w-web-perm
Advanced tools
A web service for permissions.
To view documentation or get support, visit docs.
npm i w-web-perm
Link: [dev source code]
import WOrm from 'w-orm-lmdb/src/WOrmLmdb.mjs'
import WWebPerm from './server/WWebPerm.mjs'
import getSettings from './g.getSettings.mjs'
//st
let st = getSettings()
let url = st.dbUrl
let db = st.dbName
let opt = {
bCheckUser: false,
getUserById: null,
bExcludeWhenNotAdmin: false,
serverPort: 11006,
subfolder: '', //mperm
urlRedirect: 'https://www.google.com/', //本機測試時得先編譯, 再瀏覽: http://localhost:11006/
webName: {
'eng': 'Permission Service',
'cht': '權限管理系統',
},
webDescription: {
'eng': 'A web service package for user permissions and management targets.',
'cht': 'A web service package for user permissions and management targets.',
},
webLogo: 'data:image/svg+xml;base64,...',
}
let getUserByToken = async (token) => {
// return {} //測試無法登入
if (token === '{token-for-application}') { //提供外部應用系統作為存取使用者
return {
id: 'id-for-application',
name: 'application',
email: 'application@example.com',
isAdmin: 'y',
}
}
if (token === 'sys') { //開發階段w-ui-loginout自動給予browser使用者(且位於localhost)的token為sys
return {
id: 'id-for-admin',
name: 'tester',
email: 'admin@example.com', //mappingBy為email, 開發階段時會使用email找到所建置之使用者資料
isAdmin: 'y',
}
}
console.log('invalid token', token)
console.log('於生產環境時得加入SSO等驗證token機制')
return {}
}
let verifyBrowserUser = (user, from) => {
console.log('verifyBrowserUser/user', user)
// return false //測試無法登入
console.log('於生產環境時得加入限制瀏覽器使用者身份機制')
return user.isAdmin === 'y' //測試僅系統管理者使用
}
let verifyAppUser = (user, from) => {
console.log('verifyAppUser/user', user)
// return false //測試無法登入
console.log('於生產環境時得加入限制應用程式使用者身份機制')
return user.isAdmin === 'y' //測試僅系統管理者使用
}
//WWebPerm
let instWWebPerm = WWebPerm(WOrm, url, db, getUserByToken, verifyBrowserUser, verifyAppUser, opt)
instWWebPerm.on('error', (err) => {
console.log(err)
})
FAQs
A web service for permissions.
We found that w-web-perm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.