Brainstorm session: related works on authorization mechanisms for Node.js
Applications and, more precisely, web applications that deals with users, resources and interaction between them require an authorization mechanism. iphone 8 liverpool case This kind of solution adds abstraction layer to the application to increase its behavior and it efficiency. Within Linagora Labs, we are currently developing a enterprise social network (ESN, for short) composed by several types of resources. lv iphone 7 plus case A resource wraps entities such as users, and persons. But they are not restricted to them. A resource can be a file, an item in memory and so on. More globally, a resource is an object of the system which can be used, read, modified and deleted by other resources. In an application such as an ESN, developers need to find a good way to manage permissions on resources (read, write, more specific actions). This way is called authorization. gaming phone case iphone 6
Définitions
Before presenting solutions that addresss authorization problems, one need to precise the most-used terminology :
- Permission: control a resource ability (e.g. object, user) to see or make modifications over another resource (e.g. iphone 7 case rose gold users, contents, domain, company, group).
- Access Control List (ACL): list of permissions associated to a resource:
- Definition of resources that have access (read/write) to another resource,
- Definition of authorized resource operations on another resources.
- Example: (Alice, delete), (Bob, toto()).
- Role-Based Access Control (RBAC): what role can do this ?
Context of the ESN (on May)
- On May, the OpenPaaS ESN provides:
- User identification by login and password,
- Classic inscription via the homepage,
- Invitation mechanism.
Except the authentification (connected/not connected status) via the corresponding middleware, there is no authorization management that limits resource access (permissions, roles and groups). Thus, the ESN must have an authorization framework that eases the association between authorizations and resources and allows to get permissions list from another resource.
Relevant Solutions
There are many solutions that answer the problematic stated above. Most of them include a specific middleware that are Express-compliant. Among these solutions, four of them are interesting. iphone 6 cases spurs
Node-ACL (npm: acl)
- Express Middleware mechanism,
- Users, Roles, Hierarchies,
- Good test coverage,
- Personalized creation of roles and permissions,
- Enable to protect/route specific operations :
app.put('/blogs/:id/comments/:commentId', acl.middleware(3, 'joed', 'post'), function(req, res, next){…} - Backends: Mongo, Redis or memory,
- Most used (53 forks) and actively maintained.
Beside Node-ACL, Connect-Role is a also a good choice.
Connect-Roles (npm: connect-roles)
- Middleware mechanism,
- Actions oriented (as express-authorization),
- Natural language,
- Constraints: must manage each action authorizations specifically.
- Used (30 forks) and actively maintained.
Node-Relations (npm: relations)
- Middleware mechanism,
- Natural language:
relations.repos('Carlos is the owner of buffet.'); - MySQL or Redis (by default) but an API is provided to link to other backend,
- Small-grain (Users, Roles, Permissions),
- Good test coverage,
- Maybe a little too heavy (syntax sensitive, evolutivity),
- Used (5 forks) and actively maintained.
Express-Authorization (npm: express-authorization)
- Express Middleware mechanism,
- Based on Apache Shiro,
- Actions oriented,
- Simple usage (natural language: chai-like).
So, what is the best choice?
From this study Node-ACL seems to be the best solution for our ESN to answer authorization problems. iphone 6 thermal case Nonetheless, we are currently blocked since we don’t have the whole database model yet and the corresponding authorization hierarchy. iphone 6 red shockproof cases One solution might be to develop our own solution that fits our ESN specifically.
Deploy MongoDB – Replication – Sharding Brainstorm session: core is too big
