wac
v0.0.1
Published
Web Access Control
Downloads
10
Readme
Web Access Control implementation for Node.js
A stand-alone or express/connect Web Access Control implementation designed for Node.js with configurable graph callback.
See also:
Usage
Example code:
var fileCallbackOptions = {'baseUrl':'http://example.com','filename':'access.ttl'};
var accessControl = require('wac')({'graphCallback':wac.fileGraphCallback(fileCallbackOptions)});
accessControl.hasAccess('http://example.com/resource', 'GET', 'http://example.com/agent#me', null, callback);
This code creates an access control object using the rules defined in the turtle file 'access.ttl' with the base URL 'http://example.com'. The last line tests access for the resource 'http://example.com/resource' using HTTP method 'GET' for agent 'http://example.com/agent#me'.
Express middleware example code:
app.use(accessControl.middleware({}));
Uses express/connect middleware functionality of the previously created accessControl
object.
wac options
cors (default: false)
Enables or disables cross-origin requests. If the application
parameter is not null a cross-origin request is detected.
graph
A graph which contains the access control rules as RDF Interfaces: Graph. This option or the graphCallback option is required!
graphCallback
A callback function to fetch the graph which contains the access control rules as RDF Interfaces: Graph.
The function must accept two parameters:
resource
The resource permission is requestedcallback
The callback function which is called with the graph as single parameter
This option or the graph option is required!
wac.fileGraphCallback(options)
A graphCallback
function for single file access control rules.
The following options are required:
baseUrl
The base URL for the Turtle filefilename
The filename of the Turtle file
wac.directoryFileGraphCallback(options)
A graphCallback
function for per directory file access control rules.
The following options are required if there is no default:
basePath
The path to look at relative to the base URL (default: '')baseUrl
The URL for the parser relative to the base pathfilename
The filename of the access control rule files (default: '.acl.ttl')
hasAccess(resource, method, agent, application, callback)
Stand-alone function to check whether a agent/application has access to a resource with the given method/mode.
The following parameters must be provided:
resource
URL of the resource to checkmethod
HTTP method or WAC modeagent
URL of the agentapplication
CORS hostcallback
The callback function with a single boolean parameter
middleware(options)
Function to create a express/connect middleware.
The following options are available:
forbidden
A function to send the 403 forbidden response (default: send only 403 status code)
The req.absoluteUrl() function is required provided by the express-utils
middleware.