(Hierarchical Role Based Access Control)
RBAC is the authorization library for NodeJS.
:tada: We have supported DynamoDB storage now by implementation of dynamoose.
I needed hierarchical role based access control for my projects based on ExpressJS. I had one requirement. This structure must be permanently stored in various storages. For example in memory or Mongoose. Because there is a lot of options for storing of data and many of them are asynchronous. I created asynchronous API. Please, if you found any bug or you need custom API, create an issue or pull request.
Read more about API in documentation
Star this project on GitHub.
npm install rbac
import { RBAC } from 'rbac'; // ES5 var RBAC = require('rbac').default;
const rbac = new RBAC({
roles: ['superadmin', 'admin', 'user', 'guest'],
permissions: {
user: ['create', 'delete'],
password: ['change', 'forgot'],
article: ['create'],
rbac: ['update'],
},
grants: {
guest: ['create_user', 'forgot_password'],
user: ['change_password'],
admin: ['user', 'delete_user', 'update_rbac'],
superadmin: ['admin'],
},
});
await rbac.init();
import express from 'express';
import { RBAC } from 'rbac';
import secure from 'rbac/controllers/express';
// your custom controller for express
function adminController(req, res, next) {
res.send('Hello admin');
}
const app = express();
const rbac = new RBAC({
roles: ['admin', 'user'],
});
await rbac.init();
// setup express routes
app.use('/admin', secure.hasRole(rbac, 'admin'), adminController);
const can = await rbac.can('admin', 'create', 'article');
if (can) {
console.log('Admin is able create article');
}
// or you can use instance of admin role
const admin = await rbac.getRole('admin');
if (!admin) {
return console.log('Role does not exists');
}
const can = await admin.can('create', 'article');
if (can) {
console.log('Admin is able create article');
}
Please take a look on plugin mongoose-hrbac
npm run doc
npm run test
npm run build
The MIT License (MIT)
Copyright (c) 2016-2018 Zlatko Fedor zfedor@goodmodule.com
FAQs
Hierarchical Role Based Access Control
The npm package rbac receives a total of 14,253 weekly downloads. As such, rbac popularity was classified as popular.
We found that rbac demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket's Rubygems ecosystem support is moving from beta to GA, featuring enhanced security scanning to detect supply chain threats beyond traditional CVEs in your Ruby dependencies.
Research
The Socket Research Team investigates a malicious npm package that appears to be an Advcash integration but triggers a reverse shell during payment success, targeting servers handling transactions.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.