Skip to content

arpan404/author.js

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

author.js

CI npm License: MIT

Unified authorization layer for frontend and backend applications with scoped policies, RBAC, ABAC, ReBAC, and audit logging.

Write authorization as normal TypeScript policies, grouped into modules when your app grows:

const allowed = await author.as("User", user).can("update").on("Project", project);

Supports RBAC, ABAC, ReBAC, parent-resource checks, subscription features, limits, UI rendering, and backend enforcement.

Install

bun add author-js

Add peer dependencies only for the adapters you use:

bun add pg react

Quick start

import { createAuthor, defineAuthorModule, defineEntity, defineResource, policy } from "author-js";

type User = { id: string; role: "admin" | "member" };
type Project = { id: string; ownerId: string };

const UserEntity = defineEntity<User>()({
  type: "User",
  id: (user) => user.id,
});

const ProjectResource = defineResource<Project>()({
  type: "Project",
  id: (project) => project.id,
  actions: ["read", "update", "delete"] as const,
});

const projectModule = defineAuthorModule({
  name: "projects",
  resources: { Project: ProjectResource },
  policies: [
    policy
      .for("User")
      .on("Project")
      .can(["read", "update", "delete"])
      .allow("admins can do anything", ({ entity }) => entity.role === "admin"),
    policy
      .for("User")
      .on("Project")
      .can("update")
      .allow("owners can update projects", ({ entity, resource }) => entity.id === resource.data.ownerId),
  ],
});

export const author = createAuthor({
  entities: { User: UserEntity },
  modules: [projectModule],
});

await author.as("User", user).can("update").on("Project", project).throw();

Policy scopes are static applicability metadata. The engine uses them to select only policies relevant to the current entity type, resource type, and action. For boolean checks, deny rules are evaluated before allow rules and the engine stops as soon as the result is known. Use .explain() when you need a full decision with all matching and skipped policies.

Permission management

Use the built-in management helpers for admin screens and setup scripts. They wrap the configured store and invalidate the decision cache when possible.

await author.roles.grant({
  entityType: "User",
  entityId: "user_1",
  role: "admin",
  scopeType: "Organization",
  scopeId: "org_1",
});

await author.permissions.grant({
  entityType: "User",
  entityId: "user_1",
  action: "read",
  resourceType: "Project",
  resourceId: "project_1",
  effect: "allow",
});

await author.relations.create({
  subjectType: "User",
  subjectId: "user_1",
  relation: "owner",
  objectType: "Project",
  objectId: "project_1",
});

Packages

Import Purpose
author-js Core API
author-js/postgres PostgreSQL store
author-js/mongodb MongoDB store
author-js/redis Redis decision cache
author-js/react Provider, components, hooks
author-js/express Express middleware
author-js/hono Hono middleware
author-js/fastify Fastify pre-handler
author-js/elysia Elysia beforeHandle helper
author-js/next Next.js entry
author-js/next/server Server-side assertCan and requireCan
author-js/next/client React components for client components

Documentation

Full docs: docs/README.md

Guide Topics
Core Entities, resources, modules, scoped policies, plans, parent checks
Permission management Grant, revoke, and list roles, permissions, and relations
Adapters Memory, PostgreSQL, MongoDB, Redis caching
React AuthorProvider, Can, Cannot, hooks
Frameworks Express, Hono, Fastify, Elysia, Next.js
Testing Local checks, hooks, Docker integration tests

Development

bun install
bun run check

License

MIT © Arpan Bhandari

About

Unified authorization layer for frontend and backend applications with scoped policies, RBAC, ABAC, ReBAC, and audit logging.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors