cansecurity 0.3.0 released - adds support for conditional authorizations
72 views
Skip to first unread message
deitch
Mar 7, 2012, 4:44:33 AM3/7/12
to nodejs
0.3.0 adds support for applying authorization middleware only if
certain condition is met. In the past, we could only do
[code]
server.get("/api/user/:user",getAndSendUserData);
server.get("/api/user/:user/
private",cansec.restrictToRoles("admin"),getAndSendUserData);
[/code]
Now we can do
[code]
server.get("/api/
user/:user",cansec.ifParameter("private","true").restrictToRoles("admin"),getAndSendUserData);
[/code]
If ?private=true is passed, then you will need to be admin to proceed;
if not, then authorization is not necessary. getAndSendUserData
decides if it sends public or private data based on the existence of ?
private=true.
Will cross-post to expressjs...
https://github.com/deitch/cansecurity
and of course in npm
npm install cansecurity
Feedback always welcome and appreciated.
certain condition is met. In the past, we could only do
[code]
server.get("/api/user/:user",getAndSendUserData);
server.get("/api/user/:user/
private",cansec.restrictToRoles("admin"),getAndSendUserData);
[/code]
Now we can do
[code]
server.get("/api/
user/:user",cansec.ifParameter("private","true").restrictToRoles("admin"),getAndSendUserData);
[/code]
If ?private=true is passed, then you will need to be admin to proceed;
if not, then authorization is not necessary. getAndSendUserData
decides if it sends public or private data based on the existence of ?
private=true.
Will cross-post to expressjs...
https://github.com/deitch/cansecurity
and of course in npm
npm install cansecurity
Feedback always welcome and appreciated.
Reply all
Reply to author
Forward
0 new messages