Noctiflorous Pansy Mulch

    @qiwi/security-context

    0.0.3 • Public • Published

    security-context [RnD]

    Basic utils for security context providing.

    js-standard-style buildStatus coverage dependencyStatus devDependencyStatus

    Install
        npm i -S @qiwi/security-context    
    Contracts

    Inspired by Spring

    • Authentication — basic auth iface
    • *Token — custom auth impl
    • Authority - represents an authority granted to an Authentication object.
    • Role — basic authority type
    • Permission — a representation of the permission object as supplied by the expression system
    Usage concept
        import {Role, AbstractToken, PermissionEvaluator} from '@qiwi/security-context'
    
        // Create role as basic Authority
        const admin = new Role('admin')
        const operator = new Role('operator')
        
        // Specify custom token logic
        class CustomToken extends AbstractToken {
          //...
        }
        
        // Configure your evaluator
        class CustomEvaluator extends PermissionEvaluator {
          constructor() {
            super()
          }
          hasPermission(token, target, permission) {
            const roles = token.authorities
            
            if (roles.contains(admin)) {
              return true
            }
            
            if (roles.contains(operator)) {
              if (permission === 'owner') {
                if (target.owner_id === token.principal.id) {
                  return true
                }
              }
            }
            
            return false
          }
        }
        const evaluator = new PermissionEvaluator()
        
        // Handle auth event, build Auth instance
        const user = {
          login: 'foo'
        }
        fetch({/*...*/})
          .then(res => {
            const data = res.json()
            const token = new CustomToken(
              user,
              data.roles.map(v => new Role(v)),
              data.details
            )
            token.authenticated = true
    
          })
          .catch(e => {
            return new Authentication(user)
          })
          
        // Then pass auth to context and resolve permission where it's needed
        const doSomething = (target, ...args) => {
          if (evaluator.hasPermission(token, target, 'owner')) {
            // ...
          }
        }

    Install

    npm i @qiwi/security-context

    DownloadsWeekly Downloads

    0

    Version

    0.0.3

    License

    MIT

    Unpacked Size

    390 kB

    Total Files

    24

    Last publish

    Collaborators

    • antongolub
    • qiwibot
    • pismenskiy