Serrurier, a declarative library for Astronomy to define method access controls


#1

Hi!
I made a package for my personal usage that I wanted to share : Serrurier for Astronomy users.

The core philosphy is to promote declarative expressions over imperative conditional code to define the context in which a method can be called.
It simplifies and refactors the security logic of your application.
It gives other developers (and yourself) fast hints about the when.

The idea is to define accesses and perform miscellaneous assertions through es7 candidate decorators, now easily available for meteor 1.3.4 & sup.

To give you an idea with a cadenas for alanning:roles :

In the above example, an exception is thrown if the user is not in the group ADMIN and the access is refused.
Apart from defining custom cadenas, you can define your own reporters that process those exceptions (they are sorts of listeners on exceptions).
Here is an example with the paranoid reporter that logs unexpected SecurityExceptions in the server console and keep track of those events in a collection :

_______________________________ SERRURIER PARANOID REPORT _______________________________

        createdAt: new Date('2016-07-07T05:46:25.005Z'),
        ip: '127.0.0.1',
        geoInfo: 'localhost'
        userAgent: 'Mozilla/5.0 (X11; Linux x86_64) ...,
        securityContext: {
                reason: 'user.not.in.role:administrator:GLOBAL',
                exceptionId: 'loggedUserInRole',
                action: 'Project#updateSensitiveData',
                stackTrace: '...',
                target: {
                        Project: {
                            plugins: {
                                   task: {
                                           _types: []
                                   },
                                   annotation: {
                                           _types: []
                                   }
                            },
                            isOpen: false,
                            publicationPolicy: true,
                            enablePlugins: false,
                            defaultCaptionSource: null,
                            pending: []
                          }
                },
                userId: 'JCwWgQZLExz5KrcDH'
        }
_________________________________________________________________________________________

So if you’re curious and interested, please have a try !
Open to suggestions and contributors to enhance the lib :smile:

Cheers