https://github.com/axelboberg/node-policy-agent
An authorization policy framework for NodeJS, inspired by OPA
https://github.com/axelboberg/node-policy-agent
auth authz opa policy security
Last synced: 9 months ago
JSON representation
An authorization policy framework for NodeJS, inspired by OPA
- Host: GitHub
- URL: https://github.com/axelboberg/node-policy-agent
- Owner: axelboberg
- License: mit
- Created: 2019-05-15T20:24:13.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2020-05-16T11:42:28.000Z (about 6 years ago)
- Last Synced: 2025-09-12T21:21:21.551Z (10 months ago)
- Topics: auth, authz, opa, policy, security
- Language: JavaScript
- Size: 178 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README

# node-policy-agent
A framework for creating authorization policies. Loosely inspired by [OPA](https://www.openpolicyagent.org).
## Example usage
```javascript
const { Agent, should } = require('node-policy-agent')
const policy = [
// /api/users/:id
[
should.matchUri('$input.path', '/api/users/:id'),
should.equal('$input.method', 'GET'),
should.contain('$input.user.roles', 'admin')
],
// /api/foo
[
should.matchUri('$input.path', '/api/foo'),
should.equal('POST', 'POST'),
// A custom rule
input => {
if (input.myParam === 'myValue' && 1 + 1 === 2) return true
return false
}
]
]
const myAgent = new Agent(policy)
const granted = myAgent.authorize({
path: '/api/foo/username',
method: 'GET',
user: {
roles: [
'admin',
'support'
]
}
})
// granted === true
```
## API
### `new Agent(policies [,opts])`
Create a new Agent
### `.authorize(input [,policies [,opts]])`
Authorize some input, provided policies will be used in place of the ones used when creating the Agent.
### Options
Options for both the constructor and `.authorize()`.
```
{
detailedResponse: false // Return more details when authorizing. Will return a Boolean if false. False is default.
}
```
### Custom rules
Policies are defined by a set of rules. Each rule is a function that processes the input value and returns a boolean whether or not the rule passed. The optional `output` argument is an object to use for any output data that should be sent back to `.authorize()` if the option `detailedResponse` is set to `true`, if set to `false`, `output` will not be accessible.
```javascript
const myPolicy = [
[
/**
* Rule without output
*/
input => {
return input.username === 'Alice'
},
/**
* Rule with output
*/
(input, output) => {
output.userIsAlice = input.username === 'Alice'
return input.username === 'Alice'
}
]
]
```
### Built in rules
The exported `require('node-policy-agent').should` contains the following pre-built rules:
#### `.equal(val1, val2)`
Check if two values are equal
#### `.matchObject(obj1, obj2)`
Check if two objects contain the same keys and values
#### `.matchRegex(str, regexp)`
Check if a string matches a regular expression
#### `.matchUri(str, pattern)`
Check if a string matches a uri-pattern,
valid patterns can contain placeholders idicated by a colon, such as `/api/users/:id`. Trailing slashes are automatically removed from both arguments.
#### `.beLessThan(num1, num2)`
Check if `num1` is less than `num2`
#### `.beMoreThan(num1, num2)`
Check if `num1` is more than `num2`
#### `.contain(set, val)`
Check if the set contains the value, the set can be either a string or an array