@marxlnfcs/nest-rbac-auth
Advanced tools
NestJS RBAC Authorization
Simple RBAC Implementation for NestJS that allowes you to define required permissions as glob pattern on controllers and routes and validate it with the builtin AuthGuard
Warning This library is for experimentation and may contain some bugs that I will remove from time to time. With this library I'm learning how dependency injection works and how to build such libraries according to "best practice".
So please use this library with caution.
Information If you want to use the old RBAC system, please use v0.1.4 because v1.X.X uses a new system with a dot notation (e.g.: foo.bar.*)
npm i @marxlnfcs/nest-rbac-auth
import { RbacModule } from '@marxlnfcs/nest-rbac-auth';
@Module({
imports: [
RbacModule.forRoot()
]
})
export class AppModule {}
import { RbacSection, RbacRequires } from '@marxlnfcs/nest-rbac-auth';
@Controller('/users')
@RbacSection('access', 'Access Management')
@RbacSection('user', 'User')
export class UserController {
@Get()
// @RbacRequires(['list'], 'Can list users')
// @RbacRequiresList('Can list users')
@RbacRequires('list', 'Can list users')
getUsers(){ ... }
@Get('/:userId')
// @RbacRequires(['get'], 'Can retrieve a user')
// @RbacRequiresGet('Can retrieve a user')
@RbacRequires('GET', 'Can retrieve a user')
getUser(...){ ... }
@Post('/')
// @RbacRequires(['create'], 'Can create a user')
// @RbacRequiresCreate('Can create a user')
@RbacRequires('create', 'Can create a user')
createUser(...){ ... }
@Put('/:userId')
// @RbacRequires(['update'], 'Can update a user')
// @RbacRequiresUpdate('Can update a user')
@RbacRequires('update', 'Can update a user')
updateUser(...){ ... }
@Delete('/:userId')
// @RbacRequires(['delete'], 'Can delete a user')
// @RbacRequiresDelete('Can delete a user')
@RbacRequires('delete', 'Can delete a user')
deleteUser(...){ ... }
@Post('/action')
// @RbacRequires(['custom'], 'Can do <custom> action')
@RbacRequires('custom', 'Can do <custom> action')
customAction(...){ ... }
}
@Controller('/groups')
@RbacSection('access', 'Access Management')
@RbacSection('group', 'Group')
export class GroupController {
...
}
import { RbacService, RbacGuard, IRbacValidateRequest } from '@marxlnfcs/nest-rbac-auth';
@Injectable()
export class RoleGuard extends RbacGuard() {
constructor(
private rbacService: RbacService,
){}
validate(request: IRbacValidateRequest): boolean | Promise<boolean> | Observable<boolean> {
return this.validateRequest(request, ['*', '!*.create', '!*.update']);
}
}
import { RbacSection, RbacRequiresList } from '@marxlnfcs/nest-rbac-auth';
@Controller('/users')
@RbacSection('access', 'Access Management')
@RbacSection('user', 'User')
export class UserController {
@Get()
@RbacRequiresList({ skipValidation: true })
getUsers(){ ... }
}
FAQs
NestJS Module for a simple RBAC implementation
The npm package @marxlnfcs/nest-rbac-auth receives a total of 3 weekly downloads. As such, @marxlnfcs/nest-rbac-auth popularity was classified as not popular.
We found that @marxlnfcs/nest-rbac-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.