UNPKG

access-manager

Version:

A one-stop solution for implementing authenticated and anonymous continuous sessions with user handling and whitelisted acl.

github.com/WeeHorse/access-manager

WeeHorse/access-manager

115 lines (107 loc) 3.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
const cookieParser = require('cookie-parser')(); const Session = new require('./session.js'); const Acl = new require('./acl.js'); const aclExampleFile = './example-acl.json'; module.exports = class AccessManager{ constructor(options){ this.options = options; this.mongoose = options.mongoose; this.selectSchemas(); this.makeModels(); if(process.argv.join().includes('--import-acl')){ this.importAcl(); // import will shut down app when done }else{ let session = new Session({model: this.models.session, userModel: this.models.user}); let acl = new Acl({model: this.models.acl}); let app = options.expressApp; app.use(cookieParser); app.use(session); app.use(acl); } } defaultSchemas(){ return { session: { loggedIn: {type:Boolean, default:false}, user: { type: this.mongoose.Schema.Types.ObjectId, ref: 'User' } }, acl: { path: {type: String, unique: true}, /* Below, an array of a child role schema so on any given path we can assign atomic rights like: path: 'news/*' roles: [ {role: 'commenter', methods: 'POST'}, {role: 'user', methods: 'GET'} ] */ roles: [ new this.mongoose.Schema({ role: String, methods: [{type: String, enum: ['GET', 'POST', 'PUT', 'DELETE', 'ALL', '*']}] }) ] }, user: { email: {type: String, required: true, unique: true}, password: {type: String, required: true}, roles: [String] } } } selectSchemas(){ this.schemas = this.defaultSchemas(); if(this.options.userSchema){ this.schemas.user = this.options.userSchema; } if(this.options.sessionSchema){ this.schemas.session = this.options.sessionSchema; } if(this.options.aclSchema){ this.schemas.acl = this.options.aclSchema; } } makeModels(options){ this.models = { user: this.mongoose.model('User', new this.mongoose.Schema(this.schemas.user)), session: this.mongoose.model('Session', new this.mongoose.Schema(this.schemas.session)), acl: this.mongoose.model('Acl', new this.mongoose.Schema(this.schemas.acl)) }; } async importAcl(){ let jsonFile = aclExampleFile; let f = process.argv.join('$$$').split('--import-acl='); if(f[1]){ jsonFile = f[1].split('$$$')[0]; } let entries = require(jsonFile); if(!entries.push){ console.error("Fatal error: Json file data not iterable, must be an array"); process.exit(0); } console.info('To import %d ACL definitions from JSON', entries.length); // drop previous acl this.models.acl.collection.drop(); // save to the db let i = 0; let errs = 0; for(let entry of entries){ entry = await new this.models.acl(entry); let result = await entry.save(); if(!result || !result._id){ errs++; console.error('ACL import entry error', result, 'entry is', entry); } i++; if(i == entries.length){ // shutdown when we are done importing mongoose.connection.close(()=>{ console.info('ACL import done, mongoose connection closed, %d definitions stored.', i - errs); if(errs > 0){ console.info('%d definitions were not imported due to errors', errs); } process.exit(0); }); } } } }