--- title: "@chronark/access" description: A minimal library for access control. It is designed to be used together with opaque access tokens by providing a simple interface to define roles with different access permissions and verifying requests to resources. repository: chronark/access date: "2022-11-13" published: true --- A minimal library for access control. It is designed to be used together with opaque access tokens by providing a simple interface to define roles with different access permissions and verifying requests to resources. - Fully typed - Zero dependencies - Serializable to store in a database ## Install ```sh-session npm i @chronark/access ``` ## Usage ```ts import { AccessControl, Role } from "@chronark/access"; /** * Define all your resources and their access patterns * * key => resource * value => array of access types */ type Statements = { user: ["read", "write", "dance"]; team: ["read", "write"]; }; /** * Create an access control instance and pass the Statements type to enjoy full * type safety */ const ac = new AccessControl(); /** * Now you can define one or more roles by specifying the access permissions * * This is already fully typed and typescript will let you know if you try to * use anything, that is not defined in the Statements type. */ const role = ac.newRole({ user: ["read", "write"], team: ["read"], }); /** * Simulate storing and retrieving the role in a database * * The idea here is, that you can store permissions alongside an API token. * Now, when you verify the token, you can also verify the access permissions. */ const serialized = role.toString(); /** * Note how you can pass in the Statements type again, to get full type safety */ const recovered = Role.fromString(serialized); /** * Validate the role by specifying the resource and the required access * * everything is fully typed */ const res = recovered.authorize({"team", ["read"]}); // res.success => boolean // res.error => string | undefined provides a reason for failure ```