UNPKG

express-voter

Version:

Add voters to your Express application

github.com/nbonneau/express-voter

nbonneau/express-voter

134 lines (99 loc) 3.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Express-voter ## Instal ```bash npm i --save express-voter ``` ## How to use Before use validation from request or from middleware, you have to implement your system user management, for example with `passport`. 1. Add voters ```js // app.js // Require module const expressVoter = require('express-voter'); // ... // Add voter expressVoter.addVoter({ roles: ['view', 'edit'], supports: function(role, subject) { // Check if role is in voter roles if (!this.roles.find((r) => r.toLowerCase() === role.toLowerCase())) { return false; } // Do other check, if subject instance of SomeThing for example // ... return true; }, validate: function(role, subject, user, callback) { // Validate by role switch(role){ case this.roles[0]: // ... // Validation OK return callback(null, true); } callback(new Error('this code should not be reached')); } }); /* // Or expressVoter.addVoters([ { "name": "voter_A" //... },{ "name": "voter_B" // ... } ]); */ // Apply middleware app.use(expressVoter()); ``` 2. a) Handle validation from request ```js app.get('/:subjectId', function(req, res, next){ // Get subject from "subjectId" parameter const subject = {}; req.validateVoters('view', subject, function(err){ if(err){ // One or more voters are not valid return next(err); } // Go on // ... }) }); ``` 2. b) Handle validation from middleware ```js const subjectGetter = function(req, callback){ // Get subject from "subjectId" parameter const subject = {}; callback(null, subject); } app.get('/:subject', expressVoter.validate('view', subjectGetter), function(req, res, next){ // Go on // ... }); ``` ## Voter configuration | Key | Type | Required | Default | Description | | --- | --- | --- | --- | --- | | name| string | no | 'voter_${index}' | The voter name | | roles | array\<string\> | yes | | An array of roles for the voter | | supports | function | yes | | The supports function to know if the voter supports role and subject. Must return true if role and subject are supported by the voter. Pass two arguments, the role and the subject to check | | validate | function | yes | | The validate function to know if the current user is granted. This function is called if the supports function return true. Voter pass the validation function if you call callback like "callback(null, true)". Pass four arguments: role, subject, the current user and the callback function | | errorText | string | no | 'ACCESS_DENIED' | The voter error text when not valid | ## Global configuration ```js app.use(expressVoter({ // ... requestUserKey: 'user' })); ``` | Key | Type | Required | Default | Description | | --- | --- | --- | --- | --- | | onNoVoters | function | no | | A function to handle on no voters found | | onNoUser | function | no | | A function to handle on user is not found from "request.${requestUserKey}" | | formatError | function | no | function(){...} | A function to format error on voters not valid | | requestUserKey | string | no | 'user' | The request user key to find current user |