/biscuit-node-express

express authorization middleware for Biscuit tokens

Primary LanguageJavaScript

express-biscuit

Express authorization middleware using Biscuit tokens and policies

Example usage:

const express = require('express')
const express_biscuit = require('@biscuit-auth/express-biscuit')
const {fact} = require('@biscuit-auth/express-biscuit')
const app = express()

const pubKey = "dfd559075dcf56c8c6777fbd3c553827dd51645bb8ee87a975a172980f8f16e5"

app.get('/user/:user_id',
  express_biscuit({
    // the root public key used to verify the signature
    publicKey: pubKey,
    // a list of static authorizer policies
    policies: "check if user(1); allow if true;",
    // the extractor method is used to get data from the request and
    // create authorizer facts from it
    extractor: function(req, authorizer) {
      authorizer.add_fact(
        // you can use template strings to create the facts, this prevents
        // injection issues when integrating user controlled data
        fact`user(${parseInt(req.params.user_id)})`
      )
    }
  }),
  function (req, res) {
    res.send('Hello '+req.params.user_id+"\n")
})