express-dynacl
Advanced tools
Readme
express-dynacl is a simple ExpressJS dynamic access control list middleware, that allows to grant access to queries based on request details.
Set up roles:
var guest = {
"nonalcoholic": {
// you can use a boolean as in standard ACL roles, default is false
"watch": true,
"drink": true
},
"alcoholic": {
"watch": true
}
};
var guestWithId = {
"alcoholic": {
// or you can use a function of request
"drink": function(req){
return isEligibleToDrink(req) // check if over 18/21/...
}
}
};
var barowner = {
"*": true // give admin role
};
module.exports = {
"guest": guest,
"guestWithId": guestWithId,
"barowner": barowner
}
Import and configure the middleware:
var acl = require("express-dynacl");
// configure DynACL
var aclOptions = {
// load roles (default is no roles)
roles: {
"guest": require("./roles").guest,
"guestWithId": require(".roles").guestWithId,
"barowner": require(".roles").barowner
},
// set some of the roles as default - each request will expect that user has these roles (default is none)
defaultRoles: ["guest"],
// enable logging to console (default is false)
logConsole: true,
// set the req.user property where roles are stored (default is req.user.roles)
rolesProperty: "roles"
}
acl.config(aclOptions);
Use as middleware:
var express = require('express');
var app = express();
var router = express.Router();
module.exports = router;
var acl = require("express-dynacl");
router.get("/pub/coke", acl("nonalcoholic","drink"), (req,res) => {
// drink coke
});
router.get("/pub/beermenu", acl("alcoholic","watch"), (req,res) => {
// watch beer menu
});
router.get("/pub/beer", acl("alcoholic","drink"), (req,res) => {
// drink beer
});
Use inside request:
var express = require('express');
var app = express();
var router = express.Router();
module.exports = router;
var acl = require("express-dynacl");
router.get("/pub/drink", (req,res) => {
if(acl.check("nonalcoholic","drink",req)) // drink coke
if(acl.check("alcoholic","drink",req)) // drink beer
});
User roles are assigned by a string array of role names located at req.user.roles or in other req.user property set in configuration.
FAQs
Express dynamic access control list, that allows to grant access to queries based on request details
We found that express-dynacl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an unprecedented surge, May 2024 saw the publication of over 5,000 CVEs, marking a historic milestone in cybersecurity with an average of 164 CVEs per day, nearly double the 2023 daily average.
Security News
The White House is addressing fragmented cybersecurity regulations as CISOs report spending up to 50% of their time on compliance, aiming to harmonize requirements and improve cybersecurity outcomes.
Security News
Research
The Socket Research Team has identified a malicious Python package that is typosquatting the popular crytic-compile utility, frequently used in popular toolkits and development environments for smart contracts and crypto applications.