Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/platformatic/fastify-cerbos
Fastify plugin for Cerbos
https://github.com/platformatic/fastify-cerbos
Last synced: about 1 month ago
JSON representation
Fastify plugin for Cerbos
- Host: GitHub
- URL: https://github.com/platformatic/fastify-cerbos
- Owner: platformatic
- License: mit
- Created: 2023-01-11T19:52:24.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-01T23:05:49.000Z (about 2 months ago)
- Last Synced: 2024-11-02T00:17:17.849Z (about 2 months ago)
- Language: JavaScript
- Size: 514 KB
- Stars: 5
- Watchers: 4
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Cerbos Fastify plugin
This plugin provides a [Fastify](https://www.fastify.io/) plugin for [Cerbos](https://cerbos.dev).
Currently, this supports only `isAllowed` exposed by a Fastify request decorator, which returns a Promise that resolves to a boolean.It assumes the `request` has been decorated with a `user` object. The `user` object is used to extract the principal using this `getPrincipal` function:
```js
getPrincipal: user => {
const { id = 'anonymous', roles = ['anonymous'], ...rest } = user
return {
id,
roles,
attr: rest
}
}
```This function can be overridden by passing a `getPrincipal` function to the plugin options.
If no `user` object is found in the request, the principal is `anonymous` principal:
```js
{
id: 'anonymous',
roles: ['anonymous']
}```
These values are also set in case `user` as no `id` or `roles` properties.## Usage
Install with:
```bash
npm install fastify-cerbos
```Then you can add the plugin to your Fastify application:
```js
const Fastify = require('fastify')
const fastifyCerbos = require('fastify-cerbos')const app = Fastify()
app.register(fastifyCerbos, {
host: '127.0.0.1',
port: 3593,
useGRPC: true,
})app.get('/', async function (request, reply) {
const { id } = request.body
const resource = {
id,
kind: 'post',
attr: {}
}
const allowed = await request.isAllowed(resource, 'modify')
if (!allowed) {
reply.code(403).send()
}
// (...)
})await app.listen()
```
## Options
The plugin accepts the following options:
- `host` - Cerbos server host. Default: `127.0.0.1`
- `port` - Cerbos server port. Default: `3593`
- `useGRPC` - Use gRPC to connect to Cerbos server. Default: `true`
- `getPrincipal` - Function to extract the principal from the request. Default: `see above`
- `tls` - TLS options for gRPC/HTTP connection. This object is passed to [Cerbos Client Object](https://github.com/cerbos/cerbos-sdk-javascript/blob/main/docs/core.client.md)## Run Tests
Make sure you have [Docker](https://docs.docker.com/get-docker/) and [docker-compose](https://github.com/docker/compose) installed.
Start Cerbos server with:
```bash
docker-compose up -d
```