Google Git
Sign in
apache/casbin-node-casbin-hapi-authz

hapi-authz is an authorization middleware for Hapi.js based on Casbin

Mirrored from https://github.com/apache/casbin-node-casbin-hapi-authz.git
Clone this repo:

Branches

Tags

  1. 5769e6f fix: fix broken links (#15) by YunShu · 2 years, 7 months ago master
  2. a7a350b docs: replace gitter links with discord (#14) by YunShu · 2 years, 8 months ago
  3. 7df1d61 Merge pull request #12 from node-casbin/dependabot/npm_and_yarn/path-parse-1.0.7 by Yang Luo · 4 years, 7 months ago
  4. 78d0033 chore(deps): bump path-parse from 1.0.6 to 1.0.7 by dependabot[bot] · 4 years, 7 months ago
  5. 733b7d8 Merge pull request #11 from node-casbin/dependabot/npm_and_yarn/glob-parent-5.1.2 by Yang Luo · 4 years, 9 months ago

Hapi Authz

NPM version NPM download codebeat badge Build Status Release Discord

This is a authorization middleware for Hapi js, and it is based on Node-Casbin.

Installation

npm i casbin @casbin/hapi-authz --save

Integration

  • Register the plugin inside your index.js file.
const { newEnforcer } = require('casbin');
const hapiauthz = require('@casbin/hapi-authz');

...

const init = async () => {
    ...
    const enforcer = await newEnforcer('model.conf', 'policy.csv') // replace with your model and policy file location

    await server.register({  
    plugin: hapiauthz.Hapiauthz,
    options: {
      newEnforcer: enforcer
    }

    ...
  })
}

Use a customized authorizer

This package provides BasicAuthorizer, which checks the Authorization header for the username. If you want to use another authentication method like OAuth, you needs to extends BasicAuthorizer as below:

class MyAuthorizer extends hapiauthz.BasicAuthorizer {
  constructor(request, enforcer) {
    super(request, enforcer);
  }

  getUserName () {
    const { username } = this.request.credentials.username
    return username
  }
}

const init = async () => {
    ...
    const enforcer = await newEnforcer('model.conf', 'policy.csv') // replace with your model and policy file location

    await server.register({  
    plugin: hapiauthz.Hapiauthz,
    options: {
      newEnforcer: enforcer,
      authorizer: (request, option) => new MyAuthorizer(request, option)
    }

    ...
  })
}

How to control the access

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-on user name
  2. object: the URL path for the web resource like “dataset1/item1”
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like “read-file”, “write-blog”

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help