News: still worry about how to write the correct node-Casbin policy? Casbin online editor
is coming to help! Try it at: http://casbin.org/en/editor/
node-Casbin is a powerful and efficient open-source access control library for Node.JS projects. It provides support for enforcing authorization based on various access control models.
Casbin | jCasbin | node-Casbin | PHP-Casbin |
production-ready | production-ready | production-ready | production-ready |
PyCasbin | Casbin.NET | Casbin4D | Casbin-RS |
production-ready | production-ready | experimental | WIP |
npm install casbin --save
-
Initialize a new node-Casbin enforcer with a model file and a policy file:
import casbin from 'casbin'; const enforcer = await casbin.newEnforcer('path/to/model.conf', 'path/to/policy.csv');
Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.
-
Add an enforcement hook into your code right before the access happens:
const sub = 'alice'; // the user that wants to access a resource. const obj = 'data1'; // the resource that is going to be accessed. const act = 'read'; // the operation that the user performs on the resource. const res = await enforcer.enforce(sub, obj, act); if (res) { // permit alice to read data1 } else { // deny the request, show an error }
-
Besides the static policy file, node-Casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:
const roles = enforcer.getRolesForUser('alice');
See Policy management APIs for more usage.
-
Please refer to the src/test package for more usage.
https://casbin.org/docs/en/overview
This project is licensed under the Apache 2.0 license.
If you have any issues or feature requests, please contact us. PR is welcomed.