@stonecrop/casl-middleware

v0.7.9

Published

5 days ago

CASL authorization middleware for GraphQL servers

0High
0Medium
0Low

stonecrop

casl graphql authorization middleware postgraphile rockfoil

CASL GraphQL Middleware

A middleware solution for integrating CASL authorization with GraphQL servers, with specific support for Postgraphile and Nuxt GraphQL Server.

Features

CASL integration with GraphQL resolvers
Framework-specific helpers for Postgraphile and Nuxt
Type-safe ability definitions
Support for field-level permissions
Ability to combine multiple authorization rules

Installation

pnpm add @stonecrop/casl-middleware

Basic Usage

Core Middleware

import { createCaslMiddleware } from '@stonecrop/casl-middleware'

const middleware = createCaslMiddleware({
  subjectMap: {
    User: 'User',
    Item: 'Item'
  },
  fieldPermissions: {
    'Item.price': [{ action: 'read', subject: 'item' }]
  }
})

Postgraphile Integration

// graphile.config.js
import { pglCaslPlugin } from '@stonecrop/casl-middleware'
import { postgraphile } from 'postgraphile'

export default {
  pgServices: [
    makePgService({
      connectionString: 'postgres://testuser:testpass@postgres:5432/testdb',
      schemas: ['public'],
    }),
  ],
  plugins: [pglCaslPlugin],
}

Testing Abilities in GraphiQL

Create an ability:

mutation CreateAbility {
  createAbility(input: {
    userId: "123",
    roles: ["admin"]
  }) {
    success
    ability
    message
  }
}

Test protected queries:

query GetSecretData {
  getSecretData {
    id
    content
  }
}

Development

Prerequisites

Node.js >= 20
pnpm
Docker and Docker Compose

Local Development

Clone the repository:

git clone <repository-url>
cd casl-middleware

Install dependencies:

pnpm install

Run the Postgraphile example:

pnpm dev:postgraphile

Project Structure

.
├── examples/
│   └── postgraphile/        # Postgraphile example implementation
├── src/
│   ├── middleware/         # Core CASL middleware
│   ├── types/             # TypeScript types
│   └── index.ts           # Main exports

Framework Support

Postgraphile

Implements CASL as a Postgraphile plugin
Supports ability creation and management
Integrates with Postgraphile's schema extension system

Nuxt GraphQL Server

Provides middleware for Nuxt's GraphQL module
Handles ability creation on request
Integrates with Nuxt's context system

Contributing

Fork the repository
Create your feature branch
Commit your changes
Push to the branch
Create a new Pull Request

License

MIT License

TODOs

[ ] Add test suite
[ ] Add more framework integrations
[ ] Implement ability persistence
[ ] Add more examples for different use cases
[ ] Add documentation for advanced usage scenarios