New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

@marxlnfcs/nest-rbac-auth

Package Overview
Dependencies
Maintainers
0
Versions
12
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@marxlnfcs/nest-rbac-auth

NestJS Module for a simple RBAC implementation

  • 1.0.6
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
6
decreased by-60%
Maintainers
0
Weekly downloads
 
Created
Source

NestJS RBAC Authorization

Simple RBAC Implementation for NestJS that allowes you to define required permissions as glob pattern on controllers and routes and validate it with the builtin AuthGuard

NPM Version Package License NPM Downloads Package Size

Warning This library is for experimentation and may contain some bugs that I will remove from time to time. With this library I'm learning how dependency injection works and how to build such libraries according to "best practice".

So please use this library with caution.

Information If you want to use the old RBAC system, please use v0.1.4 because v1.X.X uses a new system with a dot notation (e.g.: foo.bar.*)

Installation

npm i @marxlnfcs/nest-rbac-auth

Usage

Import Module

import { RbacModule } from '@marxlnfcs/nest-rbac-auth';

@Module({
    imports: [
        RbacModule.forRoot()
    ]
})
export class AppModule {}

Controller

import { RbacSection, RbacRequires } from '@marxlnfcs/nest-rbac-auth';

@Controller('/users')
@RbacSection('access', 'Access Management')
@RbacSection('user', 'User')
export class UserController {

    @Get()
    // @RbacRequires(['list'], 'Can list users')
    // @RbacRequiresList('Can list users')
    @RbacRequires('list', 'Can list users')
    getUsers(){ ... }

    @Get('/:userId')
    // @RbacRequires(['get'], 'Can retrieve a user')
    // @RbacRequiresGet('Can retrieve a user')
    @RbacRequires('GET', 'Can retrieve a user')
    getUser(...){ ... }

    @Post('/')
    // @RbacRequires(['create'], 'Can create a user')
    // @RbacRequiresCreate('Can create a user')
    @RbacRequires('create', 'Can create a user')
    createUser(...){ ... }

    @Put('/:userId')
    // @RbacRequires(['update'], 'Can update a user')
    // @RbacRequiresUpdate('Can update a user')
    @RbacRequires('update', 'Can update a user')
    updateUser(...){ ... }

    @Delete('/:userId')
    // @RbacRequires(['delete'], 'Can delete a user')
    // @RbacRequiresDelete('Can delete a user')
    @RbacRequires('delete', 'Can delete a user')
    deleteUser(...){ ... }

    @Post('/action')
    // @RbacRequires(['custom'], 'Can do <custom> action')
    @RbacRequires('custom', 'Can do <custom> action')
    customAction(...){ ... }
    
}

@Controller('/groups')
@RbacSection('access', 'Access Management')
@RbacSection('group', 'Group')
export class GroupController {
    ...
}

Validate Bindings / Permissions with the BuildIn AuthGuard

import { RbacService, RbacGuard, IRbacValidateRequest } from '@marxlnfcs/nest-rbac-auth';

@Injectable()
export class RoleGuard extends RbacGuard() {
    constructor(
        private rbacService: RbacService,
    ){}
    
    validate(request: IRbacValidateRequest): boolean | Promise<boolean> | Observable<boolean> {
        return this.validateRequest(request, ['*', '!*.create', '!*.update']);
    }
}

Skip validation for certain routes

import { RbacSection, RbacRequiresList } from '@marxlnfcs/nest-rbac-auth';

@Controller('/users')
@RbacSection('access', 'Access Management')
@RbacSection('user', 'User')
export class UserController {

    @Get()
    @RbacRequiresList({ skipValidation: true })
    getUsers(){ ... }

}

FAQs

Package last updated on 25 Sep 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc