This guide demonstrates how to integrate Casbin with a NestJS application using a custom guard for authorization.
Install Casbin in your NestJS project:
npm install casbinCreate a guard to handle authorization using Casbin.
import {
Injectable,
CanActivate,
ExecutionContext,
} from '@nestjs/common';
import { newEnforcer } from 'casbin';
@Injectable()
export class CasbinGuard implements CanActivate {
private enforcer: any;
async onModuleInit() {
this.enforcer = await newEnforcer(
'basic_model.conf',
'basic_policy.csv'
);
}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest();
const user = 'alice'; // example user
const resource = request.url;
const action = request.method;
return await this.enforcer.enforce(user, resource, action);
}
}Apply the guard to protect routes.
import { Controller, Get, UseGuards } from '@nestjs/common';
import { CasbinGuard } from './casbin.guard';
@Controller()
export class AppController {
@UseGuards(CasbinGuard)
@Get('data')
getData() {
return 'Protected Data';
}
}Create a file named basic_model.conf:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.actCreate a file named basic_policy.csv:
p, alice, /data, GET- Casbin loads the model and policy.
- NestJS guard intercepts incoming requests.
- The enforce function checks permissions.
- If access is allowed, the request proceeds.
- If denied, the request is blocked.
When accessing:
GET /data
- User alice → Allowed
- Other users → Denied