{"id":21158173,"url":"https://github.com/node-casbin/graphql-authz","last_synced_at":"2025-07-09T12:33:47.742Z","repository":{"id":48534739,"uuid":"383222383","full_name":"node-casbin/graphql-authz","owner":"node-casbin","description":"graphql-authz is a Casbin authorization middleware for GraphQL.js","archived":false,"fork":false,"pushed_at":"2021-07-21T07:33:08.000Z","size":101,"stargazers_count":12,"open_issues_count":0,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-29T01:14:24.960Z","etag":null,"topics":["abac","acl","auth","authorization","authz","casbin","graph-js","graphql","middleware","plugin","rbac"],"latest_commit_sha":null,"homepage":"https://github.com/casbin/node-casbin","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/node-casbin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-05T17:48:20.000Z","updated_at":"2024-07-02T10:59:24.000Z","dependencies_parsed_at":"2022-08-31T22:20:15.142Z","dependency_job_id":null,"html_url":"https://github.com/node-casbin/graphql-authz","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-casbin%2Fgraphql-authz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-casbin%2Fgraphql-authz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-casbin%2Fgraphql-authz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-casbin%2Fgraphql-authz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/node-casbin","download_url":"https://codeload.github.com/node-casbin/graphql-authz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225550927,"owners_count":17487210,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","acl","auth","authorization","authz","casbin","graph-js","graphql","middleware","plugin","rbac"],"created_at":"2024-11-20T12:16:56.051Z","updated_at":"2024-11-20T12:16:56.741Z","avatar_url":"https://github.com/node-casbin.png","language":"TypeScript","readme":"# graphql-authz\n\ngraphql-authz is a Casbin authorization middleware for [GraphQL.js](https://github.com/graphql/graphql-js)\n\n[![NPM version][npm-image]][npm-url]\n[![NPM download][download-image]][download-url]\n[![install size](https://packagephobia.now.sh/badge?p=graphql-authz)](https://packagephobia.now.sh/result?p=graphql-authz)\n[![GitHub Actions](https://github.com/node-casbin/graphql-authz/workflows/main/badge.svg)](https://github.com/node-casbin/graphql-authz/actions)\n[![Coverage Status](https://coveralls.io/repos/github/node-casbin/graphql-authz/badge.svg?branch=master)](https://coveralls.io/github/node-casbin/graphql-authz?branch=master)\n[![Release](https://img.shields.io/github/release/node-casbin/graphql-authz.svg)](https://github.com/node-casbin/graphql-authz/releases/latest)\n[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/casbin/lobby)\n\n[npm-image]: https://img.shields.io/npm/v/graphql-authz.svg?style=flat-square\n[npm-url]: https://npmjs.org/package/graphql-authz\n[download-image]: https://img.shields.io/npm/dm/graphql-authz.svg?style=flat-square\n[download-url]: https://npmjs.org/package/graphql-authz\n\n## Installation\n\n```shell\nnpm install graphql-authz\n// or\nyarn add graphql-authz\n```\n\n## Get Started\n\nThis package should use with `graphql` and `graphql-middleware`\n\nTo limit access to each endpoint, you can use casbin policy or graphql directive.\n\nIn the policy method, you can use casbin policy like\n```csv\np,user,project.members,query\np,roleb,project.members.tickets.id,query\n```\nto restricted access to each endpoint.\n\nIn the directive method, you can use directive `can` to do the same thing.\n\nHere's a minimal example. You can find the full example in the `tests/server.test.ts`\n```typescript\nimport { applyMiddleware } from 'graphql-middleware';\nimport { newMiddleware, CanDirective } from 'graphql-authz';\nimport { newEnforcer } from 'casbin';\nimport { ApolloServer } from 'apollo-server';\nimport { makeExecutableSchema } from '@graphql-tools/schema';\nimport { CasbinContextEnforcerKey } from '../src';\n// After graphql-js 14.0.0, you should manually define directive in the SDL.\nconst typeDefs = `\ndirective @can(who: String!) on FIELD_DEFINITION\n\ntype User {\n    id: ID! @can(who: \"user\")\n    name: String @can(who: \"someone\")\n}\n`;\n\n  const resolvers = {\n    // something\n  };\n  const schemaWithDirective = makeExecutableSchema({\n    typeDefs,\n    resolvers,\n    schemaDirectives: {\n      can: CanDirective,\n    },\n  }); \n  // If you want to use directive, this is necessary.\n  // You can ignore this in the policy only method.\n\n  const enforcer = await newEnforcer('tests/casbin.conf', 'tests/policy.csv');\n  // As for now, you should use model tests/casbin.conf to initialize enforcer.\n  // For more info about enforcer, plz refer to https://github.com/casbin/node-casbin\n\n  const middleware = await newMiddleware({\n    ctxMember: 'user', // middleware will get current user role from the graphql context[ctxMember]\n    enforcer: enforcer, // Casbin Instance\n  });\n  \n  // Apply middlware to graphql schema\n  const schemaWithDirectiveMiddleware = applyMiddleware(schemaWithDirective, middleware);\n\n  const server = new ApolloServer({\n    schema: schemaWithDirectiveMiddleware,\n    context: ({ req }) =\u003e {\n      // Provide necessary info in the context.\n      const token = req.headers.authorization || '';\n\n      // Try to retrieve a user with the token\n      const user = getUser(token);\n\n      const a: any = {};\n      a[CasbinContextEnforcerKey] = enforcer;\n      a['user'] = user;\n      return a;\n    },\n  });\n```\n\n## Getting Help\n\n- [Node-Casbin](https://github.com/casbin/node-casbin)\n\n## License\n\nThis project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnode-casbin%2Fgraphql-authz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnode-casbin%2Fgraphql-authz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnode-casbin%2Fgraphql-authz/lists"}