Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
ocbesbn-bouncer
Advanced tools
BOUNCER
Midldleware for individual nodejs services, takes care of following items
- Get permission details from ACL services
- validate the incoming calls
- supply the acl.json data
Default options
var defaultOptions =
{
host: 'consul',
serviceName: '',
acl: require('./acl.json')
}
Internal dependencies
- ocbesbn-web-init
Bouncer should be added as a middleware to the ocbesbn-web-init.
Example
import acl json via file
var bouncer = require('ocbesbn-bouncer');
{
...
middlewares: [bouncer({
host: 'consul',
serviceName: 'user', //says user service
acl: require('mypath/acl.json'),
aclServiceName: 'acl'
}).Middleware]
...
}
import acl json directly
var bouncer = require('ocbesbn-bouncer');
{
...
middlewares: [bouncer({
host: 'consul',
serviceName: 'user', //example
acl: {
"Health": { `// Key represents resource group Id`
"translations": { `// Translation for the resource group`
"name" : { `// Name of the resource group by language`
"en": "Health check",
"de": ""
},
"description": { `// Short description, explains about the resource group`
"en": "Health check endpoint used by service checks",
"de": ""
}
},
"resources": [ `// List of resources`
{
"type": "rest", `// Type of the resource, mostly be rest (API endpoints) for now`
"resourceId": "/api/health/check", `// Regular expression/complete endpoint (route of API endpoint)`
"actions": ["edit", "read"], `// Actions allowed edit=PUT, read=GET, delete=DELETE, create=POST`
"fields": ['result', 'more.somefield'] `// defines what are all the fields can be sent to the user/requestor, nested fields can be added like OBJECT.SOMEKEY..`
}
]
}
}
},
aclServiceName: 'acl'
}).Middleware]
...
}
Patterns in resource ids
Mostly the resource id is a string or regular expression, along with that, we also a pattern to replace with current user information. For E.g
The below resource Id contains ${_current_user_id}, which represents current user id, means Id of the user who ever is requesting this particular URI / resource.
"resourceId": "/users/${_current_user_id}/profile"
Here are some of the pattern which represents current user's information
${_current_user_id} - current user's id
${_current_tenant_id} - current user's tenant id
${_current_customer_id} - current user's customer id
${_current_supplier_id} - current user's supplier id
FAQs
Express middleware for ACl service and validation
We found that ocbesbn-bouncer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 26 Feb 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025