All Questions
Tagged with access-control node.js
35 questions
0
votes
0
answers
504
views
Handling Unique Permissions with CASL and TypeORM in NestJs
I'm using CASL for authorization in my NestJS application with TypeORM for persistence. I've defined permissions with unique constraints on "action" and "subject" columns to ...
- 73
1
vote
1
answer
724
views
How to get data from Quizlet without API using Node.js
The Quizlet API has been dead for a while but I want to work on a project that uses their study sets. I spent a while trying to find an API to use but there were many misleading claims; some say the ...
- 195
-1
votes
2
answers
1k
views
I have problems with Post method in my CORS? [duplicate]
I am developing an app with my own sever, i configured my cors with to by client-side host only. Everything seems to be fine i can request data from my database using the GET, but whenever my trying ...
- 17
2
votes
0
answers
367
views
Compine RBAC with ABAC casbin
I am quite new programmer and I need your help. I need to combine RBAC with ABAC. For the application requirements, imagine that we have some endpoints that some users with a specific role have access ...
0
votes
1
answer
8k
views
How to solve `Access to XMLHttpRequest from Origin is has been blocked by CORS policy.` error?
I am creating a simple chat application. I am using JavaScript and NodeJS. But when I try to run the application it gives me this below error in the console.
Access to XMLHttpRequest at 'http://...
-1
votes
2
answers
360
views
When I deploy my website, client post/get requests blocked by CORS
Using NodeJS as backend and React as frontend. Frontend uses axios to do post/get requests. Everything is working well in development with localhost:5000 as server and localhost:3000 as client.
...
- 128
1
vote
0
answers
337
views
How to use CASL to limit the field value to be patched(updated)?
After reading the guides and searching google for some time, I couldn't find a way in CASL to solve my usecase.
Expected
A common user can only patch his appointments.
A common user can only patch ...
- 11
3
votes
0
answers
296
views
MERN stack MongoDB Permission and Access Level Setup
I am creating a MERN Stack application. I am very confused about access permission to keys in my mongoDb schemas. I came from Firebase which allowed you to set up node level read/write access controls ...
- 149
1
vote
1
answer
780
views
Implement ABAC with AccessControl NPM package?
I've seen accesscontrol recommended for node RBAC, and the documentation says that it is kind of a merge of both rbac and abac.
What I'm seeing instead is that everything is still limited 100% to ...
- 740
4
votes
1
answer
832
views
mongoose convert all leaned ObjectIds to String format
I'm using mongoose-paginate-v2 to paginate my documents, and I use lean=true to make them a plain Object (I want to filter them using accesscontrol.
When I get the leaned Objects , all ObjectIds are ...
- 308
0
votes
2
answers
6k
views
CORS blocks one API request (not others) in Safari
I am running a React (16) webapp (deployed on Netlify) that is failing with one if its API calls being blocked by CORS but only in Safari. There's no problem in Chrome or Firefox. The console shows ...
- 311
3
votes
1
answer
2k
views
How to manage access control with roles to not allow a basic user to be able to update an account which is not owned
In my NodeJS API, I implemented roles using this npm pkg accesscontrol and I also used JWT for the token part. My issue is that I'm unable to limit the basic role user to update an account which is ...
- 2,669
1
vote
0
answers
1k
views
Node.js/Express - How to restrict file access to user who uploaded it?
I am building a web application and users can upload pdf's. Upload is all working fine, where I struggle is how to handle file access.
Currently the files are stored in a separate folder for each ...
- 323
0
votes
1
answer
1k
views
How to read Wiegand on Raspberry Pi 3 with Node?
I've tried numerous tutorials, and I can't get it to work.
Current situation:
- 12V Access control device that is connected like this i.e. Wiegand D0 to GPIO14 (pin 8/Tx) and D1 to GPIO15 (pin 10/Rx)...
- 2,252
1
vote
1
answer
2k
views
MERN stack authentication and authorization
I am creating a MERN(Mongo, Express, React-redux, Node) stack app where I am adding authentication, authorization and access control features. I know how to implement the authentication service but ...
0
votes
1
answer
53
views
Meteor allow-access-control-origin
I'm attempting to use the node-trello package to interact with the Trello API inside a Meteor app. However running through setup and attempting to make an api call in my client-side javascript file, I ...
- 53
7
votes
1
answer
5k
views
GraphQL - How to distinguish Public from Private fields?
Context
I have a GraphQL API and a NodeJS & Angular application with a MongoDB database that holds users. For each user, there is a public page with public information like id and username. When a ...
- 3,827
0
votes
0
answers
469
views
RBAC in Node.js
I am just starting with Node.js and Express and I am a bit confused on how the get the access controls I want.
What I have are 3 user types:
Admin
Provider
General
The admin and general I can do, ...
7
votes
3
answers
18k
views
Express ip filter for specific routes?
Is it possible to apply different ip filters to different routes?
For example, I want only people from 123.123.123.123 can access my server's /test route, and only people from 124.124.124.124 can ...
- 13.5k
0
votes
0
answers
921
views
DELETE request gets interpretted as GET
While creating a REST service with NodeJS I ran into a problem. The DELETE request gets interpreted as GET on the server side.
This may be some security feature to avoid data loss, but this moment I ...
- 8,024
1
vote
0
answers
87
views
NodeJS Express JS Web App - How to roll out new features only for a subset of users?
We have a fairly widely used Node + Express Web App, for which we are enabling a new major feature. Because we don't know what the exact impact would be, we want to roll out this feature only to a ...
- 21.7k
1
vote
2
answers
539
views
Auth0 access control
I am using Auth0 to manage a large set of users across several different applications with some being web based and others desktop and mobile. Under the meta data for each user I have an array of ...
- 1,714
0
votes
1
answer
742
views
CORS issue solution via proxy services or curl
I'm hitting a major road block while consuming services POST from this client who has no Access-Control-Allow-Origin at all.
I've tried following solutions or are you saying it's not possible at all?
...
- 7,320
10
votes
2
answers
5k
views
What is a good pattern for implementing access control in a GraphQL server?
Background:
I have a set of models, including a User and various other models, some of which contain references to a User. I am exposing these models for querying via a GraphQL API generated by ...
- 197
3
votes
1
answer
217
views
Node.js: whitelisting/redaction of database entries
From node, I access a database with objects like
animals: [
{
name: monkey,
diet: banana,
tame: false,
},
{
name: donkey,
diet: carrot,
tame: true,
}
// [...]
]
I'd like to give access ...
- 58.5k
1
vote
2
answers
275
views
Propagate user access right from an authentication web page to other html only web pages on the server?
I want to create a web page, that will serve to authenticate users based on credentials I give them (user1, pswd1 etc).
Only after a user authenticated, he should have access to a few other web sites,
...
- 395
2
votes
1
answer
1k
views
Get current user from inside the model in Sails
I'm using toJSON() method of my model in Sails in order to control the visibility of some of it's properties, when model is exposed via application's API.
In order to decide which properties to ...
- 28.5k
0
votes
1
answer
957
views
MYSQL Access Control
I want to implement column level and row level access control on data stored in my MySQL database. I am using NodeJS on my server, what's the way to go for this ?
I see SAP Hana allows that but want ...
- 375
2
votes
1
answer
2k
views
Access-Control-Allow-Origin on OpenShift using Node.js, express, and socket.io
As the title suggests, I'm having trouble remotely accessing my node.js instance hosted on OpenShift. The error I keep getting in my browser's console looks like this:
XMLHttpRequest cannot load ...
- 5,558
1
vote
1
answer
5k
views
How to add 'res.addHeader("Access-Control-Allow-Origin", "*")' in express js?
In my app I use angularjs and cordova for front-end and express and node js for backend which is acting as server. My client side is running on http://localhost:9000 but, my express js is running on ...
- 175
1
vote
0
answers
508
views
socket.io + ssl - Origin is not allowed by Access-Control-Allow-Origin
I build my project with socket.io v1.2.1 , which running well on http connections.
But when I change my website into ssl connection, errors coming.
XMLHttpRequest cannot load
https://pusher....
- 11
-3
votes
1
answer
49
views
Securing server with clientside javascript
I have a site that runs with a NodeJS backend and a ReactJS frontend. All of the frontend logic takes place in the user's browser, and the frontend hits backend routes to get business logic. Currently,...
- 3,498
1
vote
1
answer
151
views
AND/OR for roles in Loopback's ACLS
I have an application where users can have several of different type of roles
Static Roles: each determines a different level of permissions, a user is mapped to one of these roles
adminUser
...
- 7,279
4
votes
1
answer
3k
views
socket.io / node.js with ssl and Access-Control-Header
I set up a node-server and get an error message when activating ssl (official, NOT self-assigned Certificate).
The error message:
XMLHttpRequest cannot load https://servername:8081/socket.io/... No '...
- 43
7
votes
8
answers
24k
views
Socket.io access-control-allow=origin error from remote site
I am trying to access a socket.io server from another site. It worked for a few weeks but now I keep getting the following error. It happens when accessing a server on nodester from a server on heroku....
- 3,144