世界上最伟大的投资就是投资自己的教育
Express-Authz:多模型权限管理框架 Node-Casbin 之 Express 中间件
Chalin发布于5396 次阅读
Express-Authz
Express-Authz On GitHub is an authorization middleware for Express, it's based on Node-Casbin
: https://github.com/casbin/node-casbin.
Installation
npm install --save casbin-express-authz
Simple Example
const { Enforcer } = require('casbin')
const express = require('express')
const authz = require('casbin-express-authz')
const app = express()
// set userinfo
app.use((req, res, next) => {
const username = req.get('Authorization') || 'anonymous'
req.user = {username}
next()
})
// use authz middleware
app.use(authz(async() => {
// load the casbin model and policy from files, database is also supported.
const enforcer = await Enforcer.newEnforcer('authz_model.conf', 'authz_policy.csv')
return enforcer
}))
// response
app.use((req, res, next) => {
res.status(200).json({status: 'OK'})
})
app.listen(3000)
How to control the access
The authorization determines a request based on {subject, object, action}
, which means what subject
can perform what action
on what object
. In this plugin, the meanings are:
-
subject
: the logged-on user name -
object
: the URL path for the web resource like "dataset1/item1" -
action
: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the Casbin's documentation.
Getting Help
License
This project is licensed under the Apache 2.0 license.
本站文章均为原创内容,如需转载请注明出处,谢谢。
© 汕尾市求知科技有限公司 | Rails365 Gitlab | 知乎 | b 站 | csdn
粤公网安备 44152102000088号 | 粤ICP备19038915号
Top
中文描述下 应用场景
There is the official website: https://casbin.org