Sails APIs

express-js

express-js is a Javascript SDK for Express.js and Sails.js. Secure your Sails APIs using Axioms authentication and authorization.

Prerequisite

Node.js 9.0.0+
An Axioms client which can obtain access token after user's authentication and authorization and include obtained access token as bearer in Authorization header of all API request sent to Node/Sails application server.

Install SDK

Install express-js SDK to your project.

npm i @axioms/express-js

Add Config

Create a .env file in your project root and add following configs

.env

AXIOMS_DOMAIN=<your-axioms-slug>.axioms.io
AXIOMS_AUDIENCE=<your-axioms-resource-identifier>
AXIOMS_CACHE_KEY_TIME=600000

AXIOMS_CACHE_KEY_TIME is optional value in millisecond. Default to 600000 millisecond i.e. 10 minutes. Set to 0 if you don't want catch keys.

Inject config

Add following in policies.js,

config/policies.js

const { hasValidAccessToken } = require('@axioms/express-js');

const checkToken = hasValidAccessToken({
  axiomsDomain: process.env.AXIOMS_DOMAIN,
  axiomsAud: process.env.AXIOMS_AUDIENCE
});

Guard Your API Views

Use authentication and permission classes to guard you API views.

Function	Description	Parameters
`hasValidAccessToken`	Checks if API request includes a valid bearer access token as authorization header. Check performed includes: token signature validation, expiry datetime validation, and token audience validation.
`hasRequiredScopes`	Check any of the given scopes included in `scope` claim of the access token.	An array of strings as `conditional OR` representing any of the allowed scope or scopes for the view as parameter. For instance, to check `openid` or `profile` pass `['profile', 'openid']` as parameter.
`hasRequiredRoles`	Check any of the given roles included in `roles` claim of the access token.	An array of strings as `conditional OR` representing any of the allowed role or roles for the view as parameter. For instance, to check `sample:role1` or `sample:role2` roles you will pass `['sample:role1', 'sample:role2']` as parameter.
`hasRequiredPermissions`	Check any of the given permissions included in `permissions` claim of the access token.	An array of strings as `conditional OR` representing any of the allowed permission or permissions for the view as parameter. For instance, to check `sample:create` or `sample:update` permissions you will pass `['sample:create', 'sample:update']` as parameter.

Examples

Check openid or profile scope present in the token

api/controller/JsonController.js

module.exports = {
  private: function (req, res) {
    return res.json({
      message: 'All good. You are authenticated!',
    });
  },
}

Then in add a policy to policies.js which checks if token is valid and contains one of the required scopes,

config/policies.js

const { hasRequiredScopes } = require('@axioms/express-js');

module.exports.policies = {
    '*': true,

    JsonController: {
        'private': [checkToken, hasRequiredScopes(['profile', 'openid'])]
    }
}

Check sample:role role present in the token

api/controller/JsonController.js

module.exports = {
  role: function (req, res) {
    var msg;
    switch (req.method) {
      case 'GET':
        msg = 'Sample read.';
        break;

      case 'POST':
        msg = 'Sample created.';
        break;

      case 'PATCH':
        msg = 'Sample updated.';
        break;

      case 'DELETE':
        msg = 'Sample deleted.';
        break;

      default:
        msg = 'Action not support';
        break;
    }
    res.json({
      message: msg,
    });
  },
}

Then in add a policy to policies.js which checks if token is valid and contains one of the required roles,

config/policies.js

const { hasRequiredRoles } = require('@axioms/express-js');

module.exports.policies = {
    '*': true,

    JsonController: {
        'role': [checkToken, hasRequiredRoles(['sample:role'])],
    }
}

Check permission present in the token at API method level

api/controller/JsonController.js

module.exports = {
  sampleRead: function (req, res) {
    return res.json({
      message: 'Sample read.',
    });
  },
  sampleCreate: function (req, res) {
    return res.json({
      message: 'Sample created.',
    });
  },
  sampleUpdate: function (req, res) {
    return res.json({
      message: 'Sample updated.',
    });
  },
  sampleDelete: function (req, res) {
    return res.json({
      message: 'Sample deleted.',
    });
  },
}

Then in add policies to policies.js which checks if token is valid and contains required permission,

config/policies.js

const { hasRequiredPermissions } = require('@axioms/express-js');

module.exports.policies = {
    '*': true,

    JsonController: {
    'sampleRead': [checkToken, hasRequiredPermissions(['sample:read'])],
    'sampleCreate': [checkToken, hasRequiredPermissions(['sample:create'])],
    'sampleUpdate': [checkToken, hasRequiredPermissions(['sample:update'])],
    'sampleDelete': [checkToken, hasRequiredPermissions(['sample:delete'])]
    }
}

Sails Sample

To see a complete working example download Express sample from our Github repository or simply deploy to Heroku by clicking following button. You will need to provide Axioms domain and Axioms audience to complete deployment.

#express-js

#Prerequisite

#Install SDK

#Add Config

#Inject config

#Guard Your API Views

#Examples

#Sails Sample

express-js

Prerequisite

Install SDK

Add Config

Inject config

Guard Your API Views

Examples

Sails Sample