首页javascript

Express-Authz:多模型权限管理框架 Node-Casbin 之 Express 中间件

Chalin发布于2689 次阅读

Express-Authz

Express-Authz On GitHub is an authorization middleware for Express, it's based on Node-Casbin: https://github.com/casbin/node-casbin.

Installation

npm install --save casbin-express-authz

Simple Example

const { Enforcer } = require('casbin')
const express = require('express')
const authz = require('casbin-express-authz')

const app = express()

// set userinfo
app.use((req, res, next) => {
  const username = req.get('Authorization') || 'anonymous'
  req.user = {username}
  next()
})

// use authz middleware
app.use(authz(async() => {
  // load the casbin model and policy from files, database is also supported.
  const enforcer = await Enforcer.newEnforcer('authz_model.conf', 'authz_policy.csv')
  return enforcer
}))

// response
app.use((req, res, next) => {
  res.status(200).json({status: 'OK'})
})

app.listen(3000)

How to control the access

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-on user name
  2. object: the URL path for the web resource like "dataset1/item1"
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

License

This project is licensed under the Apache 2.0 license.

本站文章均为原创内容,如需转载请注明出处,谢谢。

2 条回复
喜欢
友情提示
   官方 QQ 1 群 697272886(500/2000)
   官方 QQ 2 群 856141852

© Rails365 | 隐私条款 | 服务条款 | 友情链接:轻课堂 | 粤ICP备15004902号 | 在线学员:15

Top