nest-authz的官网:https://github.com/node-casbin/nest-authz
nest-authz的示例:https://github.com/node-casbin/nest-authz-example/
自定义Adapter有两种方式:
第一种方式就是直接给 policy 属性传递 Adapter,不过这种方式不是很灵活。
@Module({
imports: [
AuthZModule.register({
model: 'model.conf',
policy: TypeORMAdapter.newAdapter({
name: 'casbin',
type: 'mysql',
host: 'localhost',
port: 3306,
username: 'root',
password: 'password',
database: 'nestdb'
}),
usernameFromContext: (ctx) => {
const request = ctx.switchToHttp().getRequest();
return request.user && request.user.username;
}
}),
],
controllers: [AppController],
providers: [AppService]
})
第二种方式就是提供一个 使用的是 Nestjs Module的特性,提供的是一个Provider,然后还给这个Provider注入了configModule的configService,这就使得在实例化 Casbin的Enforcer的时候,可以使用一些配置相
import { TypeOrmModule } from '@nestjs/typeorm';
import { ConfigModule, ConfigService } from './config.module';
import { AUTHZ_ENFORCER } from 'nest-authz';
@Module({
imports: [
ConfigModule,
AuthZModule.register({
imports: [ConfigModule],
enforcerProvider: {
provide: AUTHZ_ENFORCER,
useFactory: async (configSrv: ConfigService) => {
const config = await configSrv.getAuthConfig();
return casbin.newEnforcer(config.model, config.policy);
},
inject: [ConfigService],
},
usernameFromContext: (ctx) => {
const request = ctx.switchToHttp().getRequest();
return request.user && request.user.username;
}
}),
],
controllers: [AppController],
providers: [AppService]
比方如下面代码:可以获取到Adapter需要的数据库信息,然后再创建 Adapter,接着把 Adapter 传递给 casbin.newEnforcer
AuthZModule.register({
imports: [ConfigModule],
enforcerProvider: {
provide: AUTHZ_ENFORCER,
useFactory: async (configService: ConfigService) => {
const adapter = await MikroORMAdapter.newAdapter({
strict: true,
type: 'mongo',
clientUrl: configService.get('DB_URL'),
debug: true,
highlighter: new MongoHighlighter(),
});
return casbin.newEnforcer('model.conf', adapter);
},
inject: [ConfigService],
},
usernameFromContext: (ctx) => {
const request = ctx.switchToHttp().getRequest();
return request.user && request.user.id;
},
}),