Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
authorizedjs
Advanced tools
authorizedjs - simple authorization tool for node applications
Usage
It's very easy to use the tool with CoffeeScript.
Permits
Set up permits.
Auth = require 'authorizedjs'
class MyTestPermits extends Auth.Permits
adminOnlyAction: (resource) ->
@user.role is "admin"
everyUserAction: (resource) ->
@user.role is "user"
resourceBasedAction: (resource) ->
resource.user.id is @user.id
validForEverybody: (resource) ->
true
secret: (resource) ->
false
now in your route/controller you can check for authorization:
1. set up authorization:
auth = new Auth.Authorization({MyTest: MyTestPermits})
This is the place where you map your resource with permits. In this example
`MyTest` is a name of your resource and `MyTestPermits` is an object where permits for actions are defined.
2. check if a user can perform an action (assuming that `currentUser` is the user you are going to check):
a) you can catch `error` or `success` events emitted by auth
auth.on 'error', (error) ->
# user is not authenticated and should be redirected to some other action
#
# there are 3 types of error
# MissingPermits - Permits are missing, you should include them
# MissingPermit - Permit cannot be found, maybe typo?
# UnauthorizedAccess - user is not authorized
auth.on 'success', (data) -> # user is authenticated # you can proceed with your action here
perform checking
auth.check currenUser, 'MyTest', 'someAction'
b) you can also pass `success` and `error` functions to auth.check
auth.check currentUser, 'MyTest', 'someAction', (data) -> # user is authenticated , (error) -> # user is not authenticated # error messages are the same as described above
c) last but not least, you can simply check if user is able to perform the action. Note please that we are using `test` method!
if auth.test currentUser, 'MyTest', 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!
3. It's also possible to use class as resource (Mongoose objects are also supported):
class MyTest constructor: ->
if auth.test currentUser, MyTest, 'adminOnlyAction' # we're ok to go! else # rights are not sufficient to see that resource!
It works with auth.check as well.
You need to ensure that this resource returns its name with `resource.name`. In our case it should be:
console.log MyTest.name
'MyTest'
4. when user can manage only his/her resource then it's better to use the resource object
class MyTest constructor: (@user) ->
myTestObject = new MyTest(someUser)
if auth.test currentUser, myTestObject, 'resourceBasedAction' # we're ok to go! else # rights are not sufficient
It works with auth.check as well.
it's very important that resource returns its name with `resource.constructor.name`! In our case it should be:
console.log myTestObject.constructor.name
MyTest
Keywords
FAQs
Package last updated on 17 May 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025