Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
fastify-casbin-rest
Advanced tools
A plugin for Fastify that adds support for Casbin RESTful model.
It depends and builds on top of fastify-casbin and provides an opinionated approach to model an authorization scheme based on a RESTful model using Casbin Node.js APIs within a Fastify application.
npm i casbin fastify-casbin fastify-casbin-rest
fastify-casbin
must be registered in the Fastify instance
Once registered, the plugin use the Fastify instance decorated by fastify-casbin
and will automatically enforce authorization rules to routes where the plugin is enabled.
It uses the default Casbin's sub
, obj
and act
entities and extracts them automatically from the request.
When a rule is not satisfied, it returns a 403 Forbidden
error by default.
All the options can be customized when registering the plugin.
The plugin must be explicitly enabled on individual routes via route options. The plugin will have no effect on routes on which it is not enabled.
fastify.route({
// ... other route options
casbin: {
rest: true
}
})
This plugin introduces new route option casbin.rest
. It can be either a true
value (which enables default configuration) or an object.
Supported object options:
Option | Type | Description | Default |
---|---|---|---|
getSub | Request => string or string | Extracts sub from the request or constant | Value from plugin options |
getDom | Request => string or string | Extracts dom from the request or constant | Value from plugin options |
getObj | Request => string or string | Extracts obj from the request or constant | Value from plugin options |
getAct | Request => string or string | Extracts act from the request or constant | Value from plugin options |
The API exposed by this plugin is the configuration options:
Option | Type | Description | Default |
---|---|---|---|
getSub | Request => string | Extracts sub from the request | r => r.user |
getDom | Request => string | Extracts dom from the request | undefined |
getObj | Request => string | Extracts obj from the request | r => r.url |
getAct | Request => string | Extracts act from the request | r => r.method |
onDeny | (Reply, { sub, obj, act, dom }) => any | Invoked when Casbin's enforce resolves to false | Returns a 403 Forbidden error |
onAllow | (Reply, { sub, obj, act, dom }) => any | Invoked when Casbin's enforce resolves to true | noop |
log | (Fastify, Request, { sub, obj, act, dom }) => void | Invoked before invoking Casbin's enforce | Logs using fastify.log.info |
hook | 'onRequest', 'preParsing', 'preValidation', 'preHandler' | Which lifecycle to use for performing the check | 'preHandler' |
Note that extraction rules defined within route options take precedence over the rules defined in the plugin options.
If getDom
is not set either on a route nor on a plugin level, enforcer is invoked with (sub, obj, act)
.
If getDom
is set, enforcer is invoked with (sub, dom, obj, act)
.
A working example can be found in the examples folder.
The example below uses fastify-jwt to authenticate users and extract user information from the request. It uses sample REST model and policy files.
const fastify = require('fastify')()
// register jwt plugin
fastify.register(require('fastify-jwt'), {
secret: 'some secret'
})
// register casbin plugin
fastify.register(require('fastify-casbin'), {
modelPath: 'rest_model.conf', // the model configuration
adapter: 'rest_policy.csv' // the adapter
})
// register and configure casbin-rest plugin
fastify.register(require('fastify-casbin-rest'), {
getSub: r => r.user.payload.username
})
// decorate Fastify instance with authenticate method
fastify.decorate('authenticate', async function (request, reply) {
try {
await request.jwtVerify()
} catch (err) {
reply.send(err)
}
})
// sample login endpoint which always authenticates the user
fastify.post('/login', async request => {
return fastify.jwt.sign({ payload: { username: 'alice' } })
})
fastify.get(
'/protected',
{
// ensure user is authenticated
preValidation: [fastify.authenticate],
// enable fastify-casbin-rest plugin on this route, override default "getObj" rule
casbin: {
rest: {
getSub: request => request.userId,
getAct: 'read'
},
}
},
async () => `You're in!`
)
Licensed under MIT License
FAQs
Plugin for fastify to add support for Casbin REST model
The npm package fastify-casbin-rest receives a total of 36 weekly downloads. As such, fastify-casbin-rest popularity was classified as not popular.
We found that fastify-casbin-rest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.