Skip to content

Commit

Permalink
update nodejs docs (#109)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gimmyxd
gimmyxd authored Mar 21, 2024
1 parent b9e4213 commit 1030553
Showing 1 changed file with 52 additions and 33 deletions.
85 changes: 52 additions & 33 deletions docs/software-development-kits/javascript/express.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,34 +47,33 @@ yarn add @aserto/aserto-node
```ts
interface Authorizer {
config: AuthorizerConfig,
channelCredentials: ChannelCredentials = credentials.createSsl()
};

type AuthorizerConfig = {
authorizerServiceUrl?: string;
tenantId?: string;
authorizerApiKey?: string;
token?: string;
authorizerCertFile?: string;
insecure?: boolean;
};
```


### Topaz
```ts
import { getSSLCredentials } from "@aserto/aserto-node";

const sslCredentials = getSSLCredentials(`${process.env.HOME}/.config/topaz/certs/grpc-ca.crt`)
import { Authorizer } from "@aserto/aserto-node";

const authClient = new Authorizer({
authorizerServiceUrl: "localhost:8282",
}, sslCredentials);
authorizerCertFile: `${process.env.HOME}/.config/topaz/certs/grpc-ca.crt`
});
```

#### Example:
```ts
import {
Authorizer,
getSSLCredentials,
identityContext,
policyContext,
policyInstance,
Expand All @@ -83,15 +82,15 @@ import {
const authClient = new Authorizer(
{
authorizerServiceUrl: "localhost:8282",
authorizerCertFile: `${process.env.HOME}/.config/topaz/certs/grpc-ca.crt`
},
getSSLCredentials(`${process.env.HOME}/.config/topaz/certs/grpc-ca.crt`)
);

authClient
.Is({
identityContext: identityContext(
"[email protected]",
"IDENTITY_TYPE_SUB"
"SUB"
),
policyInstance: policyInstance("rebac", "rebac"),
policyContext: policyContext("rebac.check", ["allowed"]),
Expand All @@ -110,7 +109,7 @@ await authClient
.Is({
identityContext: identityContext(
"[email protected]",
"IDENTITY_TYPE_SUB"
"SUB"
),
policyInstance: policyInstance("todo", "todo"),
policyContext: policyContext("todoApp.POST.todos", ["allowed"]),
Expand All @@ -124,7 +123,7 @@ await authClient
.Is({
identityContext: identityContext(
"[email protected]",
"IDENTITY_TYPE_SUB"
"SUB"
),
policyInstance: policyInstance("todo", "todo"),
policyContext: policyContext("todoApp.POST.todos", ["allowed"]),
Expand All @@ -140,7 +139,7 @@ await authClient
.DecisionTree({
identityContext: identityContext(
"[email protected]",
"IDENTITY_TYPE_SUB"
"SUB"
),
policyInstance: policyInstance("todo", "todo"),
policyContext: policyContext("todoApp.POST.todos", ["allowed"]),
Expand All @@ -157,10 +156,6 @@ await authClient

### Middleware

:::note
`express@^4.0.0` is a peer dependency for the Middleware. Make sure it is installed in your project.
:::

When authorization middleware is configured and attached to a server, it examines incoming requests, extracts authorization parameters like the caller's identity, calls the Aserto authorizers, and rejects messages if their access is denied.

`failWithError`: When set to `true`, will forward errors to `next` instead of ending the response directly.
Expand Down Expand Up @@ -246,14 +241,10 @@ const rebacMw = new Middleware({
// Only users that are in the `evil_genius` group are allowed to delete todos.
app.delete("/todos/:id", checkJwt, rebacMw.Check({
object: {
type: "group",
id: "evil_genius"
},
relation: {
name: "member",
}
})
objectType: "group",
objectId: "evil_genius"
relation: "member",
}))
```

#### Mappers
Expand Down Expand Up @@ -294,13 +285,14 @@ const restMw = new Middleware({

The whole identity resolution can be overwritten by providing a custom function.
```ts
// needs to return an IdentityContext
import { identityContext } from "@aserto/aserto-node";

const restMw = new Middleware({
client: authClient,
policy: policy,
identityMapper: async () => {
return identityContext('test', 'IDENTITY_TYPE_SUB')
return identityContext('test', 'SUB')
},
})
```
Expand All @@ -314,7 +306,8 @@ By default, the policy path is derived from the URL path.
To provide custom logic, use a PolicyMapper. For example:

```ts
import { policyContext } from "@aserto/aserto-node";
// needs to return an IdentityContext
import { identityContext } from "@aserto/aserto-node";

const restMw = new Middleware({
client: authClient,
Expand Down Expand Up @@ -362,17 +355,43 @@ async (req: Request) => { return { customKey: req.params.id } };
type IdentityMapper = (req?: Request) => Promise<IdentityContext>;

// You can also use the built-in policyContext function to create a identity context and pass it as the mapper response
identityContext = (value: string, type: keyof IdentityTypeMap)

IdentityTypeMap {
IDENTITY_TYPE_UNKNOWN: 0;
IDENTITY_TYPE_NONE: 1;
IDENTITY_TYPE_SUB: 2;
IDENTITY_TYPE_JWT: 3;
const identityContext = (value: string, type: keyof typeof IdentityType) => {

IdentityType {
/**
* Unknown, value not set, requests will fail with identity type not set error.
*
* @generated from enum value: IDENTITY_TYPE_UNKNOWN = 0;
*/
UNKNOWN = 0,
/**
* None, no explicit identity context set, equals anonymous.
*
* @generated from enum value: IDENTITY_TYPE_NONE = 1;
*/
NONE = 1,
/**
* Sub(ject), identity field contains an oAUTH subject.
*
* @generated from enum value: IDENTITY_TYPE_SUB = 2;
*/
SUB = 2,
/**
* JWT, identity field contains a JWT access token.
*
* @generated from enum value: IDENTITY_TYPE_JWT = 3;
*/
JWT = 3,
/**
* Manual, propagates thw identity field as-is, without validation, into the input object.
*
* @generated from enum value: IDENTITY_TYPE_MANUAL = 4;
*/
MANUAL = 4
}

// example
identityContext("[email protected]", "IDENTITY_TYPE_SUB")
identityContext("[email protected]", "SUB")
```
##### Policy
Expand Down

0 comments on commit 1030553

Please sign in to comment.