Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →

@osohq/express

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@osohq/express

The Oso SDK with Express integration provides helper functions to facilitate hooking Oso into the Express web framework.

0.3.2
latest
npm

Version published: 2 years ago

Weekly downloads: 0; decreased by-100%

Maintainers: 6

Weekly downloads

Created: 2 years ago

Source

Oso SDK with Express integration

The Oso SDK with Express integration provides helper functions to facilitate hooking Oso into the Express web framework.

Please Note: The SDK is currently released as a developer preview. Do not use this SDK for production workloads.

Install

npm install --save @osohq/express
yarn add @osohq/express

Usage

The Oso SDK should be initialized as early as possible in the main entry module. The Oso SDK can be hooked into Express as a centralized middleware or as a route middleware using the enforce function.


import { init } from '@osohq/express';
import express from 'express';

const oso = init({
    apiKey: 'YOUR_API_KEY',
    // ...
})

const enforcement = {
  action: 'view',
  resourceType: 'Org',
  resourceId: '123',
};

// Centralized enforcement
app.use(oso.enforce(enforcement));

// Per-route enforcement
app.get('/', oso.enforce(enforcement), (_req, _res) => {
  // ...
});

app.listen(5678);

After the Oso SDK is initialized, you may access it by calling globalOso():

import { globalOso } from '@osohq/node';

oso = globalOso();

The Oso SDK may be further configured by setting relevant fields in the ConfigOptions object passed on init.

Integration Options

By default,

Actor ID is a hardcoded value of _. You may override the Actor ID using the setting defaultActorId when initializing the Oso SDK.
Action is inferred from the HTTP method. If you have a different set of permissions from the defaults, you may override the mapped value by setting defaultAction when initializing the Oso SDK.
HTTP 404 is returned on authorization failure. You may specify a custom error handler by setting defaultErrorHandler when initializing the Oso SDK.

User Identification

You may provide a function to determine the Actor Id by setting defaultActorId when initializing the Oso SDK.

import { init } from '@osohq/express';
import { Request } from 'express';

init({
  apiKey: 'YOUR_API_KEY',
  // Hardcode the actor Id to `admin`
  defaultActorId: (_req: Request) => 'admin',
});

Action Identification

You may provide a function to determine the action by setting defaultAction when initializing the Oso SDK.

import { init } from '@osohq/express';
import { Request } from 'express';

init({
  apiKey: 'YOUR_API_KEY',
  // Hardcode the action to `view`
  defaultAction: (_req: Request) => 'view',
});

Custom Error Handling

You can provide a function to determine the response on authorization failure.

import { init } from '@osohq/express';
import { Response, NextFunction } from 'express';

init({
  apiKey: 'YOUR_API_KEY',
  // Return HTTP 418 on authorization failure
  defaultErrorHandler: (res: Response, _next: NextFunction) => {
    res.send(418).send("I'm a teapot");
    return;
  },
});

Supported Versions

Express: 4.x

FAQs

What is @osohq/express?

Is @osohq/express popular?

Is @osohq/express well maintained?

Package last updated on 27 Apr 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install