node package manager

Introducing npm Enterprise add-ons. Integrate third-party dev tools into npm…

secure

ACL for Node.JS. Including authentication and express middleware for authorization.

secure

ACL for Node.JS. Including authentication and express middleware for authorization.

npm install secure

Register the access control list:

var authenticatedAcl = require('secure/access-control-list')(customLogger)

You can define a custom logger and pass it through, else console will be used by default.

Add resources to the access control list:

authenticatedAcl.addResource('Admin')

This will add create, read, update, delete, and * as resource actions by default.

var accessControl = require('secure/access-control')(
  authenticationProvider, // Function to determine if user is authenticated
  authenticatedAcl, // Access control list for authenticated users
  unauthenticatedAcl, // Access control list for unauthenticated users (can use {} if not necessary)
  'admin', // Type, used to set req.session[type] for checking roles
  console, // Custom logger, if used
  function(req, res) {
    // Default failure callback
    res.redirect('/login')
  })

Add middleware to redirect users trying to access a resource without the appropriate permissions to a failure URL:

app.get(
  '/secure/',
  accessControl.requiredAccess(resource, action, failureUrl),
  function(req, res) {
    ...
  }
)

The ACL can also be checked from within functions, rather than through middleware, for resource/action-specific functionality:

accessControl.isAllowed(req, resource, action) // Returns true/false

Dom Harrington

Paul Serby

Luke Wilde

Licenced under the New BSD License