@biscuit-auth/express-biscuit

express authorization middleware for Biscuit tokens

0.1.0
latest
Source
npm

Version published: 3 years ago

Weekly downloads: 1

Maintainers: 2

Weekly downloads

Created: 3 years ago

Source

express-biscuit

Express authorization middleware using Biscuit tokens and policies

Example usage:

const express = require('express')
const express_biscuit = require('@biscuit-auth/express-biscuit')
const {fact} = require('@biscuit-auth/express-biscuit')
const app = express()

const pubKey = "dfd559075dcf56c8c6777fbd3c553827dd51645bb8ee87a975a172980f8f16e5"

app.get('/user/:user_id',
  express_biscuit({
    // the root public key used to verify the signature
    publicKey: pubKey,
    // a list of static authorizer policies
    policies: "check if user(1); allow if true;",
    // the extractor method is used to get data from the request and
    // create authorizer facts from it
    extractor: function(req, authorizer) {
      authorizer.add_fact(
        // you can use template strings to create the facts, this prevents
        // injection issues when integrating user controlled data
        fact`user(${parseInt(req.params.user_id)})`
      )
    }
  }),
  function (req, res) {
    res.send('Hello '+req.params.user_id+"\n")
})

Keywords

FAQs

What is @biscuit-auth/express-biscuit?

Is @biscuit-auth/express-biscuit popular?

Is @biscuit-auth/express-biscuit well maintained?

Package last updated on 05 Apr 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@biscuit-auth/express-biscuit

express-biscuit

Keywords

Related posts

Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware

Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages