Skip to content
/ candoo Public

A minimal activity based authorization middleware for connect/express

License

Notifications You must be signed in to change notification settings

kgraves/candoo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

candoo

A minimal activity based authorization middleware for connect/express

Build Status Coverage Status

This is heavily inspired by Derick Bailey's mustbe.

It makes no assumptions about how or where roles are stored or how you authorize users. It does assume that all data needed to authorize actions will be in the request object. (e.g. user, roles, etc) This lets candoo play nice with Passport.js and other authentication libraries/frameworks.

Usage

There are 3 quick steps to start using candoo.

  1. install
npm install --save candoo
  1. config
var can = require('candoo');

can.configureActivities({

  'view.profile': function(req, done) {
    done(req.user !== undefined);
  },

  /**
   * You can pass a custom error message to the callback for a failure.
   */
  'view.admin.page': function(req, done) {
    if (req.user && req.user.role === 'admin') {
      done(true);
    } else {
      done(false, 'admins only!');
    }
  },

  /**
   * You can pass an options object for further functionality.
   *
   * The following options are supported:
   * {
   *   onFailure: function(req, res, next) {...}
   * }
   *
   * Currently the only option that is recognized is an `onFailure` callback.
   * This gives you more granular control when there is an unauthorized request.
   * For example, one may have the need to redirect unauthorized requests to 
   * different endpoints, instead of relying on error handlers further down the
   * line.
   */
  'view.stats': function(req, done) {
    if (req.user && req.user.isOwner(someModelObject)) {
      done(true);
    } else {
      done(false, '', { onFailure: helpers.redirectToLogin });
    }
  }

});
  1. use
var can = require('candoo');

app.get('/admin/page', can.do('view.admin.page'), function(req, res, next) {
  // serve admin page
});

Contributing

Open an issue or send a pull request :)

About

A minimal activity based authorization middleware for connect/express

Resources

License

Stars

Watchers

Forks

Packages

No packages published