Casbin supports many access control models like ACL, RBAC, ABAC. The policy rules can be persisted into many databases like MySQL, PostgreSQL, SQLite, Microsoft SQL Server. It's very flexible and powerful. I think it will serve the authorization need for Express users.
I noticed there is already a 3rd-party middleware called express-stormpath doing the similar thing. But it has limited functionalities (only supports Group-based Access Control). Moreover, after stormpath is acquired, the project seems no longer active. So I believe it's necessary to provide a better and up-to-date authorization middleware.
Hi,
We developed an authorization (authz) middleware for Expresss called
casbin-express-authz
(https://github.com/node-casbin/express-authz) based on Casbin (https://casbin.org/), a cross-language authorization library project. For Node.js, our main library: https://github.com/casbin/node-casbin got certain popularity.Casbin supports many access control models like ACL, RBAC, ABAC. The policy rules can be persisted into many databases like MySQL, PostgreSQL, SQLite, Microsoft SQL Server. It's very flexible and powerful. I think it will serve the authorization need for Express users.
I noticed there is already a 3rd-party middleware called
express-stormpath
doing the similar thing. But it has limited functionalities (only supports Group-based Access Control). Moreover, afterstormpath
is acquired, the project seems no longer active. So I believe it's necessary to provide a better and up-to-date authorization middleware.Therefore, is it OK to add
casbin-express-authz
to the middleware list: https://expressjs.com/en/resources/middleware.html ? Thanks.