Skip to content
/ authorization-js Public

A demonstration of a JavaScript-based declarative Authorization DSL.

15 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

danielsomerfield/authorization-js

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
src
src
 
 
test
test
 
 
.babelrc
.babelrc
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 
roadmap.md
roadmap.md
 
 

Repository files navigation

Authorization JS

This is an example of how you could create a JavaScript DSL for creating ABAC authorization policy, comparable to XACML, but much easier to read.

A basic attribute-based policy using the DSL

This policy will allow a user with a particular group to access any resource during business hours.

allow('read')
    .of(anyResource())
    .if(and(
        User.department().is(equalTo('development')),
        timeOfDay().isDuring('9:00 PST', '17:00 PST'))
    );

A basic attributed-based policy using the underlying libraries, but not using the DSL

new Policy((request)=>{
    if (request.action == 'read') {
        let start = Environment.timeStringAsUTCMillis("9:00 PST");
        let end = Environment.timeStringAsUTCMillis("17:00 PST");
        let range = new Range(start, end - start);
        if (request.principal.department == 'development' && range.isIncluded(request.environment.now)) {
            return true;
        }
    }
    return false;
})

Policy Example 2: A resource-specific policy using the DSL

This policy will allow a user with a particular group to access the "/foo" resource.

allow('read')
    .of(resourceByPath('/foo'))
    .if(User.department().is(equalTo('development')));

About

A demonstration of a JavaScript-based declarative Authorization DSL.

Resources

Readme
Activity

Stars

15 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages