{"id":19753219,"url":"https://github.com/philmander/a-seal","last_synced_at":"2025-04-30T10:32:47.075Z","repository":{"id":57171599,"uuid":"55855072","full_name":"philmander/a-seal","owner":"philmander","description":"Access Control List library for Node.JS","archived":false,"fork":false,"pushed_at":"2024-04-03T19:16:51.000Z","size":237,"stargazers_count":7,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-09-23T09:16:04.235Z","etag":null,"topics":["acl","authorization","expressjs","middleware","nodejs"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/philmander.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-04-09T16:32:38.000Z","updated_at":"2023-12-14T09:56:34.000Z","dependencies_parsed_at":"2022-08-24T13:30:49.371Z","dependency_job_id":null,"html_url":"https://github.com/philmander/a-seal","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philmander%2Fa-seal","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philmander%2Fa-seal/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philmander%2Fa-seal/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philmander%2Fa-seal/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/philmander","download_url":"https://codeload.github.com/philmander/a-seal/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224034421,"owners_count":17244782,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acl","authorization","expressjs","middleware","nodejs"],"created_at":"2024-11-12T02:52:11.177Z","updated_at":"2024-11-12T02:52:11.923Z","avatar_url":"https://github.com/philmander.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A Seal\n\nAccess Control List (ACL) library for Node.JS\n\n## Install\n```\nnpm install a-seal\n```\n\n## Usage\n\nSetting up an access control list consists of creating a list of rules. Each rule is composed with the process:\n\n* **match** a resource **for** action(s) then **allow** role(s).\n\nThe **isAllowed()** function can then by used to check if a user, given their role, is authorized to access a resource.\nA Seal creates a white-list of rules, so *isAllowed()* will return `false`, unless an exception has been created.\n\n```javascript\n\n// Get the acl instance\nimport acl from './index.js'\n\n// Compose rules of a 'resource', 'actions' and 'roles' using...\n// `match`, `for` and `allow` respectively:\nacl.match(/^\\/protected-path$/).for(['GET', 'POST']).allow(['admin']);\n\n// Optionally label the rule with a \"scope\" using an `as` clause\nacl.match(/^\\/protected-path/).for(['GET', 'POST']).allow(['admin']).as('PROTECTED_WRITE');\n\n//use `isAllowed(role, resource, action)`...\n//to determine if a request is allowed to access the resource with a given action:\nacl.isAllowed('admin', '/protected-path', 'POST') //true\nacl.isAllowed('user', '/protected-path', 'POST') //false\n\n//A Seal creates a white-list of rules, so:\nacl.isAllowed('admin', '/protected-path', 'DELETE') //false\n```\n\n\u003csmall\u003eAlthough the examples on this page use HTTP, there is nothing HTTP specific about *A Seal*.\u003c/small\u003e\n\n### Middleware\n\nA Seal can be used as [Express](http://expressjs.com/) middleware to authorize requests after \nauthentication with tools such as [Passport](http://passportjs.org/):\n\n```javascript\n//authentication with Passport\napp.use(passport.authenticate('local'));\n\nconst acl = require('a-seal')();\nacl.match('/protected-path').for('GET').allow('user');\nacl.match('/protected-path').for('GET', 'POST').allow('admin').as('PROTECTED_WRITE');\n\napp.use(acl.middleware());\n\napp.use('/protected-path', (req, res, next) =\u003e {\n    // the matched rule's \"scope\" label will be added to the request\n    res.send(`\u003cp\u003eAuthorized ok with scope: ${req.scope}\u003c/p\u003e`);\n});\n\napp.use((err, req, res) =\u003e {\n    if(err.status === 403) {\n        res.send('\u003cp\u003eAuthorization failed\u003c/p\u003e');\n    }\n});\n```\n\n## API\n\n### match(resource)\n\nBegins a matching context given a resource to match. \n\nReturns: `object` (matchingContext)\n\n#### Params\n##### resource\n\nType: `RegExp`\n\n#### Examples:\n\n```javascript\nacl.match(/^\\/my-path/) //match with regex (starting with /my-path)\n```\n\n### matchingContext.for(actions)\n\nReturns: object (matchingContext)\n\nCompletes a matching context by adding one or more actions. When authorizing HTTP requests, for example, actions will \ntypically be HTTP methods.\n\nReturns `object` (matchingContext)\n\n#### Params\n##### actions\n\nType: `Array`\n\nA list of permitted actions as an array of strings.\n\n#### Examples\n\n```javascript\nacl.match('/my-path').for(['GET', 'POST']);\n\n//match any action\nacl.match('/my-path').for([ANY]);\n```\n\n### matchingContext.allow(roles)\n\nAdds a new ACL rule by adding one or more roles to a matching context.\n\nReturns: `object` (rule)\n\n#### Params\n##### roles\n\nType: `Array`\n\nA list of permitted roles as an array of strings or a list of strings as arguments.\n\n#### Examples\n\n```javascript\nacl.match('/my-path').for(['GET']).allow([ 'user', 'anon' ]);\n\n//match any role\nacl.match('/public').for(['GET']).allow(ANY);\n```\n\n### rule.as(scope)\n\nLabels this rule with a custom \"scope\"\n\n#### Params\n\n##### scope\n\nType: `string`\n\n#### Examples\n\n```javascript\nacl.match('/my-path').for(['POST']).allow(['user']).as('user_create');\n```\n\n### isAllowed(role, resource, action)\n\nDetermines if a given role is authorized to access a given resource with a given action.\n\n#### Params\n##### role\n\nType: `string`\n\n##### resource \n\nType: `string`\n\n##### action\n\nType: `string`\n\n#### Examples:\n\n```javascript\nacl.isAllowed('admin', '/my-path', 'GET');\n```\n\n### middleware(opts)\n\nReturns an Express middleware function that accepts `req`, `res` and `next` arguments.\n\nThe role is checked against the ACL ruleset using the `isAllowed` function. If it returns `false`, it creates a 403\nerror; if true the routing chain is allowed to continue.\n\nIf `req.role` is not defined, and a custom anonymous role is not provided, the role value will default to `guest`. \n\n#### Params\n##### opts.anon\n\nType: `string`\n\nThe default role for users (anonymous users). This defaults to `'guest'`.\n\n```javascript\napp.use(acl.middleware({ anon: 'anonymous'});\n```\n\n## License\n\nMIT © Phil Mander\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilmander%2Fa-seal","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphilmander%2Fa-seal","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilmander%2Fa-seal/lists"}