$ npm i egg-zrole --save
// {app_root}/config/plugin.js
exports.zrole = {
enable: true,
package: 'egg-zrole',
};
// {app_root}/config/config.default.js
exports.zrole = {
useAdapter: false,
useAnonymous: false,
usePolicyInit: false,
useCustomResponse: false,
model: '/example/zrole_model.conf',
policy: '/example/zrole_policy.csv',
adapterConfig: () => {},
getUser: (ctx) => {},
initPolicy: () => {},
customResponse: (ctx) => {},
useAutoMiddleware: true,
useSuperManage: 'admin'
};
Tips:
- After
v1.0.5
you don't need to add thezrole
to middleware. - You must set the
model
path; When you don't use the adapter, you also need to setpolicy
path. - If your userinfo not in the
Authorization
, you should usegetUser
method to set how to get userinfo that can check the user role.If don't set the getUser method, it will jump. - If use some casbin adapter, you need make
useAdapter
totrue
, then config the adapter, useadapterConfig
method. - If you need to init the policy, you can set
usePolicyInit
totrue
, and useinitPolicy
method to set role. - If you need to custom your response, when 403; You can set
useCustomResponse
totrue
, and usecustomResponse
method to custom the response. - If you need to use default
anonymous
role, you can setuseAnonymous
totrue
. - In
v1.3.0
, you can setuseAutoMiddleware
to false (default is true), then the zrole middleware will not add to your middleware array, you need to write middleware yourself. - In
v1.5.0
, you can set super manage name to jump role check. - After
v2.0.2
, support thekeyMatch5
matcher. - In
v3.0.0
, only support Nodejs v16.0.0+
see config/config.default.js for more detail.
Details Project Later
Now, You can see test/fixtures, there are two example
this test project, show the following features: 1.sequelize adapter; 2.init policy
- Use
Sequlize
andMySQL
to control permission, in controller file, you can seethis.app.zrole.addPolicy('xdd', '/', 'GET')
, it test the policy's dynamic addition; and you need to setuseAdapter
totrue
; - The casbin sequelize adapter, we use
casbin-sequelize-adapter
, about it, you can see https://github.com/node-casbin/sequelize-adapter - It will auto create the database that name is
casbin
, when you don't set the database, and don't setSequelizeAdapter.newAdapter
second params toture
- If you want to use own database, you can set
adapterConfig
:
// example config.default.js
exports.zrole = {
useAdapter: true,
usePolicyInit: true,
model: './example/zrole_model.conf',
policy: './example/zrole_policy.csv',
getUser: ctx => {
if (ctx.headers.authorization) {
return ctx.headers.authorization;
}
return null;
},
adapterConfig: async () => {
const connect = await SequelizeAdapter.newAdapter(
{
host: 'localhost',
port: 3306,
database: 'test',
username: 'root',
password: 'root',
dialect: 'mysql',
},
true
);
return connect;
},
initPolicy: zrole => {
zrole.addPolicy('xdd', '/', 'GET');
zrole.addPolicy('xdd', '/remove', 'GET');
},
};
this test project, show the following features: 1.anonymous; 2.custom response; 3.multi roles check;4.super manage
model and policy use the fixed file
If you set useAnonymous
to true
, the request that has no header(Authorization) will be the anonymous
user. It will access the anonymous
api, like,
p, anonymous, /anonymous, GET
// example
exports.zrole = {
useAnonymous: true,
useCustomResponse: true,
model: './example/zrole_model.conf',
policy: './example/zrole_policy.csv',
getUser: ctx => {
if (ctx.headers.authorization) {
return ctx.headers.authorization;
}
return null;
},
customResponse: ctx => {
ctx.status = 403;
ctx.body = 'Your do not has permission to access';
},
useSuperManage: 'admin'
};
this test project, show the following features: 1.use custom middleware
// example
exports.zrole = {
useAutoMiddleware: false,
model: './example/zrole_model.conf',
policy: './example/zrole_policy.csv',
};
Please open an issue here.