TypeScript icon, indicating that this package has built-in type declarations

1.0.0 • Public • Published


status coverage Latest Release

See on NPM

Use Jexl expressions for authorization.


You can get the latest release and the type definitions using npm:

$ npm install @jojoxd/tsed-auth-expression
// Server.ts
import "@jojoxd/tsed-auth-expression";

// <snip>

    // No configuration required (yet)
export class Server {}


Creating a Context Provider

The Auth Context Provider provides variables you can use in your expressions. It has access to the container using @Inject(), and has access to the Ts.ED Context.

import { AuthExpressionContextProvider, AuthExpressionContextProviderMethods } from "@jojoxd/tsed-auth-expression";
import { Context } from "@tsed/common";

export class MyAuthContextProvider implements AuthExpressionContextProviderMethods
    async getContext(context: Context): Promise<any>
        return {
            variable: 'Hello, World!'

Using Expressions

Expressions manage authorization. For example, you could have an AuthContextProvider that provides the current user as a variable, and check if user.isAdmin is true.

Here, we use the above AuthContextProvider to check if variable is "Hello, World!":

import { Controller } from "@tsed/di";
import { Get } from "@tsed/schema";

import { UseAuthExpression } from "@jojoxd/tsed-auth-expression";

export class MyController
    @UseAuthExpression('variable == "Hello, World!"')
    getHelloWorld() {
        return { message: 'Hello, World!', };

Jexl Extensions

To extend Jexl yourself, you can use OverrideProvider for AuthExpressionMiddleware:

import { OverrideProvider } from "@tsed/di"; 
import { AuthExpressionMiddleware } from "@jojoxd/tsed-auth-expression";

export class MyAuthExpressionMiddleware extends AuthExpressionMiddleware
        // now you can use this.expressionEvaluator to access Jexl


We've added an extra function exists. This can be used to check if a variable exists. (Seems logical to me.)


import { Controller } from "@tsed/di";
import { Get } from "@tsed/schema";

import { UseAuth } from "@jojoxd/tsed-auth-expression";

export class MyController
    @UseAuth('currentUser|exists && currentUser.isAdmin')
    getTest() {}

Pre-defined variables

explain pre-defined variables (QueryParams, PathParams, Request, etc.)

There are a couple of pre-defined variables available:

  • routeParams: contains the Path Parameters
  • queryParams: contains the Query Parameters
  • session: contains the Session instance.
  • cookies: contains cookies from the request
  • request: contains the full Ts.ED PlatformRequest object.

Example with Path and Query Params:

import { Controller } from "@tsed/di";
import { Get } from "@tsed/schema";

import { UseAuthExpression } from "@jojoxd/tsed-auth-expression";

export class MyController
    @UseAuthExpression('routeParams.myPathParam == 1 && queryParams.hello|exists')
    getMyPathParam() {}

Some considerations

Note that we are deviating a bit from the standard Jexl expression language, as we have disabled assignment to not get any pollution.


Things I'd like to have:

  • Allow grouping providers (Will save on resources)
  • Allow easier Jexl extension (Better DX)
  • Allow deferring getters for variables (Will save on resources)


npm i @jojoxd/tsed-auth-expression

DownloadsWeekly Downloads






Unpacked Size

45.2 kB

Total Files


Last publish


  • bakaxd