首页javascript

Egg-Authz:多模型权限管理框架 Node-Casbin 之 Egg.js 中间件

Chalin发布于964 次阅读

Egg-Authz

Egg-Authz On GitHub is an authorization middleware for Egg, it's based on Node-Casbin: https://github.com/casbin/node-casbin.

1. Installation

npm install --save egg-authz

2. Create a file in middleware directory to import the module.

// app/middleware/authz.js
module.exports = require('egg-authz')
// config/config.default.js
const { Enforcer } = require('casbin')
module.exports = {
  middleware: [ 'authz' ],
  authz: {
    enable: true,
    newEnforcer: async() : {
      // load the casbin model and policy from files, database is also supported.
      const enforcer = await Enforcer.newEnforcer('authz_model.conf', 'authz_policy.csv')
      return enforcer
    }
  }
}

3. Enable the middleware in your config files.

How to control the access

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-on user name
  2. object: the URL path for the web resource like "dataset1/item1"
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

License

This project is licensed under the Apache 2.0 license.

本站文章均为原创内容,如需转载请注明出处,谢谢。

0 条回复
暂无回复~~
喜欢
友情提示
   官方 QQ 1 群 697272886(500/2000)
   官方 QQ 2 群 856141852

© Rails365 | 隐私条款 | 服务条款 | 粤ICP备15004902号 | 在线学员:21

Top