Add copyright header.
Express-Authz is an authorization middleware for Express, it's based on Node-Casbin: https://github.com/casbin/node-casbin.
npm install casbin-express-authz
const { Enforcer } = require('casbin') const express = require('express') const authz = require('express-authz') const app = express() // set userinfo app.use((req, res, next) => { const username = req.get('Authorization') || 'anonymous' req.user = {username} next() }) // use authz middleware app.use(authz(async() => { // load the casbin model and policy from files, database is also supported. const enforcer = await Enforcer.newEnforcer("authz_model.conf", "authz_policy.csv") return enforcer })) // response app.use((req, res, next) => { res.status(200).json({status: 'OK'}) }) app.listen(3000)
The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:
subject: the logged-on user nameobject: the URL path for the web resource like “dataset1/item1”action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like “read-file”, “write-blog”For how to write authorization policy and other details, please refer to the Casbin's documentation.
This project is licensed under the Apache 2.0 license.