Skip to content
/ fence Public

🔰 Framework-agnostic package who provides powerful ACL abilities to JavaScript

License

MIT license
65 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Slynova-Org/fence

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

130 Commits
src
src
 
 
tests
tests
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
tslint.json
tslint.json
 
 

Repository files navigation

fence

Build Status Coverage Status Version Downloads License

fence is a framework-agnostic package which provides powerful ACL abilities to JavaScript.
It lets you easily manage ACL with a fluent API easy to learn and to work with. 🚀


Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @slynova/fence
# or
$ yarn add @slynova/fence

When you require the package in your file, it will give you access to the Guard and Gate class.

const { Gate, Guard } = require('@slynova/fence')

Gate & Policy

A Gate is a closure that returns a boolean to determine if the user is allowed to perform a certain action. Instead of using a closure, you can also write a Policy. Those are classes that let you organise your authorisation around a particular model or resource.

Writing a Gate

To define a new Gate you will need to call the define method on the Gate facade.

Gate.define('name-of-the-gate', async (user, resource) => {
  // Payload
  // e.g. return user.id === resource.author_id
})

Writing a Policy

To define a new Policy you will need to call the policy method on the Gate facade.

Gate.policy(post, PostPolicy)

The first argument is the object you want to define the policy for. It can be a simple JSON or an ES2015 class.

The policy must be an ES2015 class.


Guard

The Guard is the guardian of your gates.

Most of the time, you'll want to use the authenticated user to test your gates. For this reason, node-fence let you use the method Guard.setDefaultUser().

// The user can be retrieve from the auth middleware you are using
const guard = Guard.setDefaultUser({ id: 1, username: 'romainlanz' })

Public API

guard.allows('gateName/Policy Method', resource) // It will use per default the defined user or return false if not defined
guard.denies('gateName/Policy Method', resource) // It will use per default the defined user or return true if not defined
guard.allows('gateName/Policy Method', resource, user)
guard.denies('gateName/Policy Method', resource, user)
guard.can(user).pass('gateName').for(resource)
guard.can(user).callPolicy('Policy Method', resource)

Contribution Guidelines

Any pull requests or discussions are welcome.
Note that every pull request providing a new feature or correcting a bug should be created with appropriate unit tests.

About

🔰 Framework-agnostic package who provides powerful ACL abilities to JavaScript

Topics

nodejs javascript security acl framework-agnostic acl-abilities

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

65 stars

Watchers

5 watching

Forks

6 forks
Report repository

Releases

4 tags

Packages

No packages published

Contributors 5

Languages