The policer.io Policy Decision Point (PDP) client library for typescript and javascript projects.
Advanced access control with one line of code with policy as data:
const {
grant, // allow or deny access
filter, // generate DB query filters
projection, // show or hide document properties
setter, // set document properties
} = pdp.can(
['editor', 'publisher'], // the user's roles
'article:publish', // the operation to check
{
user: { _id: 'some-user-id-003' },
document: {
published: false,
createdBy: 'other-user-id-007',
},
} // attributes of user, document or context
)Learn more about the benefits and features of policer.io!
- Node >= v20.x is required
- policer.io Policy Center instance (learn more)
- self-hosted
- https://cloud.policer.io (coming soon)
Use yarn command
yarn add @policer-io/pdp-ts
or npm command
npm install --save @policer-io/pdp-ts
The PDP connects to a policer.io Center Instance to load the policy (roles and permissions) for a given application. Therefore create and connect a PDP instance with:
import PDP from '@policer-io/pdp-ts'
type RoleName = 'reader' | 'editor' | 'publisher'
const pdp = await PDP.create<RoleName>({
applicationId: '65f0674f39d8a1a5ef805ca7',
hostname: 'cloud.policer.io',
})//// 1. prepare policy decision inputs
/** the user's roles */
const roles: RoleName[] = ['editor', 'publisher']
/** the operation to check */
const operation: string = 'article:publishBatch'
/** attributes of user, document or context */
const attributes: Record<string, unknown> = {
user: {
_id: 'some-user-id-003',
magazine: 'The New Yorker',
},
document: {
published: false,
createdBy: 'other-user-id-007',
},
}
//// 2. perform policy decision/check
const { grant, filter, projection, setter } = pdp.can(roles, operation, attributes)
//// 3. use policy decision result
if (grant) {
// if authorized
// query documents and document properties based on policy decision result (`filter` & `projection`)
const articles = await db.articles.find({ $and: [{ status: 'ready' }, filter] }, projection).exec()
// set or overwrite some document fields based on policy decision result (`setter`), for example `article.magazine`
articles.forEach((article) => {
publish({ ...article, ...setter })
})
} else {
// if not authorized
throw new Error('403 Forbidden')
}Please report bugs by creating a bug issue.
You can contribute to policer.io by
- improving typescript PDP (this package)
- implementing policer.io PDP for other programming languages
- developing on the policer.io ecosystem in general
Either way, let's talk!
-
Node Version Manager
- node: version specified in
.nvmrc
- node: version specified in
- Yarn
yarn install
yarn test
or
yarn test:watch
This repository uses commitlint to enforce commit message conventions. You have to specify the type of the commit in your commit message. Use one of the supported types.
git commit -m "[type]: my perfect commit message"
Talk to us via policer.io
The code is licensed under the MIT License