@kavach/deflector
TypeScript icon, indicating that this package has built-in type declarations

1.0.0-next.27 • Public • Published

@rokkit/deflector

A simple and lightweight route deflector.

Installation

npm install @rokkit/deflector

Usage

import { createDeflector } from '@rokkit/deflector'

const config = {
  rules: [
    { path: '/public', public: true },
    { path: '/private' },
    { path: '/admin', roles: 'admin' }
  ]
}

const deflector = createDeflector(config)

deflector.protect('/public') // returns {statusCode: 200}
deflector.protect('/private') // returns {statusCode: 401, redirect: '/auth'}

deflector.setSession({ user: { role: 'authenticated' } })
deflector.protect('/public') // returns {statusCode: 200}
deflector.protect('/private') // returns {statusCode: 200}

deflector.setSession({ user: { role: 'admin' } })
deflector.protect('/public') // returns {statusCode: 200}
deflector.protect('/private') // returns {status: 200}
deflector.protect('/admin') // returns {status: 200}

Features

Default Configuration

Out-of-the-box support for common routes:

  • home: '/'
  • login: '/auth'
  • logout: '/logout'
  • session: '/auth/session'
  • unauthorized: defaults to null
  • endpoints: ['/api', '/data']

Configuration driven Role-Based Access

  • All routes are protected by default.
  • Define custom routes and rules.
  • Define rules for different paths and roles.
  • Nest specific role access under more generic access. For example, 'user' role access can be nested under a generic '*'.
  • Logs and excludes rules with errors.
  • Identifies and logs redundant rules.

Examples

Configuring Rules

const options = {
  rules: [
    { path: '/blog', public: true },
    { path: '/user', roles: ['authenticated'] },
    { path: '/other', roles: 'other' }
  ]
}
const deflector = createDeflector(options)

Customizing App routes

const config = {
  app: {
    home: '/home',
    login: '/login',
    logout: '/logout'
  },
  rules: [
    { path: '/auth' },
    { path: '/home/about' },
    { path: '/public', public: true }
  ]
}

const deflector = createDeflector(options)

Caveats

  • It does not handle actual redirection or session management.
  • It only returns the status code and the redirect path for page routes.
  • It only checks if the session includes a user role which is used for access control.

This is used internally under the hood by @kavach/svelte

Package Sidebar

Install

npm i @kavach/deflector

Weekly Downloads

3

Version

1.0.0-next.27

License

MIT

Unpacked Size

293 kB

Total Files

61

Last publish

Collaborators

  • jerrythomas