Skip to content
/ node-policy-agent Public

An authorization policy framework for NodeJS, inspired by OPA

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

axelboberg/node-policy-agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
.github/workflows
.github/workflows
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Test

node-policy-agent

A framework for creating authorization policies. Loosely inspired by OPA.

Example usage

  const { Agent, should } = require('node-policy-agent')

  const policy = [
    // /api/users/:id
    [
      should.matchUri('$input.path', '/api/users/:id'),
      should.equal('$input.method', 'GET'),
      should.contain('$input.user.roles', 'admin')
    ],

    // /api/foo
    [
      should.matchUri('$input.path', '/api/foo'),
      should.equal('POST', 'POST'),

      // A custom rule
      input => { 
        if (input.myParam === 'myValue' && 1 + 1 === 2) return true
        return false
      }
    ]
  ]

  const myAgent = new Agent(policy)

  const granted = myAgent.authorize({
    path: '/api/foo/username',
    method: 'GET',
    user: {
      roles: [
        'admin',
        'support'
      ]
    }
  })

  // granted === true

API

new Agent(policies [,opts])

Create a new Agent

.authorize(input [,policies [,opts]])

Authorize some input, provided policies will be used in place of the ones used when creating the Agent.

Options

Options for both the constructor and .authorize().

{
  detailedResponse: false // Return more details when authorizing. Will return a Boolean if false. False is default.
}

Custom rules

Policies are defined by a set of rules. Each rule is a function that processes the input value and returns a boolean whether or not the rule passed. The optional output argument is an object to use for any output data that should be sent back to .authorize() if the option detailedResponse is set to true, if set to false, output will not be accessible.

  const myPolicy = [
    [
      /**
       * Rule without output
       */
      input => {
        return input.username === 'Alice'
      },

      /**
       * Rule with output
       */
      (input, output) => {
        output.userIsAlice = input.username === 'Alice'
        return input.username === 'Alice'
      }
    ]
  ]

Built in rules

The exported require('node-policy-agent').should contains the following pre-built rules:

.equal(val1, val2)

Check if two values are equal

.matchObject(obj1, obj2)

Check if two objects contain the same keys and values

.matchRegex(str, regexp)

Check if a string matches a regular expression

.matchUri(str, pattern)

Check if a string matches a uri-pattern, valid patterns can contain placeholders idicated by a colon, such as /api/users/:id. Trailing slashes are automatically removed from both arguments.

.beLessThan(num1, num2)

Check if num1 is less than num2

.beMoreThan(num1, num2)

Check if num1 is more than num2

.contain(set, val)

Check if the set contains the value, the set can be either a string or an array

About

An authorization policy framework for NodeJS, inspired by OPA

Topics

security auth policy opa authz

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages