Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@katomaran/nest-role-group
Advanced tools
@katomaran/nest-role-group: description: | This package provides a NestJS implementation for role-based access control (RBAC) to manage user permissions effectively. # installation: npm_command:
@katomaran/nest-role-group: description: | This package provides a NestJS implementation for role-based access control (RBAC) to manage user permissions effectively.
npm_command:
npm install @katomaran/nest-role-group
yarn_command:
yarn add @katomaran/nest-role-group
module_import: description: Import the RoleModule in the AppModule.
import { Module } from '@nestjs/common';
import { MongooseModule } from '@nestjs/mongoose';
import { RoleModule } from '@katomaran/nest-role-group'; # Adjust path if necessary
@Module({
imports: [
MongooseModule.forRoot('your_mongo_db_connection_string'), # Connect to your MongoDB
RoleModule,
],
})
export class AppModule {}
main_guard_registration: description: > Import and configure PermissionGuard, and set up role groups and roles at application startup in main.ts.
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import { PermissionGuard } from '@katomaran/nest-role-group';
import { RoleUtilityService } from '@katomaran/nest-role-group'; # Adjust the path as needed
async function bootstrap() {
const app = await NestFactory.create(AppModule);
# Retrieve RoleUtilityService instance
const roleUtilityService = app.get(RoleUtilityService);
try:
# Initialize role groups from roleGroup.json
await roleUtilityService.createRoleGroupsFromFile('file path to the role groups');
console.log('Role groups created successfully');
# Initialize roles from permission.json
await roleUtilityService.createRolesFromFile('file path to the roles');
console.log('Roles created successfully');
} catch (error) {
console.error('Error creating role groups or roles:', error);
}
# Register PermissionGuard globally
app.useGlobalGuards(new PermissionGuard());
# Start application
await app.listen(3000);
console.log('Application is running on http://localhost:3000');
}
bootstrap();
features:
usage: import_role_utility_service: description: Import RoleUtilityService in your NestJS module. import { Module } from '@nestjs/common'; import { RoleUtilityService } from '@katomaran/nest-role-group'; import { RoleService } from './role.service'; import { RoleGroupService } from './role-group.service';
@Module({
providers: [RoleUtilityService, RoleService, RoleGroupService],
exports: [RoleUtilityService],
})
export class RoleModule {}
json_structure:
[
{
"name": "Public",
"aliasName": "public",
"permissions": {
"route": "v1/users",
"methods": ["GET", "POST"]
}
},
{
"name": "User",
"aliasName": "user",
"permissions": {
"route": "v1/users/:id",
"methods": ["PUT"]
}
}
]
[
{
"name": "Admin Group",
"type": "Admin",
"roles": ["admin", "user"]
},
{
"name": "User Group",
"type": "User",
"roles": ["user"]
}
]
methods: createRolesFromFile: description: Reads roles from a JSON file and creates them in the database.
createRolesFromFile(filePath: string): Promise<void>
createRoleGroupsFromFile: description: Reads role groups from a JSON file and creates them in the database.
createRoleGroupsFromFile(filePath: string): Promise<void>
hasPermission: description: Checks if a role group has permission for a specific route and HTTP method.
hasPermission(roleGroupId: string, route: string, method: string): Promise<boolean>
constants: REQUIRED_KEYS: Required keys for role and role group validation. ALLOWED_METHODS: Allowed HTTP methods for permissions validation.
error_handling: not_found: 404 Not Found when a role group is not found. general_errors: General errors during file reading or processing.
guards: usage_permission_guard: description: | To utilize the PermissionGuard in your controllers, decorate routes with the appropriate metadata. example_code: |
import { Controller, Get } from '@nestjs/common';
import { Public } from '@katomaran/nest-role-group';
@Controller('users')
export class UserController {
@Get()
@Public() # Automatically checks permission for the public role
async getUsers() {
# Logic to get users
}
}
configuration:
database_connection_string: Configure MongoDB connection in MongooseModule.forRoot
.
json_file_paths: Specify paths to JSON files if not in the root directory.
redis_keys:
role_data: "role: - Stores role information, including permissions."
role_group_data: "roleGroup: - Stores role group information and associated roles."
permission_cache: "permissions::: - Caches permissions to reduce database calls."
conclusion: summary: | The @katomaran/nest-role-group package provides a robust solution for implementing role-based access control in your NestJS applications, streamlining the management of user permissions and enhancing security. additional_info: | For further customization or assistance, please refer to the package documentation or the source code.
notes:
FAQs
@katomaran/nest-role-group: description: | This package provides a NestJS implementation for role-based access control (RBAC) to manage user permissions effectively. # installation: npm_command:
The npm package @katomaran/nest-role-group receives a total of 530 weekly downloads. As such, @katomaran/nest-role-group popularity was classified as not popular.
We found that @katomaran/nest-role-group demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.