npm
Sign UpSign In

toucan

0.2.0 • Public • Published

toucan

Super simple access tokens for Javascript

Create access tokens with a set of permissions, then pass the token around and let consumers check the token for permissions when needed.

Getting Started

Install toucan

npm install toucan --save

A simple example

var Toucan = require('toucan');
 
var token = new Toucan();
token.permit('eat')
     .deny('jump')
     .lock();
 
 
// Elsewhere in your application
token.can('eat');
    => true
 
token.can('jump');
    => false

Example with roles

var Toucan = require('toucan');
 
var RoleToken = module.exports = function(role){
    var token = new Toucan();
 
    if(role == 'admin')
    {
        token.permit(['edit all users', 'edit files']);
    }
 
    if(role == 'admin' || role == 'user')
    {
        token.permit(['edit own profile', 'edit own files']);
    }
 
    token.permit('view public pages');
 
    if(role == 'banned')
    {
        token.deny('view public pages');
    }
 
    return token.lock();
}
var token;
 
if(user)
{
    token = RoleToken(user.role);
}else{
    token = RoleToken('guest');
}
 
if(token.can('edit own profile'))
{
    // ..... edit profile ......
}
 
if(token.cannot('view public pages'))
{
    message.flash('You are banned');
}

Allow by default

By default, everything is denied unless explicitly permitted. You can enable allow-by-default by permitting '*'.

var Toucan = require('toucan');
 
var token = new Toucan();
token
    .permit('*')
    .deny('jump')
    .lock()
 
 
// All permissions are allowed
token.can('do absolutely anything');
    => true
 
// Except this one, because it was explicitly denied
token.can('jump');
    => false

Readme

Keywords

none

Package Sidebar

Install

npm i toucan

Weekly Downloads

2

Version

0.2.0

License

MIT

Last publish

Collaborators

  • jordwest
Try on RunKit
Report malware