This library is designed specifically for use in a monorepo. It is a simple wrapper that handles access control, using the principles of Gates to systematically and securely grant or deny access.
This library was inspired by the authorization methods from Laravel
- The library expects a
@custom/config/tsconfig.json
npm install @custom/access-control
The library uses the locals to pass the session. The locals can be adjusted in src/app.d.ts
. An example is:
declare global {
namespace App {
interface Locals {
session: {
user: {
username: string;
};
};
}
}
}
You can easily create gates yourself:
import type { IGate } from '@jcb/access-control';
export function authorityGate(authorities: string[]): Gate {
return (session: App.Local['session']) =>
authorities.every((val) => session?.user?.authorities.includes(val) || false);
}
After the definition of your gates they can be used to check the access of a user. There are two functions exported. One which integrates with svelte-kit and one which can be used in any other framework.
// *.svelte
import { page } from '$app/stores'
hasAccess($page.data.session, [
authenticatedGate,
new PolicyGate([Policies.USER_DETAIL])
])
// +page.server.ts
import { authenticatedGate } from '@jcb/access-control'
import { hasAccessSvelte } from '@custom/access-control/lib/svelte'
export async function load({ locals }) {
hasAccessSvelte(locals.session, [
authenticatedGate,
new PolicyGate([Policies.USER_DETAIL])
])
}
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
This library is licensed under the MIT License.
Jessie Liauw A Fong - github