Skip to content

mattbradbury/casl-feathersjs-example

 
 

Repository files navigation

Example of CASL integration in Feathersjs app

Read CASL in Feathersjs app for details.

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access.

This is an example application which shows how to integrate CASL in blog application. There are 3 entities:

  • User
  • Post
  • Comment

Application uses jwt tokens for authentication. Permission logic (i.e., abilities) are define in src/hooks/abilities.js. Rules can be specified for authenticated and anonymous users, so potentially it's quite easy to give access anonymous users to leave comments in blog.

Note: refactored to use CASL 2.0. See @casl/ability and @casl/mongoose for details.

Installation

git@github.com:stalniy/casl-feathersjs-example.git
cd casl-feathersjs-example
npm install
npm start # `npm run dev` to run in dev mode

Also you need mongodb database up and running. Application will connect to mongodb://localhost:27017/blog. You can import few posts and users from ./db folder:

mongorestore ./db

Instruction to login

  1. Create new user (if you haven't imported documents from ./db)
POST http://localhost:3030/users
{
  "email": "casl@medium.com",
  "password": "password"
}
  1. Create new session
POST http://localhost:3030/authentication
{
  "strategy": "local",
  "email": "casl@medium.com",
  "password": "password"
}

201 Created
{ "accessToken": "...." }
  1. Put access token in Authorization header for all future requests

Routes

  • /posts
  • /comments?post=
  • /users
  • /authentication

About

Example integration of CASL in feathersjs app

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 55.2%
  • HTML 44.8%