Forem: Herdi Tr. The latest articles on Forem by Herdi Tr. (@hrdtr). https://forem.com/hrdtr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F115401%2F99ea1c09-19be-49c5-bc4a-8c6ba7fec1a7.jpeg Forem: Herdi Tr. https://forem.com/hrdtr en Introducing Guantr: A Type-Safe Authorization Library for JavaScript/TypeScript Herdi Tr. Wed, 09 Apr 2025 15:08:00 +0000 https://forem.com/hrdtr/introducing-guantr-a-type-safe-authorization-library-for-javascripttypescript-4f72 https://forem.com/hrdtr/introducing-guantr-a-type-safe-authorization-library-for-javascripttypescript-4f72 <p>Handling permissions and access control is a fundamental part of building almost any web application. Deciding <em>who</em> can do <em>what</em> with <em>which</em> resource can quickly become complex. While working on one of my own projects, I found myself needing a solution that was not only flexible but also highly type-safe, integrating seamlessly with my TypeScript codebase.</p> <p>Existing solutions didn't quite fit the bill – some felt too restrictive, others lacked the compile-time safety I was looking for, and some involved deploying entirely separate services which felt like overkill for my needs at the time. This led me down the path of building a custom authorization logic layer directly within that application.</p> <p>After running and refining this core logic in production, I realized it might be useful to others facing similar challenges. So, I decided to extract it, polish it up, add features like customizable storage, and release it as an open-source library: <strong>Guantr</strong>.</p> <h2> What is Guantr? </h2> <p>Guantr is an <strong>embedded authorization library for JavaScript and TypeScript</strong>. Its primary goal is to provide a flexible and developer-friendly way to manage permissions directly within your application codebase, with a strong emphasis on type safety.</p> <p>It's not a standalone service like some other authorization systems; instead, you integrate it as a library, define your rules using familiar JS/TS constructs, and check permissions where needed.</p> <h2> Key Features </h2> <p>Here are some of the core ideas behind Guantr:</p> <h3> 1. TypeScript First with <code>GuantrMeta</code> </h3> <p>Guantr shines when used with TypeScript. You can define your entire authorization model – resources, actions, data shapes, and context structure – using the <code>GuantrMeta</code> type.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">GuantrMeta</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">guantr</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Define your models and context shape</span> <span class="kr">interface</span> <span class="nx">PostModel</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">authorId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">status</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">UserContext</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">roles</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">}</span> <span class="c1">// Define the Meta type</span> <span class="kd">type</span> <span class="nx">AppMeta</span> <span class="o">=</span> <span class="nx">GuantrMeta</span><span class="o">&lt;</span> <span class="p">{</span> <span class="c1">// Resource Map</span> <span class="na">post</span><span class="p">:</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">'</span><span class="s1">read</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">edit</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">delete</span><span class="dl">'</span><span class="p">;</span> <span class="nl">model</span><span class="p">:</span> <span class="nx">PostModel</span><span class="p">;</span> <span class="p">};</span> <span class="c1">// ... other resources</span> <span class="p">},</span> <span class="c1">// Context Shape</span> <span class="nx">UserContext</span> <span class="o">&gt;</span><span class="p">;</span> <span class="c1">// Use it during initialization</span> <span class="kd">const</span> <span class="nx">guantr</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">createGuantr</span><span class="o">&lt;</span><span class="nx">AppMeta</span><span class="o">&gt;</span><span class="p">({</span> <span class="cm">/* ... options ... */</span> <span class="p">});</span> </code></pre> </div> <p>This provides compile-time safety and autocompletion when defining rules and checking permissions, helping to catch errors early.</p> <h3> 2. Flexible Condition System </h3> <p>Rules can include conditions for fine-grained control (ABAC/ReBAC patterns). Guantr uses a straightforward array syntax <code>[operator, operand]</code> for these conditions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">guantr</span><span class="p">.</span><span class="nx">setRules</span><span class="o">&lt;</span><span class="nx">AppMeta</span><span class="o">&gt;</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">allow</span><span class="p">,</span> <span class="nx">deny</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Allow reading any post</span> <span class="nf">allow</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">post</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Allow editing a post IF its authorId matches the current user's ID</span> <span class="nf">allow</span><span class="p">(</span><span class="dl">'</span><span class="s1">edit</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">post</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">authorId</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">eq</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">$ctx.userId</span><span class="dl">'</span><span class="p">]</span> <span class="c1">// Check resource property against context</span> <span class="p">}]);</span> <span class="c1">// Deny deleting posts that are 'published'</span> <span class="nf">deny</span><span class="p">(</span><span class="dl">'</span><span class="s1">delete</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">post</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">eq</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">published</span><span class="dl">'</span><span class="p">]</span> <span class="c1">// Check resource property</span> <span class="p">}]);</span> <span class="p">});</span> </code></pre> </div> <h3> 3. Context Integration (<code>getContext</code> &amp; <code>$ctx</code>) </h3> <p>Dynamic information, like the current user's ID or roles, can be injected via an asynchronous <code>getContext</code> function during initialization. This context is then accessible within rule conditions using the <code>$ctx.</code> prefix.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">guantr</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">createGuantr</span><span class="o">&lt;</span><span class="nx">AppMeta</span><span class="o">&gt;</span><span class="p">({</span> <span class="na">getContext</span><span class="p">:</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">UserContext</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getCurrentUser</span><span class="p">();</span> <span class="c1">// Fetch user data per request</span> <span class="k">return</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">id</span> <span class="o">??</span> <span class="kc">null</span><span class="p">,</span> <span class="na">roles</span><span class="p">:</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">roles</span> <span class="o">??</span> <span class="p">[]</span> <span class="p">};</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Rule using context (from previous example):</span> <span class="c1">// allow('edit', ['post', { authorId: ['eq', '$ctx.userId'] }]); </span> </code></pre> </div> <h3> 4. Pluggable Storage </h3> <p>While Guantr includes a simple <code>InMemoryStorage</code> by default, it defines a <code>Storage</code> interface. This allows you to implement custom adapters to persist and query rules from different backends like PostgreSQL, MySQL, Redis, MongoDB, etc., making it suitable for various architectures. Examples are included in the documentation.</p> <h2> Who is Guantr For? </h2> <p>Guantr is likely a good fit if:</p> <ul> <li>You are working primarily within the JavaScript/TypeScript ecosystem.</li> <li>You prefer embedding authorization logic within your application rather than using a separate service.</li> <li>Type safety is a high priority for your team.</li> <li>You need fine-grained control based on resource attributes, user context, or relationships (ABAC/ReBAC).</li> </ul> <h2> Getting Started </h2> <p>You can install it via npm (or your preferred package manager):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>guantr </code></pre> </div> <p>Here's a minimal example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createGuantr</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">guantr</span><span class="dl">'</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// 1. Initialize Guantr</span> <span class="kd">const</span> <span class="nx">guantr</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createGuantr</span><span class="p">();</span> <span class="c1">// 2. Set some rules</span> <span class="k">await</span> <span class="nx">guantr</span><span class="p">.</span><span class="nf">setRules</span><span class="p">((</span><span class="nx">allow</span><span class="p">,</span> <span class="nx">deny</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">allow</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Anyone can read articles</span> <span class="nf">allow</span><span class="p">(</span><span class="dl">'</span><span class="s1">edit</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">eq</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span><span class="p">]</span> <span class="p">}]);</span> <span class="c1">// Can edit only if status is 'draft'</span> <span class="p">});</span> <span class="c1">// 3. Check permissions</span> <span class="kd">const</span> <span class="nx">draftArticle</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">draft</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">publishedArticle</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">published</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">canRead</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">guantr</span><span class="p">.</span><span class="nf">can</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// true</span> <span class="kd">const</span> <span class="nx">canEditDraft</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">guantr</span><span class="p">.</span><span class="nf">can</span><span class="p">(</span><span class="dl">'</span><span class="s1">edit</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">,</span> <span class="nx">draftArticle</span><span class="p">]);</span> <span class="c1">// true</span> <span class="kd">const</span> <span class="nx">canEditPublished</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">guantr</span><span class="p">.</span><span class="nf">can</span><span class="p">(</span><span class="dl">'</span><span class="s1">edit</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="dl">'</span><span class="s1">article</span><span class="dl">'</span><span class="p">,</span> <span class="nx">publishedArticle</span><span class="p">]);</span> <span class="c1">// false</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">({</span> <span class="nx">canRead</span><span class="p">,</span> <span class="nx">canEditDraft</span><span class="p">,</span> <span class="nx">canEditPublished</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">main</span><span class="p">();</span> </code></pre> </div> <h2> Learn More </h2> <p>This is just a brief introduction. You can find comprehensive guides, API references, and more examples in the official documentation: <strong><a href="https://guantr.hrdtr.dev" rel="noopener noreferrer">guantr.hrdtr.dev</a></strong></p> <p>The core logic powering Guantr has proven useful in a real-world application, and my hope is that releasing it as an open-source library might help others who need a similar blend of flexibility and type safety for their authorization needs.</p> <p>Feedback, suggestions, and contributions are highly appreciated! Check out the <a href="https://github.com/Hrdtr/guantr" rel="noopener noreferrer">GitHub repository</a> if you're interested.</p> <p>Thanks for reading!</p> javascript authorization opensource webdev Integrate NuxtJS with Appwrite Herdi Tr. Tue, 31 Aug 2021 05:35:13 +0000 https://forem.com/hrdtr/integrate-nuxtjs-with-appwrite-1o7f https://forem.com/hrdtr/integrate-nuxtjs-with-appwrite-1o7f <h3> What is Appwrite? </h3> <p>Appwrite is an end-to-end backend server that is aiming to abstract the complexity of common, complex, and repetitive tasks required for building a modern app.</p> <p>Appwrite provides you with a set of APIs, tools, and a management console UI to help you build your apps a lot faster and in a much more secure way. Between Appwrite different services, you can find user authentication and account management, user preferences, database and storage persistence, cloud functions, localization, image manipulation, scheduled background tasks, and more.</p> <h3> Preparation </h3> <p>Before starting make sure you have installed appwrite on the server and appwrite is running fine there, if you haven't installed it please open the <a href="https://appwrite.io/docs" rel="noopener noreferrer">appwrite documentation</a> and install it on your server.</p> <p>By the way the setup process is very easy.</p> <h3> Getting Started </h3> <p>Lets create a new NuxtJS project<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>yarn create nuxt-app &lt;project-name&gt; </code></pre> </div> <p>or using npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm init nuxt-app &lt;project-name&gt; </code></pre> </div> <p>After the the package successfully installed, add appwrite module for NuxtJS<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd</span> &lt;project-name&gt; <span class="nv">$ </span>yarn add nuxt-appwrite </code></pre> </div> <p>or using npm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd</span> &lt;project-name&gt; <span class="nv">$ </span>npm i nuxt-appwrite &lt;project-name&gt; </code></pre> </div> <p>Next, add nuxt-appwrite to the modules section of in <code>nuxt.config.js</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="p">...</span> <span class="na">modules</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">nuxt-appwrite</span><span class="dl">'</span><span class="p">]</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <p>At this point, make sure we have an active project in appwrite, if not, please login to your appwrite console and create a new project, then go to project settings and copy the value from project id field.</p> <p>Next, add appwrite object inside <code>nuxt.config.js</code> export and fill it with some options<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="p">...</span> <span class="na">modules</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">nuxt-appwrite</span><span class="dl">'</span><span class="p">],</span> <span class="na">appwrite</span><span class="p">:</span> <span class="p">{</span> <span class="na">endpoint</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://appwrite.example.com/v1</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// appwrite endpoint</span> <span class="na">project</span><span class="p">:</span> <span class="dl">'</span><span class="s1">60046530a120d</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// project id</span> <span class="p">}</span> <span class="p">...</span> </code></pre> </div> <p>Great! We have successfully setup the Appwrite Web SDK in NuxtJS</p> <p>From here, we can use <code>this.$appwrite</code> to access the SDK from clients side methods in NuxtJS (e.g. <code>mounted()</code>).</p> <p>For example, we can fetch database document inside vue component like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">{</span> <span class="p">...</span> <span class="nf">mounted</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">$appwrite</span><span class="p">.</span><span class="nx">database</span><span class="p">.</span><span class="nf">getDocument</span><span class="p">(</span><span class="nx">collectionID</span><span class="p">,</span> <span class="nx">documentID</span><span class="p">)</span> <span class="k">this</span><span class="p">.</span><span class="nb">document</span> <span class="o">=</span> <span class="nx">res</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="p">},</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <h3> Server Side User Action </h3> <p>To maximize the capabilities of NuxtJS, <code>$appwrite</code> also accessible from NuxtJS context. So we can access the SDK from server side too (e.g.<code>asyncData()</code>).</p> <p>However, when doing SDK calls in your users scope from the server, it is not possible right away, since the HTTP-only cookie used for authentication is saved in the user's browser. That's why the Appwrite Web SDK allows to use JWT for authentication.</p> <p>There are <strong>additional steps</strong> that must be taken so that our NuxtJS server instance knows who we are (the logged in user). that way, the server can get the same access rights according to the user who is currently logged in.</p> <p>Below is an example code to set JWT using the APIs available in nuxt-appwrite module <em>(do it directly after the user has successfully logged in)</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">this</span><span class="p">.</span><span class="nx">$appwrite</span><span class="p">.</span><span class="nx">account</span> <span class="p">.</span><span class="nf">createJWT</span><span class="p">()</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">response</span><span class="p">)</span> <span class="k">this</span><span class="p">.</span><span class="nx">$appwrite</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">setJWT</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">jwt</span><span class="p">)</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>Once the JWT is set, we can use the user-scoped action on the Nuxt process.server context, asyncData and nuxtServerInit.</p> <p>Don't forget to remove the JWT after the user logs out<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">this</span><span class="p">.</span><span class="nx">$appwrite</span> <span class="p">.</span><span class="nx">account</span><span class="p">.</span><span class="nf">deleteSessions</span><span class="p">(</span><span class="dl">'</span><span class="s1">current</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$appwrite</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">removeJWT</span><span class="p">()</span> <span class="p">},</span> <span class="nf">function </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>By the way Appwrite has a public <a href="https://appwrite.io/discord" rel="noopener noreferrer">community on discord</a>, you can join and find out more about Appwrite and if you run into any problems or difficulties people there are always there to help.</p> nuxt vue appwrite baas