{"id":29712160,"url":"https://github.com/zainabed/web-security-soteria","last_synced_at":"2025-07-24T00:07:32.340Z","repository":{"id":57170218,"uuid":"182441530","full_name":"zainabed/web-security-soteria","owner":"zainabed","description":"Single page application security (Typescript authorization library)","archived":false,"fork":false,"pushed_at":"2019-08-01T04:14:26.000Z","size":211,"stargazers_count":8,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-27T05:22:10.699Z","etag":null,"topics":["authorization","security","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zainabed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-20T18:33:20.000Z","updated_at":"2022-09-28T22:23:01.000Z","dependencies_parsed_at":"2022-08-27T13:11:40.512Z","dependency_job_id":null,"html_url":"https://github.com/zainabed/web-security-soteria","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zainabed/web-security-soteria","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-security-soteria","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-security-soteria/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-security-soteria/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-security-soteria/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zainabed","download_url":"https://codeload.github.com/zainabed/web-security-soteria/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zainabed%2Fweb-security-soteria/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266770970,"owners_count":23981657,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-23T02:00:09.312Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","security","typescript"],"created_at":"2025-07-24T00:07:31.481Z","updated_at":"2025-07-24T00:07:32.325Z","avatar_url":"https://github.com/zainabed.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n# @zainabed/soteria \n[![Build Status](https://dev.azure.com/zainabed/web-security-soteria/_apis/build/status/zainabed.web-security-soteria?branchName=master)](https://dev.azure.com/zainabed/web-security-soteria/_build/latest?definitionId=3\u0026branchName=master)\n\n\nSingle page application security, It reduces amount of HTTP server calls by providing client side authorization.\nIt provides APIs to validate user permissions against the secure area of application without consulting with server APIs.  \nThese validation can be performed on application routing or on REST API calls. \n\n![@zainabed/soteria](https://github.com/zainabed/web-security-soteria/blob/master/zainabed-typescript-security.png)\n\nIt is an implementation of [@zainabed/security](https://github.com/zainabed/web-client-security) specification APIs.\n\n\n## Concept\n\nSingle page application requires authentication \u0026 authorization system to guard application and its components from unauthorized user.\n\nAuthentication validates user by verifying its identify and allow user to access secure area of application.\nif verification fails then it rejects access to those secure area.\nAs authentication is concern of Server side script, on client side we need to maintain the reference of authenticated user object (Access Token).\n\nOn other hand authorization take action when user is authenticated and has granted permission to secure area of application.\nApplication can be divided into different areas according to different privileges like some area could be open to everyone and some could be secure for ADMIN user only. \nAuthorization validates users permission against permission assign to different area of application.\n\nLibrary provide two fundamental security interfaces, authentication \u0026 authorization managers.\nAnd these interfaces can be obtain from `SecurityFactory` class.\n\n\n```JavaScript\n\nimport { Security, SecurityFactory, AuthenticationManager, AuthorizationManager} from  \"@zainabed/security\";\n\nlet  secuirtyFactor: SecurityFactory = Security.getSecurityFactory();\nlet  authenticationManager: AuthenticationManager = securityFactory.getAuthenticationManager();\nlet  authorizationManager: AuthorizationManager = securityFactory.getAuthorizationManager();\n\n```\n\n\n\n## Installation\n\nRun following command to install security inside your application.\n\n```\n\nnpm install @zainabed/soteria\n\n```\n\nThen you need to register this service for your application.\n\n```JavaScript\n\nimport { RegisterSecurity } from  \"@zainabed/soteria\";\nRegisterSecurity();\n\n```\n\n\u003e  **Note:** This is the only import coming from `@zainabed/soteria` all other import statement will be from `@zainabed/security` which is security specifications for single page application.\n\n\n\n\n## Authentication\n\nUser authentication should happen at server side ( not inside client side ) and at client side you should capture the authenticated user object which you receive from server APIs. This authenticated object should contain user's assigned roles or permissions. \n\nRole of `AuthenticationManager` interface of `@zainabed/security` is to maintain the reference of authenticated user object.\nIt can be done by creating a class which implements `AuthUser` interface.\n\n```JavaScript\n\nimport { AuthUser } from \"@zainabed/security\";\n\nclass User implements AuthUser {\n\n  // implements abstract methods.\n\n  // create a constructor to access authentication response and set\n  // username, credentials, authorization roles and account validity. \n}\n\n```\nwhen authenticated user object is received from server API ( as JWT token ) convert it into `AuthUser` object.\n\n```JavaScript\n// sample authentication api success call\n\nonSuccessfulAuthentication( response : any ) {\n    let user: AuthUser = new User(response);\n\n    // store this user inside authentication manager.\n    let  secuirtyFactor: SecurityFactory = Security.getSecurityFactory();\n    let  authenticationManager: AuthenticationManager = securityFactory.getAuthenticationManager();\n    authenticationManager.set(user);\n}\n\n```  \n\n\u003e  **Note:** `AuthUser` help us to fetch useful information about authenticated user like its username, credentials, authorization roles/permissions and account validity.\n\nOnce you set `AuthUser` inside authentication manager, you can access it from any part of you application.\n\n```JavaScript\n\n    let user: AuthUser = authenticationManager.get();\n\n```\n\nand call `reset` method to remove authenticated user reference from authentication manager. \nusually you would do it when you perform logout operation.\n\n```JavaScript\n    authenticationManager.reset();\n```\n\n\n## Authorization\n\nAuthorization is key feature of this library. once user is authenticated then library guards application component using\nuser credentials \u0026 roles.\n\nfirst get instance of `AuthorizationManager` as\n\n```JavaScript\n    let  secuirtyFactor: SecurityFactory = Security.getSecurityFactory();\n    let  authorizationManager: AuthorizationManager = securityFactory.getAuthorizationManager();\n```\n\nThen format set of authorization operations as\n\n**1.** User logged in or not\n\n```JavaScript\n    if( authorizationManager.isLogged() ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\n**2.** If user as has single role as `USER` verify it as\n\n```JavaScript\n    if( authorizationManager.hasRole('USER') ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\u003e  **Note:** **`AuthorizationManager` interface access these roles from `AuthUser` class using `getRoles` method. \nmake sure that you need to set user roles when you instantiate `AuthUser` class.**\n\n\n**3.** If user as has set of roles as `USER` \u0026 `ADMIN` verify it as\n\n```JavaScript\n    let roles : Set\u003cstring\u003e = new Set(['USER', 'ADMIN']);\n\n    if( authorizationManager.hasRoles(roles) ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\n**4.** If user as has any of given roles as `USER` \u0026 `ADMIN` verify it as\n\n```JavaScript\n    let roles : Set\u003cstring\u003e = new Set(['USER', 'ADMIN']);\n\n    if( authorizationManager.hasAnyRoles(roles) ) {\n        // do stuff\n    } else {\n        // notify user \n    }\n```\n\u003e  **Note:** Role names are case sensitive, `USER` will not match with `user` or `User`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzainabed%2Fweb-security-soteria","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzainabed%2Fweb-security-soteria","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzainabed%2Fweb-security-soteria/lists"}