Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

context-access

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

context-access

Powerful access control with a dead simple API.

  • 1.0.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
0
decreased by-100%
Maintainers
1
Weekly downloads
 
Created
Source

context-access

Build Status Dependency Status

Powerful access control with a dead simple API. Build any access control scheme you need by allowing maps of arbitrary keys and values called contexts.

  • Simple — just two API methods.
  • Powerful — flexible enough to build any API scheme.
  • Browser support — works on the client or server.

Installation

Node

Using npm:

npm install context-access

Browser

Using component:

component install bloodhound/context-access

Example

The simplest example is a traditional roles-based access control system:

var access = require('context-access');

access.allow({
  url: '/public',
  role: 'guest'
});

access.assert({
  url: '/public'
});
// => false

The call to assert returns false because the properties in the context asserted do not match any allowed context. However, if we add a matching role property:

access.allow({
  url: '/public',
  role: 'guest'
});

access.assert({
  url: '/public',
  role: 'guest'
});
// => true

You can imbricate arrays to alternate AND and OR operations when asserting:

["role1", "role1"]                role1 AND role2
[["role1", "role2"]]              role1 OR role2
["role1", ["role2", "role3"]]     role1 AND (role2 OR role3)

access.allow({
  url: '/private',
  roles: [['manager', 'admin']]
});

access.assert({
  roles: 'manager'
});
// => true

Express middleware

Use contexts to match routes in Express:

var app = require('express')();
var access = require('coaccess');

access.allow({
  role: 'guest',
  path: '/users',
  method: 'GET'
});

access.allow({
  role: 'admin',
  path: '/users',
  method: ['GET', 'PUT', 'POST', 'DELETE']
});

// Route middleware
var authorize = function(req, res, next) {
  var context = {
    role: req.session.role,   // admin
    path: req.path,           // /users
    method: req.method        // POST
  };
  if (access.assert(context)) {
    return next();
  }
  res.send(403, 'You must be an admin to do this!');
};

// Use route middleware
app.post('/users', authorize, function(req, res) {
  // ...
});

API

exports.allow(context)

Allow a given context when asserted.

exports.assert(context)

Assert a given context. Returns true or false if it is allowed or denied.

If there's no definition for a key in the given context, then it is ignored.

Browser support

Firefox, Chrome, Safari, IE9+

Tests

Tests are written with mocha and should using BDD-style assertions.

Run them with npm:

npm test

MIT Licensed

Keywords

FAQs

Package last updated on 15 Sep 2013

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc