Socket
Socket
Sign inDemoInstall

access-policy

Package Overview
Dependencies
0
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    access-policy

Encodes and decodes policy JSON files for use with web applications.

Version published
Weekly downloads
37
increased by42.31%
Maintainers
1
Install size
7.23 kB
Created
Weekly downloads
 

Readme

Source

Access Policy Encoder/Parser

Statements Format

{
  "statements": [ //Array
    {
      "effect": "deny", // String
      "action": "*", // String or Array
      "resource": [ // String or Array
        "/user/${user.id}/*"
      ],
      "condition": { // Object
        "equals": { // Object
          "key": "value"
        }
      },
      "restiction": {
        "equals": { // Object
          "key": "value"
        }
      }
    }
  ]
}

Statement

  • effect: (Optional) Access to a resource is always denied if there are no matches in a statement. If you need to countermand a more "general" allowed statement with a specific rule, you would use deny.
  • action: The HTTP action (GET, POST, PUT, DELETE)
  • resource: The URL that is being accessed
  • condition: (Optional) A condition for accessing the resource. NOT YET IMPLEMENTED
  • restriction: (Otional) Restrictions to the data that can be accessed from a resource. While it's entirely possible to access a resource it can be possible to limit that data that is available from it.

Encoding

Encoding a statement happens at run time (if the provided statement hasn't already been encoded) and evaluated against data provided.

Template Format

When encoding a policy variables are provided via template literal style strings.

{
    "key": "${value}"
}

Parsing

Accepted Data

The following object is what the parser expects to recieve.

{
    Action: 'GET',
    Resource: 'user/12345',
    property: 'value',
    property2: {
      key: 'value',
      key2: 'value'
    }
}

Required

The following properties are required for validation:

  • Method: The http method for the request (GET, POST, PUT, DELETE)
  • Resource: The pathname of the requesting URL

Optional

Beyond the required properties you can inlude arbitrary properties that can be nested and accessed during encoding.

// Template
{
  "statements": [
    {
      "effect": "deny",
      "action": "*",
      "resource": [
        "/user/${user.id}/*"
      ],
      "restiction": {
        "equals": {
          "account_id": "${accountId}"
        }
      }
    }
  ]
}

// Data
{
  Action: "GET",
  Resource: "/user/1234",
  accountId: "5678"
}

Keywords

FAQs

Last updated on 27 Jul 2016

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The AI Advantage: Reshaping Cybersecurity in the Age of Autonomous Threats

Security News

The AI Advantage: Reshaping Cybersecurity in the Age of Autonomous Threats

As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.

By Sarah Gooding  -  Apr 25, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc