Skip to content

koajs/koa-roles

Repository files navigation

koa-roles

NPM version build status Test coverage Gittip David deps npm download

koa version of connect-roles

Install

$ npm install koa-roles

Usage

const Roles = require('koa-roles');
const Koa = require('koa');
const Router = require('koa-router');

const app = new Koa();
const router = new Router();
const user = new Roles({
  async failureHandler(ctx, action) {
    // optional function to customise code that runs when
    // user fails authorisation
    ctx.status = 403;
    var t = ctx.accepts('json', 'html');
    if (t === 'json') {
      ctx.body = {
        message: 'Access Denied - You don\'t have permission to: ' + action
      };
    } else if (t === 'html') {
      ctx.render('access-denied', {action: action});
    } else {
      ctx.body = 'Access Denied - You don\'t have permission to: ' + action;
    }
  }
});

app.use(user.middleware());
app.use(router.routes())
  .use(router.allowedMethods());
  
// anonymous users can only access the home page
// returning false stops any more rules from being
// considered
user.use(async (ctx, action) => {
  return ctx.user || action === 'access home page';
});

// moderator users can access private page, but
// they might not be the only ones so we don't return
// false if the user isn't a moderator
user.use('access private page', ctx => {
  if (ctx.user.role === 'moderator') {
    return true;
  }
})

//admin users can access all pages
user.use((ctx, action) => {
  if (ctx.user.role === 'admin') {
    return true;
  }
});

router.get('/', user.can('access home page'), async ctx => {
  await ctx.render('private');
});
router.get('/private', user.can('access private page'), async ctx => {
  await ctx.render('private');
});
router.get('/admin', user.can('access admin page'), async ctx => {
  await ctx.render('admin');
});

app.listen(3000);

License

MIT