Basic utils for security context providing.
npm i -S @qiwi/security-context Inspired by Spring
- Authentication — basic auth iface
- *Token — custom auth impl
- Authority - represents an authority granted to an Authentication object.
- Role — basic authority type
- Permission — a representation of the permission object as supplied by the expression system
import {Role, AbstractToken, PermissionEvaluator} from '@qiwi/security-context'
// Create role as basic Authority
const admin = new Role('admin')
const operator = new Role('operator')
// Specify custom token logic
class CustomToken extends AbstractToken {
//...
}
// Configure your evaluator
class CustomEvaluator extends PermissionEvaluator {
constructor() {
super()
}
hasPermission(token, target, permission) {
const roles = token.authorities
if (roles.contains(admin)) {
return true
}
if (roles.contains(operator)) {
if (permission === 'owner') {
if (target.owner_id === token.principal.id) {
return true
}
}
}
return false
}
}
const evaluator = new PermissionEvaluator()
// Handle auth event, build Auth instance
const user = {
login: 'foo'
}
fetch({/*...*/})
.then(res => {
const data = res.json()
const token = new CustomToken(
user,
data.roles.map(v => new Role(v)),
data.details
)
token.authenticated = true
})
.catch(e => {
return new Authentication(user)
})
// Then pass auth to context and resolve permission where it's needed
const doSomething = (target, ...args) => {
if (evaluator.hasPermission(token, target, 'owner')) {
// ...
}
}