Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

fastify-casbin-rest

Package Overview
Dependencies
Maintainers
34
Versions
11
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

fastify-casbin-rest

Plugin for fastify to add support for Casbin REST model

  • 2.1.0
  • Source
  • npm
  • Socket score

Version published
Maintainers
34
Created
Source

fastify-casbin-rest

Continuous Integration codecov npm version

A plugin for Fastify that adds support for Casbin RESTful model.

It depends and builds on top of fastify-casbin and provides an opinionated approach to model an authorization scheme based on a RESTful model using Casbin Node.js APIs within a Fastify application.

Install

npm i casbin fastify-casbin fastify-casbin-rest

fastify-casbin must be registered in the Fastify instance

How it works

Once registered, the plugin use the Fastify instance decorated by fastify-casbin and will automatically enforce authorization rules to routes where the plugin is enabled.

It uses the default Casbin's sub, obj and act entities and extracts them automatically from the request.

When a rule is not satisfied, it returns a 403 Forbidden error by default.

All the options can be customized when registering the plugin.

API

The plugin must be explicitly enabled on individual routes via route options. The plugin will have no effect on routes on which it is not enabled.

fastify.route({
  // ... other route options
  casbin: {
    rest: true
  }
})

Route options

This plugin introduces new route option casbin.rest. It can be either a true value (which enables default configuration) or an object. Supported object options:

OptionTypeDescriptionDefault
getSubRequest => string or stringExtracts sub from the request or constantValue from plugin options
getDomRequest => string or stringExtracts dom from the request or constantValue from plugin options
getObjRequest => string or stringExtracts obj from the request or constantValue from plugin options
getActRequest => string or stringExtracts act from the request or constantValue from plugin options

Plugin options

The API exposed by this plugin is the configuration options:

OptionTypeDescriptionDefault
getSubRequest => stringExtracts sub from the requestr => r.user
getDomRequest => stringExtracts dom from the requestundefined
getObjRequest => stringExtracts obj from the requestr => r.url
getActRequest => stringExtracts act from the requestr => r.method
onDeny(Reply, { sub, obj, act, dom }) => anyInvoked when Casbin's enforce resolves to falseReturns a 403 Forbidden error
onAllow(Reply, { sub, obj, act, dom }) => anyInvoked when Casbin's enforce resolves to truenoop
log(Fastify, Request, { sub, obj, act, dom }) => voidInvoked before invoking Casbin's enforceLogs using fastify.log.info
hook'onRequest', 'preParsing', 'preValidation', 'preHandler'Which lifecycle to use for performing the check'preHandler'

Note that extraction rules defined within route options take precedence over the rules defined in the plugin options. If getDom is not set either on a route nor on a plugin level, enforcer is invoked with (sub, obj, act). If getDom is set, enforcer is invoked with (sub, dom, obj, act).

Examples

A working example can be found in the examples folder.

The example below uses fastify-jwt to authenticate users and extract user information from the request. It uses sample REST model and policy files.

const fastify = require('fastify')()

// register jwt plugin
fastify.register(require('fastify-jwt'), {
  secret: 'some secret'
})

// register casbin plugin
fastify.register(require('fastify-casbin'), {
  modelPath: 'rest_model.conf', // the model configuration
  adapter: 'rest_policy.csv' // the adapter
})

// register and configure casbin-rest plugin
fastify.register(require('fastify-casbin-rest'), {
  getSub: r => r.user.payload.username
})

// decorate Fastify instance with authenticate method
fastify.decorate('authenticate', async function (request, reply) {
  try {
    await request.jwtVerify()
  } catch (err) {
    reply.send(err)
  }
})

// sample login endpoint which always authenticates the user
fastify.post('/login', async request => {
  return fastify.jwt.sign({ payload: { username: 'alice' } })
})

fastify.get(
  '/protected',
  {
    // ensure user is authenticated
    preValidation: [fastify.authenticate],
    // enable fastify-casbin-rest plugin on this route, override default "getObj" rule
    casbin: {
      rest: {
        getSub: request => request.userId,
        getAct: 'read'
      },
    }
  },
  async () => `You're in!`
)

License

Licensed under MIT License

Keywords

FAQs

Package last updated on 21 Apr 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc