mongodb-security

1.6.0 • Public • Published

mongodb-security npm

Portable business logic of MongoDB security model, mostly string formatting.

Usage

var security = require('mongodb-security');

security.humanize({cluster: true})
.should.equal('For the deployment');

security.humanize({collection: 'users', db: 'mscope'})
.should.equal('On mscope.users');

security.humanize({collection: '', db: 'mscope'})
.should.equal('On any any collection in the mscope database');

security.humanize({collection: 'users', db: ''})
.should.equal('On the users collection in any database');

Example

var MongoClient = require('mongodb').MongoClient;
var security = require('../');
var format = require('util').format;

var username = 'reportsUser';
var password = 'foo';
var authDB = 'reporting';

var url = 'mongodb://localhost:30000/%s';

MongoClient.connect(format(url, authDB), function(err, db) {
    if (err) {
        throw err;
    }

    // log in as that user
    db.authenticate(username, password, function(err, res) {
    // get the user info with privileges
        db.command({
            usersInfo: {
                user: username,
                db: authDB
            },
            showPrivileges: true
        }, function(err, res) {
            if (err) {
                throw err;
            }

            var user = res.users[0];
            console.log(JSON.stringify(user, null, 2));

            // check if user has listDatabases privilege with cluster resource
            var listDatabasesAllowed = security.getResourcesWithActions(
                user, ['listDatabases']).length === 1;

            // if allowed, run listDatabases command, if not, set to [].

            // merge with databases from user info on which the user is allowed to
            // call listCollections
            var databases = security.getResourcesWithActions(
                user, ['listCollections'], 'database').map(function(resource) {
                return resource.db;
            });

            console.log('user can run listCollections on:', databases);

            // run listCollections on all databases, gather all namespaces

            // add required privilege actions here
            // @see https://docs.mongodb.org/manual/reference/privilege-actions/
            var compassActions = ['find', 'collStats'];

            // combine namespaces with ones that user has find+collStats privilege
            var namespaces = security.getResourcesWithActions(
                user, compassActions, 'collection').map(function(resource) {
                return resource.db + '.' + resource.collection;
            });

            console.log('user can run find + collStats on:', namespaces);

            db.close();
        });
    });
});

api

security.humanize(:resource)

Take the :resource of a MongoDB grant and hand back a literate sentence prefix.

todo

Dependents (0)

Package Sidebar

Install

npm i mongodb-security

Weekly Downloads

1

Version

1.6.0

License

SSPL

Unpacked Size

65.9 kB

Total Files

10

Last publish

Collaborators

  • orechova
  • himanshusinghs
  • c-buckingham
  • mongo-j
  • mabaasit
  • alexander_schroll
  • chuck.kalmanek
  • mongodb-js-user
  • rueckstiess
  • durran
  • lerouxb
  • fredtruman
  • mbroadst
  • hswolff
  • satyasinha
  • matt_d_rat
  • rhysm
  • tomhollander
  • alena.khineika
  • jeff-allen-mongo
  • mmarcon
  • jonathan.balsano
  • mongodb-build
  • jack.weir
  • stennie
  • mcasimir
  • kristina.stefano
  • jarjee
  • shaketbaby
  • devtoolsbot
  • addaleax
  • gribnoysup
  • mutukrish
  • wz3chen
  • imlucas
  • kangas