Node-casbin is a lightweight open source access control framework built with Node.js language. It adopts the design idea of metamodel and supports a variety of classic access control schemes, such as role-based access control RBAC and attribute-based access control ABAC.

The main features

  • Supports custom request formats. The default request format is {subject, object, action}.
  • It has two core concepts: access control model and policy
  • Multiple layers of role inheritance are supported in RBAC, where not only principals can have roles, but also resources
  • Super users, such as root or Administrator, can access any resources without authorization policies
  • Support for various built-in operators, such as keyMatch, to facilitate the management of path-like resources, such as /foo/bar can be mapped to /foo*

Things node-casbin doesn’t do

  • Authentication (authenticating the user name and password), Node-casbin is only responsible for access control. There should be some other specialized component responsible for authentication and then node-Casbin for access control, and the two work together
  • Manage the user list or role list. Node-casbin believes that it is more appropriate for the project itself to manage the list of users and roles. Node-casbin assumes that all users, roles and resources present in all policies and requests are valid

The installation

# yarn  
yarn add casbin
# npm  
npm install casbin --save
Copy the code

Learn to use

Introducing Node – Casbin

import { Enforcer } from 'casbin'
Copy the code

Initializes an enforcer, passing in two parameters: the model file path and the policy file path

const enforcer = await Enforcer.newEnforcer('path/to/model.conf'.'path/to/policy.csv');
Copy the code

Add the following hooks where your code needs access control

const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.

if (enforcer.enforce(sub, obj, act) == true) {
    // permit alice to read data1
} else {
    // deny the request, show an error
}
Copy the code

Use the management API to manage permissions, such as obtaining all roles of a user

const roles = enforcer.getRoles('alice')
Copy the code

See the Test directory for more information.

The middleware

  • express-authz
  • koa-authz
  • egg-authz

community

Node-casbin is currently actively pushing to the community. Currently, it supports express, Koa2 and other Web frameworks for integration through plug-ins, and will be promoted to more Web frameworks and communities in the future. Casbin already has Golang, Java, and PHP versions. Developers with cross-language needs can use Casbin as a framework to manage permissions for projects in multiple languages.

Casbin (Go) : github.com/casbin/casb… JCasbin (Java) : github.com/casbin/jcas… PHP – Casbin (PHP) : github.com/sstutz/php-… Node – Casbin (Node. Js) : github.com/casbin/node…

How to contribute

If you want to contribute to the Pull Request, please feel free to report bugs or join the QQ group: 546057381 (Casbin Access control discussion group)