Karl Düüna DeadAlready

## fooapp.conf
# Remove server identifiers to help against enumeration
server_tokens off;

# Add some protection headers for ClickJacking
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

# Redirect to https
server {
    listen 80;

## ip4
*filter

# Default policy is to drop all traffic
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

# Allow all loopback traffic
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

## ip6
*filter

# Reject all IPv6 on all chains.
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j DROP

COMMIT

## app.js
'use strict';
let http = require('http');
http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/html'});
    res.end('hello');
}).listen(2765);

## fooapp.service
[Unit]
Description=Our cool Node.js App
After=network.target

[Service]
Type=forking
Restart=always
User=fooapp
ExecStart=/var/appdata/fooapp/node_modules/pm2/bin/pm2 start /var/appdata/fooapp/app.js
ExecStop=/var/appdata/fooapp/node_modules/pm2/bin/pm2 stop /var/appdata/fooapp/app.js

## easy-rbac-1.js
let roles = {
    manager: {
        can: ['read', 'write', 'publish']
    },
    writer: {
        can: ['read', 'write']
    },
    guest: {
        can: ['read']
    }

## rbac-class.js
class RBAC {
    constructor(roles) {
        if(typeof roles !== 'object') {
            throw new TypeError('Expected an object as input');
        }
        this.roles = roles;
    }

    can(role, operation) {
        return this.roles[role] && this.roles[role].can.indexOf(operation) !== -1;

## role-definitions.js
let roles = {
    manager: {
        can: ['publish'],
        inherits: ['writer']
    },
    writer: {
        can: ['write'],
        inherits: ['guest']
    },
    guest: {

## easy-rbac-can2.js
can(role, operation) {
    // Check if role exists
    if(!this.roles[role]) {
        return false;
    }
    let $role = this.roles[role];
    // Check if this role has access
    if($role.can.indexOf(operation) !== -1) {
        return true;
    }

## role-definitions-w-function.js
let roles = {
    manager: {
        can: ['publish'],
        inherits: ['writer']
    },
    writer: {
        can: ['write', {
            name: 'edit',
            when: function (params) {
                return params.user.id === params.post.owner;
	# Remove server identifiers to help against enumeration
	server_tokens off;

	# Add some protection headers for ClickJacking
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	# Redirect to https
	server {
	listen 80;
	*filter

	# Default policy is to drop all traffic
	-P INPUT DROP
	-P FORWARD DROP
	-P OUTPUT DROP

	# Allow all loopback traffic
	-A INPUT -i lo -j ACCEPT
	-A OUTPUT -o lo -j ACCEPT
	*filter

	# Reject all IPv6 on all chains.
	-A INPUT -j DROP
	-A FORWARD -j DROP
	-A OUTPUT -j DROP

	COMMIT
	'use strict';
	let http = require('http');
	http.createServer(function (req, res) {
	res.writeHead(200, {'Content-Type': 'text/html'});
	res.end('hello');
	}).listen(2765);
	[Unit]
	Description=Our cool Node.js App
	After=network.target

	[Service]
	Type=forking
	Restart=always
	User=fooapp
	ExecStart=/var/appdata/fooapp/node_modules/pm2/bin/pm2 start /var/appdata/fooapp/app.js
	ExecStop=/var/appdata/fooapp/node_modules/pm2/bin/pm2 stop /var/appdata/fooapp/app.js
	let roles = {
	manager: {
	can: ['read', 'write', 'publish']
	},
	writer: {
	can: ['read', 'write']
	},
	guest: {
	can: ['read']
	}
	class RBAC {
	constructor(roles) {
	if(typeof roles !== 'object') {
	throw new TypeError('Expected an object as input');
	}
	this.roles = roles;
	}

	can(role, operation) {
	return this.roles[role] && this.roles[role].can.indexOf(operation) !== -1;
	let roles = {
	manager: {
	can: ['publish'],
	inherits: ['writer']
	},
	writer: {
	can: ['write'],
	inherits: ['guest']
	},
	guest: {
	can(role, operation) {
	// Check if role exists
	if(!this.roles[role]) {
	return false;
	}
	let $role = this.roles[role];
	// Check if this role has access
	if($role.can.indexOf(operation) !== -1) {
	return true;
	}