reaccess

For The Mean

Usefull to

  • manage users access to your APIs
  • adapt user interfaces to their access level

Principle
 

User acces rights based
on the REST API ENDPOINTS

Rights are simply defined by an URI pattern:

/users/:user_id/notifications\?(.*)

 

And a set of methods:

HEAD, OPTIONS, GET, PUT, POST, DELETE

URI patterns are templated

You can  refer to deep object properties:

/places/:user.home.id/

 

Wildcards allow to match several values. In this case, the access will be granted for each matched values:

/places/:user.places.*.id

Back

End

Step 1: Augment req


    
    
    
    app.use(function(req, res, next) {
      getUserInfosFromTheDB().then(function(user) {
        req._rights = user.rights;
        req._rightsTemplateValues = [user];
        next();
      });
    });

Step 2: Add express-reaccess




    var reaccess = require('express-reaccess');
    
    app.use(reaccess({
        rightsProps: ['_rights'],
        valuesProps: ['_rightsTemplatesValues'],
        accessErrorMessage: 'UNAUTHORIZED'
    ));

Step 3: Handle access failures





  app.use(function(err, req, res, next) {
    if("UNAUTHORIZED" == err.message) {
      res.send(401, req._user);
    }
    next(err);
  });

Advantages

  • simple
  • granular
  • API centric
  • composable

Front
End

Step 1: Configure

    angular.module('myApp', [
        'simplifield.reaccess'
    ]).config(['sfReaccessServiceProvider',
      function(sfReaccessServiceProvider) {
    
        // Debugging rights (if you wish)
        $logProvider.debugEnabled(true);
        sfReaccessServiceProvider.debug(true);
    
        // Setting templated rights
        sfReaccessServiceProvider.setPredefinedRights({
          'USER_ADD':  {
            path: '/api/users',
            methods: ['POST']
          },
          'USER_EDIT':{
            path: '/api/users/:id',
            methods: ['PUT', 'PATCH']
          },
          'USER_DELETE':  {
            path: '/api/users/:id',
            methods: ['DELETE']
          }
        });
    }]);

Step 2: Load rights


    // Retrieving current user informations
    $http.get('/profile').then(function(response) {
    
        // Saving rights
        sfReaccessService.setRights(response.data.rights);
    
        // Setting values to fill templated rights
        sfReaccessService.setValues([{
          _username: response.data.username
        }]);
    
    });

Step 3: Use it!


    <!-- Display button if user can add users -->
     <a href="#/beers/create" class="btn btn-primary"
       ng-show="'USER_ADD' | sfReaccess">
       Add a user
     </a>

In your templates:


    if($sfReaccessService.test('USER_ADD')) {
        // Yay, i can add users
    }

In your code:

Advantages

  • end to end
  • adaptable
  • a/b testing friendly

Thanks!

@nfroidure on GitHub and Twitter

working at @SimpliField

 

Projects repos:
express-reaccess  -  angular-reaccess