express-allow

    0.1.0-alpha.1 • Public • Published

    express-allow

    Flexible permission management by using strategies


    Getting started

    Assume we need to implement simple API:

    GET /users => allow to admin only

    GET /users/:id => allow to authenticated user with the appropriate id

    POST /users => without authentication for new users

    Import the module:

    const permissions = require('express-allow') // global
    
    const { Permissions } = require('express-allow')
    const permissions = new Permissions() // instance
    

    Import strategies:

    const RoleStrategy = require('express-allow-roles')
    const BodySchema = require('express-allow-body')
    

    Use strategies:

    permissions
        // use strategy with options
        .use('admin', new RoleStrategy({ ... }))
        
        // use strategy with callback
        .use('me', new RoleStrategy(() => { ... }))
        
        // use multiple strategies
        .use('new',
            new RoleStrategy(verify)
            new BodySchema(schema, options)
        )
    
    

    Use middlewares app:

    app
        .get('/users',
    	    permissions('admin'),
    	    (req, res) => res.end('list all users')
    	)
    	.get('/users/:id',
    	    permissions(['me', 'admin']),
    	    (req, res) => res.end(`show user ${req.params.id}`)
    	)
    	.post('/users',
    	    permissions('new'),
    	    (req, res) => res.end('new user')
    	)
    

    Contributing

    Please send email to alexeimyshkouski@gmail.com if you would like to contribute.


    TODO

    • better error handling
    • better routing
    • more strategies

    Keywords

    none

    Install

    npm i express-allow

    DownloadsWeekly Downloads

    3

    Version

    0.1.0-alpha.1

    License

    MIT

    Last publish

    Collaborators

    • avatar