Skip to content
/ authz Public

Platform and context agnostic authorization library for Node

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pvencill/authz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.jshintignore
.jshintignore
 
 
.jshintrc
.jshintrc
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

AuthZ

AuthZ is a fairly simple authorization library for use in Node regardless of the context or your data model. It takes string representations of your users and resources and validates whether or not you've granted access. Default storage is in-memory with JSON persistence, but this is configurable by implementing a fairly simple API.

Rights and Roles

Rights are stored in a bitwise fashion, which you can extend however you like. We have defined enumerations of default rights and roles, but they are for convenience only; within your system you can arrange the permission bits in whatever way is meaningful to you.

Overview

var AuthZ = require('authz');

// Minimal configuration, all rules are kept in memory while your process is running
var auth = new AuthZ(); 

// Grant a user 'read' rights to something
auth.grant('projects', 'schmedlap', AuthZ.RIGHTS.READ, function(e, result){
  // handle result if needed.
});

// Check that the user can 'read' 'projects'
auth.check('projects', 'schmedlap', AuthZ.RIGHTS.READ, function(e, authorized){
  // authorized is 'true' if this is called after rights were granted
});

// Assign schmedlap as an ADMIN (grants READ, WRITE, and DELETE rights)
auth.grant('projects', 'schmedlap', AuthZ.ROLES.ADMIN, console.log);
// should console out null, and the rights object saved

// Oops, meant to only make him a MEMBER (READ, WRITE).  Note that 'grant' does a bitwise &,so if I grant schmedlap the MEMBER role right now, it won't remove his DELETE rights, so I need to do this instead:
auth.set('projects', 'schmedlap', AuthZ.ROLES.MEMBER, console.log);

// Or, I could have instead explicitly removed the DELETE permission
auth.revoke('projects', 'schmedlap', AuthZ.RIGHTS.DELETE, console.log);

Options

DefaultDeny option is set by default; unless explicitly set to false this option will result in checks returning false for any resource checked which doesn't exist in the permissions map.

MongoDB

MongoDB may optionally be used for storage. The MongoStore() accepts mongoose connection parameters.

Example:

var auth = new AuthZ(new MongoStore('mongodb://localhost/authz_test'));

About

Platform and context agnostic authorization library for Node

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages