How does this skill handle the Principle of Least Privilege?

The skill is built on a 'default deny' strategy, meaning users are granted the minimum permissions necessary for their tasks and all requests must be explicitly validated before access is granted.

What is the difference between RBAC and ABAC in this skill?

RBAC assigns permissions to roles (e.g., Admin or User), while ABAC uses specific attributes—such as resource ownership, time of day, or IP address—to make more granular access decisions.

Can I use this skill with frameworks other than Fastify?

Yes. While the middleware examples are shown for Fastify, the core logic for role definitions, permission checking, and policy evaluation is written in standard TypeScript and can be easily adapted for Express, NestJS, or Koa.

Does this include authentication logic?

No, this skill focuses specifically on authorization (determining what an identified user is allowed to do) rather than authentication (verifying who a user is).

Authorization Patterns & Access Control

Name: Authorization Patterns & Access Control
Author: IvanTorresEdge

byIvanTorresEdge

安全与测试

Implement robust RBAC and ABAC security patterns for Node.js applications using industry best practices.

关于

This skill provides comprehensive patterns and implementation guides for securing applications through Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). It facilitates the creation of permission guards, authorization middleware, and centralized policy definitions, ensuring your software adheres to the principle of least privilege. Ideal for developers building RESTful APIs or complex backend systems, it offers ready-to-use TypeScript examples for defining roles, checking permissions, and managing resource-level access while maintaining a 'default deny' security posture.

主要功能

0 GitHub stars
Centralized permission and policy management
Attribute-Based Access Control (ABAC) logic
Fastify-compatible authorization middleware
Scope-based authorization patterns
Role-Based Access Control (RBAC) implementation

使用场景

Protecting API endpoints based on hierarchical user roles
Implementing owner-only resource modification logic
Setting up environment-specific or time-based access rules

关于

主要功能

0 GitHub stars
Centralized permission and policy management
Attribute-Based Access Control (ABAC) logic
Fastify-compatible authorization middleware
Scope-based authorization patterns
Role-Based Access Control (RBAC) implementation

使用场景

Protecting API endpoints based on hierarchical user roles
Implementing owner-only resource modification logic
Setting up environment-specific or time-based access rules