Egg-Authz

Egg-Authz is an authorization middleware for Egg, it's based on Node-Casbin: https://github.com/casbin/node-casbin.

1. Installation

use casbin v2.x

npm install casbin@2 egg-authz@2 --save

use casbin v3.x

npm install casbin@3 egg-authz@3 --save

2. Create a file in middleware directory to import the module.

// app/middleware/authz.js
module.exports = require('egg-authz')

// config/config.default.js
const casbin = require('casbin')
module.exports = {
  middleware: [ 'authz' ],
  authz: {
    enable: true,
    newEnforcer: async() => {
      // load the casbin model and policy from files, database is also supported.
      const enforcer = await casbin.newEnforcer('authz_model.conf', 'authz_policy.csv')
      return enforcer
    }
  }
}

3. Enable the middleware in your config files.

How to control the access

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

1. subject: the logged-on user name
2. object: the URL path for the web resource like "dataset1/item1"
3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

• Node-Casbin

License

This project is licensed under the Apache 2.0 license.