access-manager
Advanced tools
A one-stop solution for implementing authenticated and anonymous continuous sessions with user handling and whitelisted acl.
A one-stop solution for implementing authenticated and anonymous sessions with user handling and whitelisted ACL. Attaches itself to an express app as a middleware.
$ npm install access-manager
const AccessManager = require('access-manager');
const accessManager = new AccessManager({
mongoose: mongoose, // mongoose (connected)
expressApp: app, // an express app
aclImport:{
file: '', // a valid file path, if left empty, example data will be used if import is run
run: process.argv.includes('--import-acl-from-json') // example: node app --import-acl-from-json (switch to import file)
},
// You can add your own schemas for users, sessions and acl,
// just add them at the properties: userSchema, sessionSchema, aclSchema
// But note that some properties are required (more info to come)
// An example of using a custom userSchema:
userSchema: {
firstName: {type: String, required:true},
lastName: {type: String, required:true},
email: {type: String, required:true, unique:true}, // required access manager property
password: {type: String, required:true}, // required access manager property
roles: [String] // required access manager property
}
});
// The models access manager uses are avaliable on access manager
const User = accessManager.models.user;
// Now access manager will do its work seamlessly in the background,
// but we need a user: (The example ACL will only allow anonymous users and super users create accounts)
app.post('/register', async (req, res)=>{
// create user
let user = await new User(req.body);
await user.save();
res.json({msg:'Registered'});
});
// To login (The example ACL will prevent you from logging in if you are already in)
app.post('/login', async (req, res)=>{
// create login from user
if(passwordsMatch){
req.session.user = user._id;
req.session.loggedIn = true;
await req.session.save(); // save the state
res.json({msg:'Logged in'});
}else{
res.json({msg:'Failed login'});
}
});
// To logout (The example ACL will prevent you from logging out if you are already out)
app.all('/logout', async (req, res)=>{
req.user = {}; // we clear the user
req.session.loggedIn = false; // but we retain the session with a logged out state, since this is better for tracking, pratical and security reasons
await req.session.save(); // save the state
res.json({msg:'Logged out'});
});
// The example ACL would only allow this route on logged in users
app.get('/messages', async (req, res)=>{
res.json({msg:'Here are your messages'});
});
FAQs
A one-stop solution for implementing authenticated and anonymous continuous sessions with user handling and whitelisted acl.
The npm package access-manager receives a total of 0 weekly downloads. As such, access-manager popularity was classified as not popular.
We found that access-manager demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
FSF files an amicus brief against Neo4j, defending the AGPL and warning against adding restrictive terms that undermine free software rights.
Research
Security News
Malicious PyPI package ‘set-utils’ steals Ethereum private keys by exfiltrating them through blockchain transactions via the Polygon RPC.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.