Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Embraser01/moleculer-middleware-permissions
Moleculer middleware to check for a set of permissions
https://github.com/Embraser01/moleculer-middleware-permissions
jwt middleware moleculer moleculerjs
Last synced: 2 months ago
JSON representation
Moleculer middleware to check for a set of permissions
- Host: GitHub
- URL: https://github.com/Embraser01/moleculer-middleware-permissions
- Owner: Embraser01
- License: mit
- Archived: true
- Created: 2018-11-19T22:47:56.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2021-09-21T08:15:42.000Z (over 3 years ago)
- Last Synced: 2024-09-17T14:21:01.164Z (4 months ago)
- Topics: jwt, middleware, moleculer, moleculerjs
- Language: JavaScript
- Size: 757 KB
- Stars: 13
- Watchers: 3
- Forks: 4
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-moleculer - moleculer-middleware-permissions - A middleware solution to validate permissions of a request. (Middlewares / Security)
README
# Moleculer Middleware Permissions
Check action permissions.
[](https://codecov.io/gh/Embraser01/moleculer-middleware-permissions)
[](https://github.com/Embraser01/moleculer-middleware-permissions)
## Install
> This module requires at least Node v8.3.0.
```bash
yarn add moleculer-middleware-permissions
```
## Usage
```js
// moleculer.config.js
const PermissionGuard = require('moleculer-middleware-permissions');
const guard = new PermissionGuard({options});
module.exports = {
...
middlewares: [
guard.middleware(),
],
};
```
```js
// service.js
module.exports = {
name: 'awesome.service',
actions: {
hello: {
// The user must have both 'hello:read' AND 'hello:name'
// You can override this behaviour by passing your 'checkFunction'
permissions: ['hello.read', '$owner', (ctx) => ctx.call('acl.canSayHello')],
handler (ctx) {
const {name} = ctx.params;
return `Hello ${name}`;
}
},
me: {
// Will check for these permissions: ['awesome.service.me']
permissions: true,
handler (ctx) {
return `Hello me`;
}
}
}
};
```
## Options
- `checkFunction(current, requested)`: A function that return `true` if the request has enough
permissions. Else, the return value will be send in the rejected `PermissionError`.
- `getPermissionsFromAction(action)`: Called to return an array of permissions from an action.
- `getUserPermissions(ctx)`: Function called to retrieve user's permissions. By default will
return `meta.user.permissions`.
## Permissions type
### A string
The simplest way to add permissions is to use a list of strings, representing each a
permissions, like this:
- `members.read`: Can list/get/find members
- `members.write`: Can update/remove/create members
It will be checked before any functions and if it allows to access, function **will not** be
checked!
### `$owner`
If you want the owner of the entity to be able to update it but not other ones, you can use this
special permissions. It will try to call the method `isEntityOwner(ctx)` of your service.
Returning a truthy value will act as allowed.
This method can be async.
### A function
You can also provide functions to check if the user is allowed to access an action. It will be
called only if strings aren't allowed first. Only one function needs to return a truthy value to
be allowed!
This method can be async.
> You can override this behaviour by overriding the `check` method the class.
# Notes
The v2 was inspired by @icebob's [kantab](https://github.com/icebob/kantab/) project.
# License
MIT