Source code and library can be found here : Github || NPM

please let me in :(

During the last 6 months, I worked on api’s for 2 different management systems with numerous user entities and the functionality that gave me the biggest headache was authorizing users based on roles. Even though there were existing rbac libraries, they were only useful up to some point. (Too much configuration which ended up making the config file messy, there was an existing bug that hadn’t been fixed, or it just wasn’t flexible enough.)

So earlier this year, I decided to build Ottis to serve as a better role-based authorization merchant. It’s flexibility allows you to restrict/allow users with ease, no matter the structure of your routes.

Design :

The main thing I had in mind whilst building Ottis was simplicity.

Declaration of route permission is very important in rbac , So I worked on a simple router to enable you declare your routes permissions. It has http methods attached to it so you can easily define the type of request a user can make to an endpoint.

If you noticed, some route declarations ended with .done() while others ended .all() . Well, .all() == [.get(), .post(), .put(), ...] therefore we automatically call .done() under the hood. Just to spare you some keystrokes. Any other usage of router must end with a .done() .

Now that we know how to use our router, let’s create a very simple configuration using Ottis.

We now import these permissions and hook them into Ottis.

Now that we have defined permissions and hooked them into Ottis, we can now use it to allow/restrict users. Mind you, Ottis simply returns a Boolean. So you’d have to write some middleware to wrap around it. This is intentional. But essentially, this is how you’ll use it in your middleware. Check Github for more examples.

The way forward?

This is the very first version of Ottis, and I agree it can be improved a lot. Features like permission inheritance, support for more http methods, etc are yet to be implemented and I could use a lot of help to make this tool a better one. Therefore I’m 100% open to feedback and ideas on how this tool can be improved. You can reach me on twitter, github.

Link to project : [Github] [NPM], check it out !!