Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@anyfin/acl

Package Overview
Dependencies
Maintainers
6
Versions
35
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@anyfin/acl

Access control utilities for nodejs services

latest
npmnpm
Version
1.1.13
Version published
Maintainers
6
Created
Source

🛡 Anyfin ACL

Access control utilities for nodejs services. These can be used with/without graphql.

This is required for all services that are contributing to the client facing apollo federation graph.

Why dont we just implement this in the apollo federation gateway ?

  • Because apollo federation is a gateway. Its only job is to route the requests. It doesnt allow any modification of schema. Hence we cant add any directives at the gateway level that can be used by upstream services.

  • Since the roles and permissions for each field in the schema is controlled by the respective services the logic needs to live within these services itself.

Hence this npm module aims to share the common acl code that is required for these services and aims to keep all the services in sync.

Installation

yarn add @anyfin/acl

Make sure you have installed these peer dependencies on your services

  "graphql": ">=15.0.0",
  "apollo-server-express": ">=2.16.0"

GraphQL Usage

import { authDirectiveTypeDef, AuthDirective } from '@anyfin/acl';
.
.
.
// Register the schema directive
SchemaDirectiveVisitor.visitSchemaDirectives(schema, {
  auth: AuthDirective,
});
.
.
.
// Make sure to add authDirectiveTypeDef to your typedefs
const schema = makeExecutableSchema({
  typeDefs:[...yourTypeDefs, authDirectiveTypeDef],
  resolvers
});

This will add the following directive on your graphql schema

@auth(permissions: [String!], roles: [String!]) on FIELD_DEFINITION

Also, the directive expects that the graphql context has user object from the decoded jwt present in it.

So make sure you decode the jwt from the request header and add it to the context.

export default new ApolloServer({
  schema,
  context: ({ req }: Params) => ({
    .
    .
    user: req.user,
    .
    .
    .
  })
});

Non GraphQL usage:

import { hasUserAccess, Roles, Permissions } from '@anyfin/acl';

const user = {
  roles: [Roles.customer.key],
  permissions: [Permissions.Application.LIST],
};

// Check if user has a permission
hasUserAccess(user, [Permissions.Aml.LIST]); // ---> false
hasUserAccess(user, [Permissions.Application.LIST]); // ---> true
hasUserAccess(user, [Customer.Read.SELF]); // ---> true

// check if user matches a complete role
hasUserAccess(user, [], [Roles.employee.key]); // ---> false
hasUserAccess(user, [Roles.customer.key]); // ---> true

Getting started

  • git clone this repo.
  • yarn install installs dependencies
  • yarn test for test mode.
  • yarn lint for linting.
  • yarn build for building the library.

Deploy/Publish

In order to deploy new versions, simply bump the version in package.json and create a new github release.

Github action should automagically deploy it to npm. ✨

Ownership/Audit

Repo ownership: @a7ul
Last audit: 2021-01-28 by @msegers

FAQs

Package last updated on 12 Apr 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

ENISA’s 2025 Threat Landscape: AI Reshapes Cyber Attacks, from Phishing to Supply Chain Abuse

Security News

ENISA’s 2025 Threat Landscape: AI Reshapes Cyber Attacks, from Phishing to Supply Chain Abuse

ENISA’s 2025 Threat Landscape report highlights how AI is reshaping cyber attacks, driving phishing, model poisoning, and software supply chain risks.

By Sarah Gooding  -  Oct 16, 2025