Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@restorecommerce/acs-client

Package Overview
Dependencies
Maintainers
3
Versions
189
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@restorecommerce/acs-client

Access Control Service Client

  • 0.0.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
374
decreased by-0.27%
Maintainers
3
Weekly downloads
 
Created
Source

acs-client

Build StatusDependenciesCoverage Status

Features:

  • A generic client for the access-control-srv.
  • It uses grpc-client to access the exposed API via its gRPC interface.
  • This client constructs the request object expected by access-control-srv when requesting access to a particular resource with a specific action on it.
  • This client supports access request for both methods isAllowed and whatIsAllowed exposed by access-control-srv.
  • It evaluates the condition for whatIsAllowed requests.
  • It returns the decision made by the ACS.

Configuration

The access-control-srv URN configurations needs to be set using authorization configuration to acs-client from access requesting microservice. The URN for role scoping entity for Organization/ business units should be set using configuration property authorization.urns.orgScope.

orgScope: 'urn:<organization>:acs:model:<Entity_Name>'

ex: orgScope: 'urn:restorecommerce:acs:model:organization.Organization'

The applicable policies / rules can be enforced on the request using enforce configuration

API

The client exposes the following api's:

accessRequest

It turns an API request as can be found in typical Web frameworks like express, koa etc. into a proper ACS request. For write operations it uses isAllowed and for read operations it uses whatIsAllowed operation from access-control-srv. Requests are performed providing Request message as input and response is Response message type. For the read operations it extends the filter provided in the ReadRequst of the input message to enforce the applicapble poilicies. The response is Decision or policy set reverse query PolicySetRQ depending on the requeste operation isAllowed() or whatIsAllowed() respectively.

Request

FieldTypeLabelDescription
actionEnumrequiredaction to be performed on the resource (CREATE, READ, MODIFY, DELETE or ALL)
requestResource or Resource [ ] or ReadRequestrequiredlist of target resources or read request
ctxContextrequiredcontext containing user details (ID and role-associations)

Response

FieldTypeLabelDescription
DecisionDecisionoptionalAccess decision; possible values are PERMIT, DENY or INDETERMINATE
PolicySetRQPolicySetRQ [ ]optionalList of applicable policy sets

Resource

FieldTypeLabelDescription
typestringrequriedresource entity name
fieldsstring [ ]optionallist of fields for accessing or modifying resource
instancestringoptionalinstance identifier of the resource
namespacestringoptionalnamespace prefix for resource entity

ReadRequest

FieldTypeLabelDescription
entitystringrequriedresource entity name to be read
argsio.restorecommerce.resourcebase.ReadRequestoptionalquery arguments
databasestringoptionaldatabase for read request, currently arangodb and postgres are supported
namespacestringoptionalnamespace prefix for resource entity

Decision

FieldTypeLabelDescription
decisionio.restorecommerce.access_control.DecisionrequiredAccess decision; possible values are PERMIT, DENY or INDETERMINATE

PolicySetRQ

FieldTypeLabelDescription
policy_sets[ ] io.restorecommerce.policy_set.PolicySetRQrequiredList of applicable policy sets

isAllowed

This API exposes the isAllowed api of access-control-srv and retruns the response as Decision. Requests are performed providing io.restorecommerce.access_control.Request message as input and response is io.restorecommerce.access_control.Response message.

whatIsAllowed

This API exposes the isAllowed api of access-control-srv and retruns the response as Decision. Requests are performed providing io.restorecommerce.access_control.Request message as input and response is io.restorecommerce.access_control.ReverseQuery message.

Development

Tests

For a simple example on how to use this client with a access-control-srv check the test cases.

  • Run tests
npm run test

Usage

  • Install dependencies
npm install
  • Build
# compile the code
npm run build

Keywords

FAQs

Package last updated on 29 Jan 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc