
Research
Security News
Malicious npm Package Wipes Codebases with Remote Trigger
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
node-role-permissions
Advanced tools
node-role-permissions is a Node.js package that provides a flexible middleware system for role-based access control in Express applications. It integrates seamlessly with MongoDB to manage roles and user roles. The package allows users to authenticate and
Beta and Testing Versions
nodejs-role-permissions, is a Node.js library created to simplify role-based access control (RBAC) in Express applications. It offers a flexible middleware system for managing user roles, and securing routes based on assigned roles.
The package creates five collections in your MongoDB database: roles, userRoles, permissions, role-permission and user-permission These collections are used to store role information, user-role mappings, and permissions.
Open roleConfig.js in your preferred text editor and modify the settings according to your requirements.
module.exports = {
userCollection: 'User', //Make sure this is user model for authentication
};
const userId = '4d539894a4761d3c05e3'; // Replace with the actual user ID
const roleName = 'Admin'; //Assuming you have this role
assignRole(userId, roleName);
const { assignRole} = require("node-role-permissions"); const hash = await bcrypt.hash(password, 10) const newUser = new User({ name: name, email: email, phone: phone, address:address, password:hash, verify:0 }); newUser.save(); assignRole(newUser.id,'Admin');
const userId = req.userId; // Make sure to pass your userId in this format from your authMiddleware while using role middleware;
// app.js or your main server file
const express = require('express');
const app = express();
const { checkUserRole } = require('node-role-permissions');
app.get('/admin/dashboard', authenticateMiddleware checkUserRole('admin'), (req, res) => {
// This route requires the 'admin' role
res.send('Welcome to the admin dashboard!');
});
// Another route without middleware
app.get('/public', (req, res) => {
res.send('This is a public route.');
});
Note: Ensure that the user ID is sent to the middleware through the authentication process.
const userId = 'yourUserIdObjID'; // Replace with the actual user ID
(async () => {
const userRole = await getUserRole(userId);
console.log(userRole);
})();
const {assignPermissionToRole } = require("node-role-permissions");
assignPermissionToRole('Admin', 'Edit'); //Assuming 'Admin' role and 'Edit' permissions already exist
const {assignPermissionToUser } = require("node-role-permissions");
const userId = '4d539894a4761d3c05e3'; // Replace with the actual user ID
assignPermissionToUser(userId, 'Edit'); //Assuming 'Edit' Permission already exist
const userId = req.userId; // Make sure to pass your userId in this format from your authMiddleware while using permission middleware;
// app.js or your main server file
const express = require('express');
const app = express();
const { checkPermission } = require('node-role-permissions');
app.get('/admin/dashboard', authenticateMiddleware, checkPermission('Edit'), (req, res) => {
// This route requires the 'edit' Permission
res.send('You can edit this route content.');
});
app.get('/public', (req, res) => {
res.send('This is a public route.');
});
Note: Ensure that the user ID is sent to the middleware through the authentication process.
In the next update, we're excited to introduce a comprehensive permission management feature to complement our existing roles functionality. This enhancement will empower you with more fine-grained control over user access, allowing you to tailor permissions to meet the specific needs of your application. Get ready for a more versatile and powerful user access management system!
FAQs
node-role-permissions is a Node.js package that provides a flexible middleware system for role-based access control in Express applications. It integrates seamlessly with MongoDB to manage roles and user roles. The package allows users to authenticate and
The npm package node-role-permissions receives a total of 2 weekly downloads. As such, node-role-permissions popularity was classified as not popular.
We found that node-role-permissions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
Security News
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.