Skip to content

Latest commit

 

History

History
34 lines (29 loc) · 1.04 KB

README.md

File metadata and controls

34 lines (29 loc) · 1.04 KB

express-biscuit

Express authorization middleware using Biscuit tokens and policies

Example usage:

const express = require('express')
const express_biscuit = require('@biscuit-auth/express-biscuit')
const {fact} = require('@biscuit-auth/express-biscuit')
const app = express()

const pubKey = "dfd559075dcf56c8c6777fbd3c553827dd51645bb8ee87a975a172980f8f16e5"

app.get('/user/:user_id',
  express_biscuit({
    // the root public key used to verify the signature
    publicKey: pubKey,
    // a list of static authorizer policies
    policies: "check if user(1); allow if true;",
    // the extractor method is used to get data from the request and
    // create authorizer facts from it
    extractor: function(req, authorizer) {
      authorizer.add_fact(
        // you can use template strings to create the facts, this prevents
        // injection issues when integrating user controlled data
        fact`user(${parseInt(req.params.user_id)})`
      )
    }
  }),
  function (req, res) {
    res.send('Hello '+req.params.user_id+"\n")
})