This is a authorization middleware for Hapi js, and it is based on Node-Casbin.
npm i casbin @casbin/hapi-authz --save
- Register the plugin inside your index.js file.
const { newEnforcer } = require('casbin');
const hapiauthz = require('@casbin/hapi-authz');
...
const init = async () => {
...
const enforcer = await newEnforcer('model.conf', 'policy.csv') // replace with your model and policy file location
await server.register({
plugin: hapiauthz.Hapiauthz,
options: {
newEnforcer: enforcer
}
...
})
}
This package provides BasicAuthorizer
, which checks the Authorization header for the username.
If you want to use another authentication method like OAuth, you needs to extends BasicAuthorizer
as below:
class MyAuthorizer extends hapiauthz.BasicAuthorizer {
constructor(request, enforcer) {
super(request, enforcer);
}
getUserName () {
const { username } = this.request.credentials.username
return username
}
}
const init = async () => {
...
const enforcer = await newEnforcer('model.conf', 'policy.csv') // replace with your model and policy file location
await server.register({
plugin: hapiauthz.Hapiauthz,
options: {
newEnforcer: enforcer,
authorizer: (request, option) => new MyAuthorizer(request, option)
}
...
})
}
The authorization determines a request based on {subject, object, action}
, which means what subject
can perform what action
on what object
. In this plugin, the meanings are:
subject
: the logged-on user nameobject
: the URL path for the web resource like "dataset1/item1"action
: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the Casbin's documentation.