Web Access Control

Web Access Control implementation for Node.js

A stand-alone or express/connect Web Access Control implementation designed for Node.js with configurable graph callback.

See also:

Example code:

var fileCallbackOptions = {'baseUrl':'http://example.com','filename':'access.ttl'};

var accessControl = require('wac')({'graphCallback':wac.fileGraphCallback(fileCallbackOptions)});

accessControl.hasAccess('http://example.com/resource', 'GET', 'http://example.com/agent#me', null, callback);

This code creates an access control object using the rules defined in the turtle file 'access.ttl' with the base URL 'http://example.com'. The last line tests access for the resource 'http://example.com/resource' using HTTP method 'GET' for agent 'http://example.com/agent#me'.

Express middleware example code:


Uses express/connect middleware functionality of the previously created accessControl object.

Enables or disables cross-origin requests. If the application parameter is not null a cross-origin request is detected.

A graph which contains the access control rules as RDF Interfaces: Graph. This option or the graphCallback option is required!

A callback function to fetch the graph which contains the access control rules as RDF Interfaces: Graph.

The function must accept two parameters:

  • resource The resource permission is requested
  • callback The callback function which is called with the graph as single parameter

This option or the graph option is required!

A graphCallback function for single file access control rules.

The following options are required:

  • baseUrl The base URL for the Turtle file
  • filename The filename of the Turtle file

A graphCallbackfunction for per directory file access control rules.

The following options are required if there is no default:

  • basePath The path to look at relative to the base URL (default: '')
  • baseUrl The URL for the parser relative to the base path
  • filename The filename of the access control rule files (default: '.acl.ttl')

Stand-alone function to check whether a agent/application has access to a resource with the given method/mode.

The following parameters must be provided:

  • resource URL of the resource to check
  • method HTTP method or WAC mode
  • agent URL of the agent
  • application CORS host
  • callback The callback function with a single boolean parameter

Function to create a express/connect middleware.

The following options are available:

  • forbidden A function to send the 403 forbidden response (default: send only 403 status code)

The req.absoluteUrl() function is required provided by the express-utils middleware.