AdonisJs

AdonisJs is a Node.js web framework with a breath of fresh air and drizzle of elegant syntax on top of it.

Table of contents

Getting Started

Install the package using the adonis CLI.

> adonis install adonis-imperium

Follow instructions that are displayed (or read them here).

Defining your authorization

Authorization must be defined inside the start/acl.js file. This file will be loaded only once when the server is launched.

Roles

The documentation is available here.

Example:

const Imperium = use('Imperium')
const Post = use('App/Models/Post')
Imperium.role('Admin', ({ auth }) => {
  return auth.user.role === 'admin'
})
Imperium.role('Author', async ({ auth }) => {
  const posts = await Post.query()
    .where('author_id', auth.user.id)
    .fetch()
  return posts.toJSON().map((post) => ({ post: post.id }))
})
Imperium.role('User', async ({ auth }) => {
  return { user: auth.user.id }
})

Actions

The documentation is available here.

Example:

Imperium.role('User')
  .can('seeUser', { user: '@' })
Imperium.role('Admin')
  .is('User', { user: '*' })

Protecting your routes

Adonis Imperium automaticaly share an imperium instance in the context of each request with the ImperiumInit middleware.

To validate the authorization of a user you simply need to extract it from the context.

// Controller
async show ({ imperium, params }) {
  const post = await Post.find(params.id)
  const can = await imperium.can('showPost', { post: params.id })
  if (!can) {
    // abort 401
  }
}

// RouteValidator
async authorize () {
  const { imperium, params } = this.ctx
  const can = await imperium.can('showPost', { post: params.id })
  if (!can) {
    // abort 401
  }
}

Middleware

You can also use the middlewares is and can in your routes.

Route.put('/posts/:id', 'PostController.update')
  .middleware(['auth', 'can:updatePost'])
Route.delete('/posts/:id', 'PostController.destroy')
  .middleware(['auth', 'is:Admin'])

You can also use Adonis resources:

Route.resource('posts', 'PostController')
  .only(['index', 'show', 'store', 'update', 'destroy']) // .apiOnly()
  .middleware(new Map([
    [['store', 'update', 'destroy'], ['auth']],
    [['store'], ['can:storePost']],
    [['update'], ['can:updatePost']],
    [['destroy'], ['is:Admin']]
  ]))
  .validator(new Map([
    [['store'], ['StorePost']],
    [['update'], ['UpdatePost']]
  ]))

Config

In order to configure how the can middleware will process the route context (like in validators or controllers) you can define functions in config/acl.js:

module.exports = {
  updatePost: ({ params }) => ({ post: params.id }),
  destroyPost: ({ params }) => ({ post: params.id }),
  storePost: ({ params, request }) => {
    const { type } = request.post()
    return {
      type
    }
  }
}