{"id":29712133,"url":"https://github.com/zainabed/web-client-security","last_synced_at":"2025-07-24T00:07:30.947Z","repository":{"id":57170225,"uuid":"181910368","full_name":"zainabed/web-client-security","owner":"zainabed","description":"Single page application (SPA) security specifications using Typescript","archived":false,"fork":false,"pushed_at":"2023-03-02T22:39:06.000Z","size":91,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-18T14:44:19.257Z","etag":null,"topics":["authorization","jwt","security","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zainabed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-17T14:37:48.000Z","updated_at":"2019-07-05T07:53:47.000Z","dependencies_parsed_at":"2023-02-01T09:31:51.140Z","dependency_job_id":null,"html_url":"https://github.com/zainabed/web-client-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zainabed/web-client-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-client-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-client-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-client-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-client-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zainabed","download_url":"https://codeload.github.com/zainabed/web-client-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-client-security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266770955,"owners_count":23981653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-23T02:00:09.312Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","jwt","security","typescript"],"created_at":"2025-07-24T00:07:20.685Z","updated_at":"2025-07-24T00:07:27.917Z","avatar_url":"https://github.com/zainabed.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n# @zainabed/security \n\nAuthorization specifications for single page application. \n\nIt provides APIs to validate user permissions against the secure area of application without consulting with server APIs.  \nThese validation can be performed on application routing or on REST API calls. \n\n![@zainabed/security](https://github.com/zainabed/web-client-security/blob/master/zainabed-typescript-security.png)\n\n\n\n\u003e  **Note:** It is just specifications, not an implementation.\nto use it in your application please see its dependents on https://www.npmjs.com.\n\n## Concept\n\nSingle page application requires authentication \u0026 authorization system to guard application and its components from unauthorized user.\n\nAuthentication validates user by verifying its identify and allow user to access secure area of application.\nIf verification fails then it rejects access to those secure area.\nAs authentication is concern of Server side script, on client side we need to maintain the reference of authenticated user object (Access Token).\n\nOn other hand authorization take action when user is authenticated and has granted permission to secure area of application.\nApplication can be divided into different areas according to different privileges like some area could be open to everyone and some could be secure for ADMIN user only. \nAuthorization validates users permission against permission assign to different area of application.\n\nLibrary provide two fundamental security interfaces, authentication \u0026 authorization managers.\nAnd these interfaces can be obtain from `SecurityFactory` class.\n\n\n```JavaScript\n\nimport { Security, SecurityFactory, AuthenticationManager, AuthorizationManager} from  \"@zainabed/security\";\n\nlet  secuirtyFactor: SecurityFactory = Security.getSecurityFactory();\nlet  authenticationManager: AuthenticationManager = securityFactory.getAuthenticationManager();\nlet  authorizationManager: AuthorizationManager = securityFactory.getAuthorizationManager();\n\n```\n\nImplementer should implements all these interfaces and register their security library as\n\n```JavaScript\n\n// SecurityFactoryImpl is implementation class for SecurityFactory\n\nlet securityFactory: SecurityFactory = new SecurityFactoryImpl();\nSecurity.registerSecurityFactory(securityFactory);\n\n```\n\n\n## Installation\n\nRun following command to install security inside your application.\n\n```\n\nnpm install @zainabed/security\n\n```\n\n\n## Authentication\n\nUser authentication should happen at server side ( not inside client side ) and at client side you should capture the authenticated user object which you receive from server APIs. This authenticated object should contain user's assigned roles or permissions. \n\nRole of `AuthenticationManager` interface of `@zainabed/security` is to maintain the reference of authenticated user object.\nIt can be done by creating a class which implements `AuthUser` interface.\n\n```JavaScript\n\nimport { AuthUser } from \"@zainabed/security\";\n\nclass User implements AuthUser {\n\n  // implements abstract methods.\n\n  // create a constructor to access authentication response and set\n  // username, credentials, authorization roles and account validity factors. \n}\n\n```\nwhen authenticated user object is received from server API ( as JWT token ) convert it into `AuthUser` object.\n\n```JavaScript\n// sample authentication api success call\n\nonSuccessfulAuthentication( response : any ) {\n    let user: AuthUser = new User(response);\n\n    // store this user inside authentication manager.\n    let  secuirtyFactor: SecurityFactory = Security.getSecurityFactory();\n    let  authenticationManager: AuthenticationManager = securityFactory.getAuthenticationManager();\n    authenticationManager.set(user);\n}\n\n```  \n\n\u003e  **Note:** `AuthUser` help us to fetch useful information about authenticated user like its username, credentials, authorization roles/permissions and account validity factors.\n\nOnce you set `AuthUser` inside authentication manager, you can access it from any part of you application.\n\n```JavaScript\n\n    let user: AuthUser = authenticationManager.get();\n\n```\n\nand call `reset` method to remove authenticated user reference from authentication manager. \nusually you would do it when you perform logout operation.\n\n```JavaScript\n    authenticationManager.reset();\n```\n\n\n## Authorization\n\nAuthorization is primary feature of this library. once user is authenticated then library guards application component using user credentials \u0026 roles.\n\nfirst get instance of `AuthorizationManager` as\n\n```JavaScript\n    let  secuirtyFactor: SecurityFactory = Security.getSecurityFactory();\n    let  authorizationManager: AuthorizationManager = securityFactory.getAuthorizationManager();\n```\n\nThen format set of authorization operations as\n\n**1.** User logged in or not\n\n```JavaScript\n    if( authorizationManager.isLogged() ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\n**2.** If user as has single role as `USER` verify it as\n\n```JavaScript\n    if( authorizationManager.hasRole('USER') ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\u003e  **Note:** **`AuthorizationManager` interface access these roles from `AuthUser` class using `getRoles` method. \nmake sure that you need to set user roles when you instantiate `AuthUser` class.**\n\n\n**3.** If user as has set of roles as `USER` \u0026 `ADMIN` verify it as\n\n```JavaScript\n    let roles : Set\u003cstring\u003e = new Set(['USER', 'ADMIN']);\n\n    if( authorizationManager.hasRoles(roles) ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\n**4.** If user as has any of given roles as `USER` \u0026 `ADMIN` verify it as\n\n```JavaScript\n    let roles : Set\u003cstring\u003e = new Set(['USER', 'ADMIN']);\n\n    if( authorizationManager.hasAnyRoles(roles) ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\u003e  **Note:** Role names are case sensitive, `USER` will not match with `user` or `User`.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzainabed%2Fweb-client-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzainabed%2Fweb-client-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzainabed%2Fweb-client-security/lists"}