{"id":28028359,"url":"https://github.com/permitio/serverless-framework-authorization-example","last_synced_at":"2025-09-19T01:42:10.250Z","repository":{"id":284399438,"uuid":"954819532","full_name":"permitio/serverless-framework-authorization-example","owner":"permitio","description":"A practical example of implementing fine-grained authorization in Serverless framework","archived":false,"fork":false,"pushed_at":"2025-03-25T17:07:42.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-09-18T10:57:36.843Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/permitio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-25T17:01:28.000Z","updated_at":"2025-04-07T15:30:21.000Z","dependencies_parsed_at":"2025-03-25T18:23:28.065Z","dependency_job_id":"bc8a393a-2fca-43dd-bcc7-d70d3b26f591","html_url":"https://github.com/permitio/serverless-framework-authorization-example","commit_stats":null,"previous_names":["permitio/serverless-framework-authorizaiton-example","permitio/serverless-framework-authorization-example"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/permitio/serverless-framework-authorization-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fserverless-framework-authorization-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fserverless-framework-authorization-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fserverless-framework-authorization-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fserverless-framework-authorization-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/permitio","download_url":"https://codeload.github.com/permitio/serverless-framework-authorization-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fserverless-framework-authorization-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275867346,"owners_count":25542801,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-18T02:00:09.552Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-11T07:10:46.499Z","updated_at":"2025-09-19T01:42:09.903Z","avatar_url":"https://github.com/permitio.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Serverless Framework Fine-Grained Authorization Example\n\nThis project demonstrates how to implement fine-grained authorization in a serverless application using Permit.io. It showcases both Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) patterns.\n\n## Features\n\n- Document and Folder management with fine-grained access control\n- User authentication with JWT\n- ABAC implementation based on user attributes (department and classification)\n- ReBAC implementation with role derivation between Folders and Documents\n- Serverless deployment using AWS Lambda and DynamoDB\n- Policy Decision Point (PDP) using Permit.io\n\n## Prerequisites\n\n- Node.js 20.x\n- AWS Account\n- Permit.io Account\n- Docker (for running PDP locally)\n- Serverless Framework CLI\n\n## Project Structure\n\n```\n.\n├── src/\n│   ├── auth/              # Authentication related files\n│   ├── handlers/          # Lambda function handlers\n│   └── helper_functions/  # Utility functions\n├── scripts/              # Setup scripts\n├── serverless.yml       # Serverless Framework configuration\n├── docker-compose.yml   # PDP container configuration\n└── init_permit.js       # Permit.io initialization\n```\n\n## Setup\n\n1. Clone the repository:\n```bash\ngit clone \u003crepository-url\u003e\ncd documan\n```\n\n2. Install dependencies:\n```bash\nnpm install\n```\n\n3. Create a `.env` file in the root directory with the following variables:\n```\nPERMIT_SDK_TOKEN=\u003cyour-permit-sdk-token\u003e\nPERMIT_PDP_URL=\u003cyour-pdp-url\u003e\n```\n\n4. Start the PDP container:\n```bash\ndocker-compose up -d\n```\n\n5. Set up Permit.io policies:\n```bash\nnode scripts/setup-permit-poilicies.js\n```\n\n6. Deploy the application:\n```bash\nserverless deploy\n```\n\n## API Endpoints\n\n### Authentication\n- `POST /auth/register` - Register a new user\n- `POST /auth/login` - Login and get JWT token\n\n### Documents\n- `POST /document` - Create a new document\n- `GET /documents/{id}` - Get a document by ID\n\n### Folders\n- `POST /folders` - Create a new folder\n\n## Authorization Model\n\n### ABAC (Attribute-Based Access Control)\n- Documents have a `department` attribute\n- Users have `department` and `classification` attributes\n- Only users with matching department and \"Admin\" classification can create/read documents\n\n### ReBAC (Relationship-Based Access Control)\n- Documents can belong to Folders (parent-child relationship)\n- Folder admins automatically get owner access to documents within the folder\n- Folder editors automatically get editor access to documents within the folder\n\n## Testing\n\n1. Register a user:\n```bash\ncurl -X POST \u003cyour-url\u003e/dev/auth/register \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"email\": \"user@example.com\",\n    \"password\": \"your-password\",\n    \"department\": \"Engineering\",\n    \"classification\": \"Admin\"\n  }'\n```\n\n2. Login to get JWT token:\n```bash\ncurl -X POST \u003cyour-url\u003e/dev/auth/login \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"email\": \"user@example.com\",\n    \"password\": \"your-password\"\n  }'\n```\n\n3. Use the JWT token in subsequent requests:\n```bash\ncurl -X POST \u003cyour-url\u003e/dev/document \\\n  -H \"Authorization: Bearer \u003cyour-jwt-token\u003e\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"title\": \"Test Document\",\n    \"content\": \"Test Content\"\n  }'\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fserverless-framework-authorization-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpermitio%2Fserverless-framework-authorization-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fserverless-framework-authorization-example/lists"}