@anyfin/acl
Advanced tools
Access control utilities for nodejs services. These can be used with/without graphql.
This is required for all services that are contributing to the client facing apollo federation graph.
Why dont we just implement this in the apollo federation gateway ?
Because apollo federation is a gateway. Its only job is to route the requests. It doesnt allow any modification of schema. Hence we cant add any directives at the gateway level that can be used by upstream services.
Since the roles and permissions for each field in the schema is controlled by the respective services the logic needs to live within these services itself.
Hence this npm module aims to share the common acl code that is required for these services and aims to keep all the services in sync.
yarn add @anyfin/acl
Make sure you have installed these peer dependencies on your services
"graphql": ">=15.0.0",
"apollo-server-express": ">=2.16.0"
import { authDirectiveTypeDef, AuthDirective } from '@anyfin/acl';
.
.
.
// Register the schema directive
SchemaDirectiveVisitor.visitSchemaDirectives(schema, {
auth: AuthDirective,
});
.
.
.
// Make sure to add authDirectiveTypeDef to your typedefs
const schema = makeExecutableSchema({
typeDefs:[...yourTypeDefs, authDirectiveTypeDef],
resolvers
});
This will add the following directive on your graphql schema
@auth(permissions: [String!], roles: [String!]) on FIELD_DEFINITION
Also, the directive expects that the graphql context has user object from the decoded jwt present in it.
So make sure you decode the jwt from the request header and add it to the context.
export default new ApolloServer({
schema,
context: ({ req }: Params) => ({
.
.
user: req.user,
.
.
.
})
});
import { hasUserAccess, Roles, Permissions } from '@anyfin/acl';
const user = {
roles: [Roles.customer.key],
permissions: [Permissions.Application.LIST],
};
// Check if user has a permission
hasUserAccess(user, [Permissions.Aml.LIST]); // ---> false
hasUserAccess(user, [Permissions.Application.LIST]); // ---> true
hasUserAccess(user, [Customer.Read.SELF]); // ---> true
// check if user matches a complete role
hasUserAccess(user, [], [Roles.employee.key]); // ---> false
hasUserAccess(user, [Roles.customer.key]); // ---> true
git clone this repo.yarn install installs dependenciesyarn test for test mode.yarn lint for linting.yarn build for building the library.In order to deploy new versions, simply bump the version in package.json and create a new github release.
Github action should automagically deploy it to npm. ✨
FAQs
Access control utilities for nodejs services
The npm package @anyfin/acl receives a total of 35 weekly downloads. As such, @anyfin/acl popularity was classified as not popular.
We found that @anyfin/acl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
Security News
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
Product
Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.