New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

rbac-express

Package Overview
Dependencies
Maintainers
0
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

rbac-express

JWT for authentication and role-based access control, which makes it adaptable to many Node.js web frameworks.

latest
npmnpm
Version
1.1.2
Version published
Maintainers
0
Created
Source

rbac-express

A simple and lightweight middleware for implementing Role-Based Access Control (RBAC) in Express.js applications using JWT.

Features

  • 🚀 Easy-to-use middleware for protecting Express.js(tested on express only) routes.
  • 🔒 Built-in support for JWT-based authentication.
  • Role-based access control with minimal configuration.
  • 🔗 Highly flexible and customizable.

Installation

Install the library using npm:

npm install rbac-express

on your main app should install Express.JS & and jsonwebtoken for create jwt.

Usage

  • Setup JWT Authentication and Middleware : Add the middleware to your Express.js app to protect routes based on user roles.
const express = require("express");
const jwt = require("jsonwebtoken");
const { authorize } = require("rbac-express");

const app = express();

// JWT secret key
const SECRET_KEY = "your-secret-key";

//Simulate user login and generate JWT
app.post("/login", (req, res) => {
  const user = { id: 1, username: "user1", roles: ["admin"] }; // Replace with your user data
  const token = jwt.sign(user, SECRET_KEY, { expiresIn: "1h" });
  res.json({ token });
});

// Protected route
app.get(
  "/admin",
  authorize({
    secret: SECRET_KEY, // Your JWT secret key
    roles: ["admin"], // Roles allowed to access this route
  }),
  (req, res) => {
    res.send("Welcome, Admin!");
  }
);

// Start the server
app.listen(3000, () => {
  console.log("Server running on http://localhost:3000");
});

API Documentation

Middleware Options

  • secret : required, string (The secret key used to verify JWTs.)
  • roles : required, array of strings (The array of roles allowed to access the route.)

JWT Payload Requirements

The JWT payload must contain a roles field, which is an array of roles assigned to the user. And you can add any other fields to the token as you wish.

{
  "id": 1,
  "username": "user1",
  "roles": ["admin", "editor"]
}

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

MIT

Contact me on 😎

H. Kavinda Dissanayake

Email : kavindapvt@gmail.com

Linkdin : www.linkedin.com/in/dissanayake-kavinda

GitHub : https://github.com/kavinda-KPD

Keywords

rbac
jwt
express
auth
role based access control

FAQs

Package last updated on 30 Dec 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026