ACL / Roles + Permissions
- "Simple in-memory ACL for node.js apps. Supports arbitrary roles and resources, including role/resource detection using a simple interface. Additionally supports custom assertions for more complex rules."
- Comments: "Simple and elegant, create your own checks. No middleware?"
- "...a minimalistic ACL implementation inspired by Zend_ACL."
- Comments: "Use as middleware, create your own roles and access. Great choice."
- "Action based authorization middleware"
- Comments: "Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action"
- "...route-based ACL component for express.js"
- Comments: "Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract."
- Comments: "More traditional setRole() hasRole() based checking. Last activity 2 years ago."
- "Entity relationship, role, and permissions API"
- Comments: "Natural language style roles. Looks very promising and is in active development"
- "...authorisation provider...for Express and Connect"
- Comments: "Simple and closer to action / natural language based. Requires writing your own checks for each."
- "Permissions by Subject, Role, and Context. It uses an in-memory model."
- Comments: "Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!"
- Comment: "Not ideal but here for reference sake. (Last commit over 4 years ago.)"
- "Passport strategy for authenticating with a username, password and User Roles."
- "Express & Passport-compatible authorization middleware[,] provides customizable management of access control list (ACL)."
- "an express/connect middleware module for enforcing an Apache Shiro inspired authorization system"
- "isomorphic authorization"
Mongoose Field Access Control
- "...adds an accessibleBy field to a mongoose schema to be able to determine access rights for models belonging to this schema."
- Comments: "Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields."
- "Role-based access control for mongoose apps"
- "...route authorization via roles/permissions...for Angular applications"