Skip to content
/ express-mongoose-cerbos Public

An example application of integrating Cerbos with an Express server using Mongoose as the ORM.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cerbos/express-mongoose-cerbos

BranchesTags

Repository files navigation

express-mongoose-cerbos

An example application of integrating Cerbos with an Express server using Mongoose as the ORM. Cerbos helps you super-charge your authorization implementation by writing context-aware access control policies for your application resources. Author access rules using an intuitive YAML configuration language, use your Git-ops infrastructure to test and deploy them and, make simple API requests to the Cerbos PDP to evaluate the policies and make dynamic access decisions.

Dependencies

Getting Started

  1. Install node dependencies
npm install
  1. Start up the Cerbos PDP instance docker container. This will be called by the express app to check authorization.
./cerbos/start.sh
  1. Start up Mongo
npm run mongo
  1. Start the express server
npm run dev

Seed Users

The seed command will create the following users in the database. Authentication is done via Basic authentication using the following credentials. The Role and Department is loaded from the database after successful authentication.

ID Username Password Role Department
1 alice supersecret Admin IT
2 john password1234 User Sales
3 sarah asdfghjkl User Sales
4 geri pwd123 User Marketing

Policies

This example has a simple CRUD policy in place for a resource kind of contact - like a CRM system would have. The policy file can be found in the cerbos/policies folder here.

Should you wish to experiment with this policy, you can try it in the Cerbos Playground.

The policy expects one of two roles to be set on the principal - admin and user and an attribute which defines their department as either IT, Sales or Marketing.

These roles are authorized as follows:

Action Role: User Role: Admin
read If they own the contact, the contact is active and the department is Sales, or the contact is active, they are in Marketing and marketingOptIn is true. Y
create Only if department is Sales Y
update Only if they own the contact being accessed Y
delete Only if they own the contact being accessed Y

Example Requests

Get all contact

As a Admin user => 200 OK with all contacts

curl -i http://alice:supersecret@localhost:3000/contacts

As a Sales user => 200 OK with filtered results

curl -i http://john:password1234@localhost:3000/contacts

As a Marketing user => 200 OK with filtered results

curl -i http://geri:pwd123@localhost:3000/contacts

About

An example application of integrating Cerbos with an Express server using Mongoose as the ORM.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages