Danh mụcThẻBài viết

admin

I'm a Full-stack developer
Thẻ
Linked List
Data Structure
Chat GPT
Design Pattern
Microservices
API
AWS CDK
ReactJS
AWS Lightsail
Flutter Mobile
🚀 Using Bitwise Oprators to build a RBAC in Node.js 🚀
Ngày đăng: 13/04/2024

Table of content

  • Bitwise Operators in JavaScript
  • What is RBAC?
  • How to implement RBAC using Bitwise in Node.js?
  • Conclusion


Bitwise Operators in JavaScript

In JavaScript, The Bitwise Operators perform operations on the integer values at the binary level (32-bit binary digitals zeros and ones).

*** Note: The number stored is a 64-bit floating point number. So, to perform a bit-operation JavaScript converts the number into a 32-bit binary number (signed) performs the operation, and converts back the result to a 64-bit number.


Below is the list of Bitwise Operators in JavaScript:



What is RBAC?

RBAC stands for Role-Base Access Control.

It is a security model that restricts access to resources and actions based on a user's role. It separates the management of user permissions from individual users, making it easier to maintain and scale your application. By assigning roles to users, you can control who can access specific resources and perform certain actions in your application.


The RBAC involves components :

  • Roles: In a system application, each user has at least one role. example: Admin, User, Writer.
  • Permissions: to perform an action or operation, users can access resources within the system. example: Create, Delete, Edit
  • Resources: it is defined where the request comes from the client. example: Article, Comment, Reaction.


How to implement RBAC using Bitwise in Node.js?

Firstly, the RBAC components should be defined:
  • Roles
  • ADMIN: 1
  • USER: 2
  • WRITER: 4
  • Permissions
  • CREATE: 1
  • DELETE: 2
  • EDIT: 4
  • Resources
  • ARTICLE: 1
  • COMMENT: 2
  • REACTION: 4


Secondly, we will create a function to check the permission of the roles.
export const hasPermission = (
  rbac: Rbac[],
  resource: Resource,
  permission: Permission,
) => {
  return !!(permission & (rbac.find((rbacResource) => rbacResource === resource)?.value ?? 0));
};


Continually, create a middleware in Node.js
const verifyPermission = (resource: Resource, permission: Permission) => {
  return async (_: Request, res: Response, next: NextFunction) => {
    try {
      try {
        const allow = !!hasPermission(rbac, resource, permission);

        if (!allow) {
          return new Forbidden(message).send(res);
        }

        return next();
      } catch (error) {
        return new Forbidden(message).send(res);
      }
    } catch (error: any) {
      return next(new Forbidden(error.message));
    }
  };
};


Finally, adding middleware to a router
router.post('/comments', [verifyPermission(1, 1)], (req: Request, res: Response, next: NextFunction) => {});


Conclusion

In this article, I showed you how to build an RBAC in Node.js using Bitwise Operators. This ensures users can or cannot allow access to resources, enhancing the security of your application.

I hope this article helps secure your application.

Thank you for your following.


❤️ Code for fun!!! ❤️

Đề xuất
Create Project with Express + TypeScript + ESLint + Auto Reload
admin12/06/2023
Create Project with Express + TypeScript + ESLint + Auto Reload
In this article, I introduce to you how to initialize an Express + TypeScript project.
Part 3: Upgrade Latest Ghost Ver On AWS Lightsail
admin17/06/2023
Part 3: Upgrade Latest Ghost Ver On AWS Lightsail
You are a beginner with Ghost CMS, Bitanami, AWS Lightsail and don't know much about the documentation yet. So, in this article, I introduce step by step to upgrade Ghost CMS to the latest version.
TypeScript Design Pattern - Bridge
admin08/08/2023
TypeScript Design Pattern - Bridge
Decouple an abstraction from its implementation so that the two can vary independently.
Mới nhất
Design Patterns
admin07/08/2023
Design Patterns
The design pattern does not be a specific programming language. Almost programming languages might apply design patterns that to resolve a problem repeat.
NodeJS Verify and Decode Cognito JWT Tokens
admin12/06/2023
NodeJS Verify and Decode Cognito JWT Tokens
In this article, I will show you how to verify and decode the Cognito JWT Tokens token.
Create Cognito User Pool with AWS CDK
admin09/06/2023
Create Cognito User Pool with AWS CDK
In the previous post, I showed you how to create a simple S3 bucket. Next, in this article, I will guide you to create a Cognito User Pool.
Đinh Thành Công Blog

My website, where I write blogs on a variety of topics and where I have some experiments with new technologies.

hotlinelinkedinskypezalofacebook
DMCA.com Protection Status
Góp ý
Họ & Tên
Số điện thoại
Email
Nội dung
Tải ứng dụng
hotline

copyright © 2023 - AGAPIFA

Privacy
Term
About