secure

ACL for Node.JS. Including authentication and express middleware for authorization.

secure

ACL for Node.JS. Including authentication and express middleware for authorization.

npm install secure

Register the access control list:

var authenticatedAcl = require('secure/access-control-list')(customLogger)

You can define a custom logger and pass it through, else console will be used by default.

Add resources to the access control list:

authenticatedAcl.addResource('Admin')

This will add create, read, update, delete, and * as resource actions by default.

var accessControl = require('secure/access-control')(
  authenticationProvider, // Function to determine if user is authenticated
  authenticatedAcl, // Access control list for authenticated users
  unauthenticatedAcl, // Access control list for unauthenticated users (can use {} if not necessary)
  'admin', // Type, used to set req.session[type] for checking roles
  console, // Custom logger, if used
  function(req, res) {
    // Default failure callback
    res.redirect('/login')
  })

Add middleware to redirect users trying to access a resource without the appropriate permissions to a failure URL:

app.get(
  '/secure/',
  accessControl.requiredAccess(resource, action, failureUrl),
  function(req, res) {
    ...
  }
)

The ACL can also be checked from within functions, rather than through middleware, for resource/action-specific functionality:

accessControl.isAllowed(req, resource, action) // Returns true/false

Dom Harrington

Paul Serby

Luke Wilde

Licenced under the New BSD License