Simple Express Authorization -
Scopes based authorization middleware. Ideal for app express or derivative such as express-gateway
Installation
$ npm i simple-express-authorization
Usage the simple-express-authorization
When there is a single setting
const app = const guard = const settings = responseCaseError: code: 403 message: "FORBIDDEN" description: "Authorization failed due to insufficient permissions." redirect_link: "/auth" logicalStrategy: 'AND' flowStrategy: "NEXTWITHERROR"; guard app) app)...
When there are local settings
const app = const guard = const settingsGetAll = responseCaseError: code: 403 message: "FORBIDDEN" description: "Authorization failed due to insufficient permissions." redirect_link: "/auth" logicalStrategy: 'AND' flowStrategy: "NEXTWITHERROR"; const settingsGet = responseCaseError: code: 403 message: "FORBIDDEN" description: "Authorization failed due to insufficient permissions." redirect_link: "/auth" logicalStrategy: 'AND' flowStrategy: "RETURNRESPONSE"; guard app) app)...
Possibles settings
settings = /** Specific where we find user scopes * By default we use -> req.user.scope * Observation: * - userScopesLocation is a string * - req.user.scope is expected to be of type Array. * * When informed "a.b.c" we use -> req['a']['b']['c'] */ userScopesLocation: "DEFAULT" /** Specifies the logical strategy used to evaluate user scopes * By default we use -> OR * Observation: * - logicalStrategy is a string * - We currently only support "OR" and "AND". */ logicalStrategy: "OR" /** Specifies the return object if the user does not have the expected scopes. * responseCaseError is the content returned in the response body when flowStrategy * is not modified, or when it is set to the default value "RETURNRESPONSE" */ responseCaseError: code: 403 message: "FORBIDDEN" description: "Authorization failed due to insufficient permissions." redirect_link: "/auth" /** Specifies the flow strategy used when the user does not have the expected scopes * By default we use -> RETURNRESPONSE * Observation: * - flowStrategy is a string * - "RETURNRESPONSE"-> When the user does not have the required scopes, * the object responseCaseError is returned. * - "NEXTWITHERROR"-> When the user does not have the required scopes, * the next() function is called passing the responseCaseError object. * - We currently only support "RETURNRESPONSE" and "NEXTWITHERROR". */ flowStrategy: "RETURNRESPONSE"
Running tests
Unitary tests
Run npm run test:unit
to execute the unit tests.
Integration tests
Run npm run test:integration
to execute the integration tests.
Coverage tests
Run npm run test:coverage
to execute the coverage tests.