UNPKG

@webgap/authorization-utils

Version:

WebGAP authorization module for express routes using Role-based Access Control - RBAC.

github.com/webgap/authorization-utils

webgap/authorization-utils

91 lines (67 loc) 2.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# WebGAP Authorization Utils [![Build Status](https://travis-ci.org/webgap/authorization-utils.svg)](https://travis-ci.org/webgap/authorization-utils) [![Test Coverage](https://codeclimate.com/github/webgap/authorization-utils/badges/coverage.svg)](https://codeclimate.com/github/webgap/authorization-utils/coverage) [![Code Climate](https://codeclimate.com/github/webgap/authorization-utils/badges/gpa.svg)](https://codeclimate.com/github/webgap/authorization-utils) [![Dependency Status](https://gemnasium.com/webgap/authorization-utils.png)](https://gemnasium.com/webgap/authorization-utils) [![NPM version](http://img.shields.io/npm/v/@webgap/authorization-utils.svg?style=flat)](https://www.npmjs.com/package/@webgap/authorization-utils) [![NPM downloads](http://img.shields.io/npm/dm/@webgap/authorization-utils.svg?style=flat)](https://www.npmjs.com/package/@webgap/authorization-utils) # README #### WebGAP Authorization module for Express.js This is the Authorization utilities module for express routes using Role-based Access Control - RBAC. # Dependencies Handles notifications using [**@webgap/notifier**](https://github.com/webgap/notifier). ## Requirements Requires [**passport**](https://github.com/jaredhanson/passport).<br/> Requires [**express**](https://github.com/strongloop/express/). ## API ### Installation ```bash npm install @webgap/authorization-utils --save ``` ### Usage It can be used as expressjs middleware: ```javascript var Authorizator = require('@webgap/authorization-utils'); var authorizator = new Autorizator(); var Role = Authorizator.Role; ... // set authorization required to all routes starting with app.use('/admin', authorizator.isAuthorized([Role.ADMIN])); app.use('/user', authorizator.isAuthorized([Role.USER])); app.use('/provider', authorizator.isAuthorized([Role.PROVIDER])); ... // or apply to individual troutes app.router.get('/account/settings', authorizator.isAuthorized([Role.USER]), function (req, res) { res.render('backend/account/settings.html'); }); ... ``` Or in the browser with a templating engine as a filter: ```javascript <% if (authorizator.hasAccess(user, [authorizator.Role.ADMIN])) { %> <span>Welcome Administrator!</span> <% } %> ... ``` Check the tests for more info. ### Options ```javascript var Authorizator = require('@webgap/authorization-utils'); var options = { notifier: { // default to @webgap/notifier module notify: function notify(options, callback) { console.log(options.notification); //render message as you want return callback(); } }, unauthorizedURL: '/unauthorized', loginURL: '/auth/login', unauthenticatedMessageKey: 'messages.warning.authentication-required', unauthorizedMessageKey: 'messages.error.authorization-required' }; ... var authorizator = new Authorizator(options); ... ``` # License Apache License, Version 2.0