Skip to content
/ can-i Public

Authorization service for a Microservices Architecture

License

MIT license
23 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kbariotis/can-i

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
app
app
 
 
config
config
 
 
test
test
 
 
.eslintrc
.eslintrc
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
boot.js
boot.js
 
 
package.json
package.json
 
 

Repository files navigation

Can I?

Authorization service for a Microservices Architecture

Authorization is used in systems to determine who has access on which resources. A system may implement a Role Based Access Control or an Access Control List to define domain specific resources, roles and permissions between them.

Can I? is an independent service, that provides a REST API (JSON) to define and manage a RBAC system. It can be used in conjunction with the rest of your infrastructure.

The concept is to ask the Authorization service, every time you need to know if the logged in user has access to a resource. You can use it with a REST API, to give access to certain endpoints and/or in a UI, to determine which actions to show to the logged in user.

Furthermore, you can build your own UI to handle the management of your Authorization service, so non tech people can manage them.

Tools & Frameworks

  • Nodejs 4
  • Express.js
  • MongoDB

How To

Clone the repo and hit those commands to run the service. Ensure that your MongoDB is up and running:

$ npm i
$ npm start

To run the tests:

$ npm test

Terminology

  • Roles: Roles are used to define groups of users that can access certain resources. Examples: User, Admin, Manager
  • Resources: Resources are used to describe areas of your system to allow/disallow access to. Examples: access_admin, manage_users, create_users, edit_users
  • Permissions: Permissions are connections between Roles and Resources to determine who has access to what.

API

Roles

GET /roles

Get all Roles.

GET /roles/:roleId

Get a specific Role.

POST /roles

Create a new Role by providing an _id and a name.

PUT /roles/:roleId

Update Role's name. _id can't be change.

DELETE /roles/:roleId

Delete Role.

Resources

GET /resources

Get all Resources.

GET /resources/:resourceId

Get a specific Resource.

POST /resources

Create a new Resource by providing an _id and a name.

PUT /resources/:resourceId

Update Resource's name. _id can't be change.

DELETE /resources/:resourceId

Delete Resource.

Permissions

GET /permissions/:roleId/:resourceId

Check if Role has access to Resource.

GET /permissions/:roleId

Get all Resources the give Role has access to.

POST /permissions/:roleId/:resourceId

Allow Role to have access to Resource.

POST /permissions/:roleId

Allow Role to have access to Resources, be providing an array of Resource IDs to body.

DELETE /permissions/:roleId/:resourceId

Disallow Role to have access to Resource.

DELETE /permissions/

Disallow Role to have access to Resources, be providing an array of Resource IDs to body.

About

Authorization service for a Microservices Architecture

Resources

Readme

License

MIT license
Activity

Stars

23 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages