Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/beyonk-group/sapper-rbac
RBAC for Sapper
https://github.com/beyonk-group/sapper-rbac
api rbac role sapper security ssr svelte sveltejs
Last synced: about 2 months ago
JSON representation
RBAC for Sapper
- Host: GitHub
- URL: https://github.com/beyonk-group/sapper-rbac
- Owner: beyonk-group
- Created: 2019-11-26T12:54:33.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-03-03T10:12:27.000Z (over 1 year ago)
- Last Synced: 2024-06-13T23:48:58.395Z (3 months ago)
- Topics: api, rbac, role, sapper, security, ssr, svelte, sveltejs
- Language: JavaScript
- Size: 5.97 MB
- Stars: 82
- Watchers: 5
- Forks: 7
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# RBAC for Sapper
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com) [![build-status](https://img.shields.io/github/workflow/status/beyonk-adventures/sapper-rbac/publish)](https://github.com/beyonk-adventures/sapper-rbac/) [![Svelte v3](https://img.shields.io/badge/svelte-v3-blueviolet.svg)](https://svelte.dev)
Role-based access control for Sapper. Works on both the server-, and, client-side.
# Install
Install as a dev dependency:
```bash
npm install --save-dev @beyonk/sapper-rbac
```# Usage
## Define a set of route permissions in your application
* For Sapper to work, `/client/.*` is automatically unrestricted.
```js
import { Router } from '@beyonk/sapper-rbac'const routes = new Router()
.unrestrict('/login.*')
.restrict('/admin/sales.*', [ 'admin', 'sales' ])
.restrict('/admin.*', ['admin'])
.restrict('.*', [ 'customer' ])
.build()export default routes
```## For the server-side
```js
import { guard } from '@beyonk/sapper-rbac'
import routes from './my-routes.js'const app = polka()
.use(
sessionMiddleware,
(req, res, next) => {
const options = {
routes,
deny: () => {
res.writeHead(302, { Location: '/login' })
return res.end()
},
grant: () => {
return sapper.middleware({
session: () => (res.user ? { user: res.user } : {})
})(req, res, next)
}
}return guard(req.path, res.user, options)
}
)```
### sessionMiddleware
This middleware adds a user object at `res.user` (or null if the request isn't authenticated). The only required attribute of this user is `scope` which contains a list of authentication scopes that the user has:
```js
function sessionMiddleware (req, res, next) {
res.user = {
scope: ['admin', 'other']
}next()
}
```### deny
For cases where the user is denied access, call this function.
The deny function receives two parameters:
```js
deny (path, scope) {
// path: /some/path - the path the user attempted to access
// scope: {
// given: [ 'sales.view', 'booking.create' ] - the scopes the user has
// required: [ 'admin.view' ] - the scopes the user required
// }
}
```### grant
For cases where the user is granted access, call this function.
## For the client-side
On the client side, we integrate with the page store in the root `_layout.svelte`:
```js
import routes from './my-routes.js'
import { guard } from '@beyonk/sapper-rbac'
import { tick } from 'svelte'
import { stores, goto } from '@sapper/app'const { page, session } = stores()
const options = {
routes,
deny: () => goto('/login')
// we don't specify grant here, since we don't need to do anything.
}// Listen to the page store.
page.subscribe(async v => {
await tick() // let the previous routing finish first.
guard(v.path, $session.user, options)
})
```