@clocklimited/secure
Advanced tools
ACL for Node.JS. Including authentication and express middleware for authorization.
ACL for Node.JS. Including authentication and express middleware for authorization.
npm install secure
Register the access control list:
var authenticatedAcl = require('secure/access-control-list')(customLogger)
You can define a custom logger and pass it through, else console will be used by default.
Add resources to the access control list:
authenticatedAcl.addResource('Admin')
This will add create, read, update, delete, and * as resource actions by default.
var accessControl = require('secure/access-control')(
authenticationProvider, // Function to determine if user is authenticated
authenticatedAcl, // Access control list for authenticated users
unauthenticatedAcl, // Access control list for unauthenticated users (can use {} if not necessary)
'admin', // Type, used to set req.session[type] for checking roles
console, // Custom logger, if used
function(req, res) {
// Default failure callback
res.redirect('/login')
})
Add middleware to redirect users trying to access a resource without the appropriate permissions to a failure URL:
app.get(
'/secure/',
accessControl.requiredAccess(resource, action, failureUrl),
function(req, res) {
...
}
)
The ACL can also be checked from within functions, rather than through middleware, for resource/action-specific functionality:
accessControl.isAllowed(req, resource, action) // Returns true/false
Licenced under the New BSD License
FAQs
ACL for Node.JS. Including authentication and express middleware for authorization.
We found that @clocklimited/secure demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Python 3.14 adds template strings, deferred annotations, and subinterpreters, plus free-threaded mode, an experimental JIT, and Sigstore verification.
Security News
Former RubyGems maintainers have launched The Gem Cooperative, a new community-run project aimed at rebuilding open governance in the Ruby ecosystem.
Security News
An opt-in lazy import keyword aims to speed up Python startups, especially CLIs, without the ecosystem-wide risks that sank PEP 690.