Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

access-policy

Package Overview
Dependencies
0
Maintainers
1
Versions
1
Issues
File Explorer

Advanced tools

access-policy

Encodes and decodes policy JSON files for use with web applications.

    3.1.0latest

Version published
Maintainers
1
Yearly downloads
9,040
increased by78.55%

Weekly downloads

Readme

Source

Access Policy Encoder/Parser

Statements Format

{ "statements": [ //Array { "effect": "deny", // String "action": "*", // String or Array "resource": [ // String or Array "/user/${user.id}/*" ], "condition": { // Object "equals": { // Object "key": "value" } }, "restiction": { "equals": { // Object "key": "value" } } } ] }

Statement

  • effect: (Optional) Access to a resource is always denied if there are no matches in a statement. If you need to countermand a more "general" allowed statement with a specific rule, you would use deny.
  • action: The HTTP action (GET, POST, PUT, DELETE)
  • resource: The URL that is being accessed
  • condition: (Optional) A condition for accessing the resource. NOT YET IMPLEMENTED
  • restriction: (Otional) Restrictions to the data that can be accessed from a resource. While it's entirely possible to access a resource it can be possible to limit that data that is available from it.

Encoding

Encoding a statement happens at run time (if the provided statement hasn't already been encoded) and evaluated against data provided.

Template Format

When encoding a policy variables are provided via template literal style strings.

{ "key": "${value}" }

Parsing

Accepted Data

The following object is what the parser expects to recieve.

{ Action: 'GET', Resource: 'user/12345', property: 'value', property2: { key: 'value', key2: 'value' } }

Required

The following properties are required for validation:

  • Method: The http method for the request (GET, POST, PUT, DELETE)
  • Resource: The pathname of the requesting URL

Optional

Beyond the required properties you can inlude arbitrary properties that can be nested and accessed during encoding.

// Template { "statements": [ { "effect": "deny", "action": "*", "resource": [ "/user/${user.id}/*" ], "restiction": { "equals": { "account_id": "${accountId}" } } } ] } // Data { Action: "GET", Resource: "/user/1234", accountId: "5678" }

Keywords

Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc