@marxlnfcs/nest-rbac-auth
Advanced tools
NestJS RBAC Authorization
Simple RBAC Implementation for NestJS that allowes you to define required permissions as glob pattern on controllers and routes and validate it with the builtin AuthGuard
Warning This library is for experimentation and may contain some bugs that I will remove from time to time. With this library I'm learning how dependency injection works and how to build such libraries according to "best practice".
So please use this library with caution.
Information If you want to use the old RBAC system, please use v0.1.4 because v1.X.X uses a new system with a dot notation (e.g.: foo.bar.*)
npm i @marxlnfcs/nest-rbac-auth
import { RbacModule } from '@marxlnfcs/nest-rbac-auth';
@Module({
imports: [
RbacModule.forRoot()
]
})
export class AppModule {}
import { RbacSection, RbacRequires } from '@marxlnfcs/nest-rbac-auth';
@Controller('/users')
@RbacSection('access', 'Access Management')
@RbacSection('user', 'User')
export class UserController {
@Get()
// @RbacRequires(['list'], 'Can list users')
// @RbacRequiresList('Can list users')
@RbacRequires('list', 'Can list users')
getUsers(){ ... }
@Get('/:userId')
// @RbacRequires(['get'], 'Can retrieve a user')
// @RbacRequiresGet('Can retrieve a user')
@RbacRequires('GET', 'Can retrieve a user')
getUser(...){ ... }
@Post('/')
// @RbacRequires(['create'], 'Can create a user')
// @RbacRequiresCreate('Can create a user')
@RbacRequires('create', 'Can create a user')
createUser(...){ ... }
@Put('/:userId')
// @RbacRequires(['update'], 'Can update a user')
// @RbacRequiresUpdate('Can update a user')
@RbacRequires('update', 'Can update a user')
updateUser(...){ ... }
@Delete('/:userId')
// @RbacRequires(['delete'], 'Can delete a user')
// @RbacRequiresDelete('Can delete a user')
@RbacRequires('delete', 'Can delete a user')
deleteUser(...){ ... }
@Post('/action')
// @RbacRequires(['custom'], 'Can do <custom> action')
@RbacRequires('custom', 'Can do <custom> action')
customAction(...){ ... }
}
@Controller('/groups')
@RbacSection('access', 'Access Management')
@RbacSection('group', 'Group')
export class GroupController {
...
}
import { RbacService, RbacGuard, IRbacValidateRequest } from '@marxlnfcs/nest-rbac-auth';
@Injectable()
export class RoleGuard extends RbacGuard() {
constructor(
private rbacService: RbacService,
){}
validate(request: IRbacValidateRequest): boolean | Promise<boolean> | Observable<boolean> {
return this.validateRequest(request, ['*', '!*.create', '!*.update']);
}
}
import { RbacSection, RbacRequiresList } from '@marxlnfcs/nest-rbac-auth';
@Controller('/users')
@RbacSection('access', 'Access Management')
@RbacSection('user', 'User')
export class UserController {
@Get()
@RbacRequiresList({ skipValidation: true })
getUsers(){ ... }
}
FAQs
NestJS Module for a simple RBAC implementation
The npm package @marxlnfcs/nest-rbac-auth receives a total of 3 weekly downloads. As such, @marxlnfcs/nest-rbac-auth popularity was classified as not popular.
We found that @marxlnfcs/nest-rbac-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.