mustbe - Authorization plumbing for NodeJS/ExpressJS/ConnectJS apps

  •        120

MustBe is not a complete authorization framework, with roles and responsibilities and models and data access and everything that you need. Rather, it is the underlying plumbing that you need to secure your site. It allows you to fill in the necessary parts to manage data access, roles and users, and gives you the activity based plumbing to secure it all. MustBe is an authorization system - the part of a security system that decides whether or not you are allowed to do something. This is the second of authentication and authorization, where authentication simply determines who you are.

http://github.com/derickbailey/mustbe

Dependencies:

rsvp : 3.1.0

Tags
Implementation
License
Platform

   




Related Projects

connect-roles - Provides dynamic roles based authorisation for node.js connect and express servers.

  •    Javascript

Connect roles is designed to work with connect or express. It is an authorisation provider, not an authentication provider. It is designed to support context sensitive roles/abilities, through the use of middleware style authorisation strategies. If you're looking for an authentication system I suggest you check out passport.js, which works perfectly with this module.

declarative_authorization - An unmaintained authorization plugin for Rails

  •    Ruby

The declarative authorization plugin offers an authorization mechanism inspired by RBAC. The most notable distinction to other authorization plugins is the declarative approach. That is, authorization rules are not defined programmatically in between business logic but in an authorization configuration. With programmatic authorization rules, the developer needs to specify which roles are allowed to access a specific controller action or a part of a view, which is not DRY. With a growing application code base roles' permissions often change and new roles are introduced. Then, at several places of the source code the changes have to be implemented, possibly leading to omissions and thus hard to find errors. In these cases, a declarative approach as offered by decl_auth increases the development and maintenance efficiency.

Sentinel - A framework agnostic authentication & authorization system.

  •    PHP

Sentinel is a PHP 5.4+ fully-featured authentication & authorization system. It also provides additional features such as user roles and additional security features. Sentinel is a framework agnostic set of interfaces with default implementations, though you can substitute any implementations you see fit.

node-express-realworld-example-app

  •    Javascript

Requests are authenticated using the Authorization header with a valid JWT. We define two express middlewares in routes/auth.js that can be used to authenticate requests. The required middleware configures the express-jwt middleware using our application's secret and will return a 401 status code if the request cannot be authenticated. The payload of the JWT can then be accessed from req.payload in the endpoint. The optional middleware configures the express-jwt in the same way as required, but will not return a 401 status code if the request cannot be authenticated.

meteor-roles - Authorization package for Meteor, compatible with built-in accounts packages

  •    Javascript

Authorization package for Meteor - compatible with built-in accounts package. This package lets you attach roles to a user which you can then check against later when deciding whether to grant access to Meteor methods or publish data. The core concept is very simple, essentially you are creating an assignment of roles to a user and then checking for the existence of those roles later. This package provides helper methods to make the process of adding, removing, and verifying those roles easier.


yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

  •    Python

Yosai is a "security framework" that features authentication, authorization, and session management from a common, intuitive API. Yosai is based on Apache Shiro, written in Java and widely used today.

CslaGenFork

  •    

O/RM code generator for CSLA.NET 4.3 generating Stored Procedures, Business Layer and Data Access Layer code for Windows Forms, ASP.NET, WPF and Silverlight.

casbin-rs - An authorization library that supports access control models like ACL, RBAC, ABAC in Rust

  •    Rust

Casbin-RS is a powerful and efficient open-source access control library for Rust projects. It provides support for enforcing authorization based on various access control models. In casbin-rs, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

bouncer - Eloquent roles and abilities.

  •    PHP

Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. With an expressive and fluent syntax, it stays out of your way as much as possible: use it when you want, ignore it when you don't.

Casbin

  •    CSharp

Casbin.NET is a powerful and efficient open-source access control library for .NET (C#) projects. It provides support for enforcing authorization based on various access control models. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

mosquitto-auth-plug - Authentication plugin for Mosquitto with multiple back-ends (MySQL, Redis, CDB, SQLite3)

  •    C

This plugin can perform authentication (check username / password) and authorization (ACL). Currently not all back-ends have the same capabilities (the the section on the back-end you're interested in). Multiple back-ends can be configured simultaneously for authentication, and they're attempted in the order you specify. Once a user has been authenticated, the same back-end is used to check authorization (ACLs). Superusers are checked for in all back-ends. The configuration option is called auth_opt_backends and it takes a comma-separated list of back-end names which are checked in exactly that order.

casl - CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

  •    Javascript

CASL (pronounced /ˈkæsəl/, like castle) is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across UI components, API services, and database queries. Heavily inspired by cancan.

cancan - 🔑 Pleasant authorization library for Node.js

  •    Javascript

Authorize easily. CanCan provides a simple API for handling authorization of actions. Permissions are defined and validated using simple allow() and can() functions respectively.

fwanalyzer - a tool to analyze filesystem images for security

  •    Go

FwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, cpio archives, and directory content using a set of configurable rules. FwAnalyzer relies on e2tools for ext filesystems, mtools for FAT filesystems, squashfs-tools for SquashFS filesystems, and ubi_reader for UBIFS filesystems. cpio for cpio archives. SELinux/Capability support for ext2/3/4 images requires a patched version of e2tools. SELinux/Capability support for SquashFS images requires a patched version of squashfs-tools. The main idea of FwAnalyzer is to provide a tool for rapid analysis of filesystem images as part of a firmware security Q&A check suite. FwAnalyzer takes a configuration file that defines various rules for files and directories and runs the configured checks against a given filesystem image. The output of FwAnalyzer is a report, which contains the list of files that violate any of the rules specified in the configuration. The report further contains meta information about the filesystem image and, if configured, information extracted from files within the analyzed filesystem. The report is formatted using JSON so it can be easily integrated as a step in a larger analysis.

six - Ultra lite authorization library

  •    Ruby

Thats all. Now you can check abilities. In difference to CanCan it doesnt use current_user method. you manually pass object & subject.

rtweet - 🐦 R client for interacting with Twitter's [stream and REST] APIs

  •    R

R client for accessing Twitter’s REST and stream APIs. Check out the rtweet package documentation website. All users must be authorized to interact with Twitter’s APIs. To become authorized, follow the instructions below to (1) make a Twitter app and (2) create and save your access token (using one of the two authorization methods described below).

Kuiper - Digital Forensics Investigation Platform

  •    Javascript

Kuiper is a digital investigation platform that provides a capabilities for the investigation team and individuals to parse, search, visualize collected evidences (evidences could be collected by fast traige script like Hoarder). In additional, collaborate with other team members on the same platform by tagging artifacts and present it as a timeline, as well as setting rules for automating the detection. The main purpose of this project is to aid in streamlining digital investigation activities and allow advanced analytics capabilities with the ability to handle a large amounts of data. With a large number of cases and a large number of team members, it becomes hard for team members collaboration, as well as events correlation and building rules to detect malicious activities. Kuiper solve these shortages.

gitlab-shell - Replacement for gitolite

  •    Ruby

GitLab Shell handles git commands for GitLab and modifies the list of authorized keys. GitLab Shell is not a Unix shell nor a replacement for Bash or Zsh. Maybe you wonder why in the case of git push over http(s) the Rails app doesn't handle authentication before delegating to GitLab Shell. This is because GitLab Rails doesn't have the logic to interpret git push commands. The idea is to have these interpretation code in only one place and this is GitLab Shell so we can reuse it for ssh access. Actually GitLab Shell executes all git push commands without checking authorizations and relies on the pre-receive hooks to check authorizations. When you do a git pull command the authorizations are checked before executing the commands (either in GitLab Rails or GitLab Shell with an API call to GitLab Rails). The authorization checks for git pull are much simpler since you only have to check if a user can access the repo (no need to check branch permissions).

NetSqlAzMan - .NET SQL Authorization Manager

  •    

.NET Sql Authorization Manager is an authorization manager for .NET Framework 4.0 developed applications (smart?client/web). The authorizations storage is on MS Sql Server 2000/2005/2008/2012/Express/Compact. NetSqlAzMan has been developed with LINQ to SQL.

cancan - Authorization Gem for Ruby on Rails.

  •    Ruby

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries. In Rails 3, add this to your Gemfile and run the bundle command.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.