casbin-core

Casbin-Core

💖 Looking for an open-source identity and access management solution like Okta, Auth0, Keycloak ? Learn more about: Casdoor

News: still worry about how to write the correct casbin-core policy? Casbin online editor is coming to help!

casbin-core is a powerful and efficient open-source access control library for JavaScript projects. It provides support for enforcing authorization based on various access control models.

All the languages supported by Casbin:

Casbin	jCasbin	node-Casbin	PHP-Casbin
production-ready	production-ready	production-ready	production-ready

PyCasbin	Casbin.NET	Casbin-CPP	Casbin-RS
production-ready	production-ready	beta-test	production-ready

Documentation

https://casbin.org/docs/en/overview

Feature

• 😎 Written in TypeScript to provide the type definitions
• 🎯 Support multiple access model such as ACL, RBAC, ABAC
• 🎮 Run everywhere on JavaScript platforms such as WEB, Node.js, React-Native, Electron, etc.

Installation

Note: The project is under development and the API is unstable.

# NPM
npm install casbin-core@beta --save

# Yarn
yarn add casbin-core@beta

Get started

New an enforcer with a model string and a memory policy, see Model section for details:

import { newEnforcer, newModel, MemoryAdapter } from 'casbin-core';

const model = newModel(`
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
`);

const adapter = new MemoryAdapter(`
p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
`);

const enforcer = await newEnforcer(model, adapter);

Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.

Add an enforcement hook into your code right before the access happens:

const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.

// Async:
const res = await enforcer.enforce(sub, obj, act);
// Sync:
// const res = enforcer.enforceSync(sub, obj, act);

if (res) {
  // permit alice to read data1
} else {
  // deny the request, show an error
}

Besides the static policy file, casbin-core also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

const roles = await enforcer.getRolesForUser('alice');

See Policy management APIs for more usage.

Policy management

Casbin provides two sets of APIs to manage permissions:

• Management API: the primitive API that provides full support for Casbin policy management.
• RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

Official Model

https://casbin.org/docs/en/supported-models

Policy persistence

https://casbin.org/docs/en/adapters

Policy consistence between multiple nodes

https://casbin.org/docs/en/watchers

Role manager

https://casbin.org/docs/en/role-managers

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

This project is licensed under the Apache 2.0 license.

Contact

If you have any issues or feature requests, please contact us. PR is welcomed.

• https://github.com/casbin/casbin-core/issues
• hsluoyz@gmail.com
• Tencent QQ group: 546057381