all the users',
roles : [
{
roleId : 2,
constraints : ["isOwner"]
}
]
});
app.get('/users/:userId', roleLoadingMiddleware(), rac.middleware('/users/:userId'), function(req, res){
//your code
});