Table of content
- Bitwise Operators in JavaScript
- What is RBAC?
- How to implement RBAC using Bitwise in Node.js?
- Conclusion
Bitwise Operators in JavaScript
In JavaScript, The Bitwise Operators perform operations on the integer values at the binary level (32-bit binary digitals zeros and ones).
*** Note: The number stored is a 64-bit floating point number. So, to perform a bit-operation JavaScript converts the number into a 32-bit binary number (signed) performs the operation, and converts back the result to a 64-bit number.
Below is the list of Bitwise Operators in JavaScript:
| Operator | Name | Description |
|---|---|---|
| & | Bitwise AND | Return 1 if both bits are 1, otherwise 0. |
| | | Bitwise OR | Return 1 if either bit is 1, otherwise 0. |
| ^ | Bitwise XOR | Return 1 if both bits are different, otherwise 0. |
| ! | Bitwise NOT | Return 1 if bit is 0, otherwise 0. |
| << | Left Shift | Shifts the bits left by pushing zeros in from right and discarding leftmost bits. |
| >> | Right Shift | Shifts the bits right by pushing copies of leftmost bit in from left and discarding rightmost bits. |
| >>> | Right Shift with Zero | Shifts the bits right by pushing zeros in from left and discarding rightmost bits. |
What is RBAC?
RBAC stands for Role-Base Access Control.
It is a security model that restricts access to resources and actions based on a user's role. It separates the management of user permissions from individual users, making it easier to maintain and scale your application. By assigning roles to users, you can control who can access specific resources and perform certain actions in your application.
The RBAC involves components :
- Roles: In a system application, each user has at least one role. example: Admin, User, Writer.
- Permissions: to perform an action or operation, users can access resources within the system. example: Create, Delete, Edit
- Resources: it is defined where the request comes from the client. example: Article, Comment, Reaction.
How to implement RBAC using Bitwise in Node.js?
Firstly, the RBAC components should be defined:
Role:| Role name | Value | Description |
|---|---|---|
| Admin | 1 | 1 << 0 |
| User | 2 | 1 << 1 |
| Writer | 4 | 1 << 2 |
Permission:| Permission name | Value | Description |
|---|---|---|
| Create | 1 | 1 << 0 |
| Delete | 2 | 1 << 1 |
| Edit | 4 | 1 << 2 |
Resource:| Resource name | Value | Description |
|---|---|---|
| Article | 1 | 1 << 0 |
| Comment | 2 | 1 << 1 |
| Reaction | 4 | 1 << 2 |
Secondly, we will create a function to check the permission of the roles.
export const hasPermission = (
rbac: Rbac[],
resource: Resource,
permission: Permission,
) => {
return !!(permission & (rbac.find((rbacResource) => rbacResource === resource)?.value ?? 0));
};Continually, create a middleware in Node.js
const verifyPermission = (resource: Resource, permission: Permission) => {
return async (_: Request, res: Response, next: NextFunction) => {
try {
try {
const allow = !!hasPermission(rbac, resource, permission);
if (!allow) {
return new Forbidden(message).send(res);
}
return next();
} catch (error) {
return new Forbidden(message).send(res);
}
} catch (error: any) {
return next(new Forbidden(error.message));
}
};
};Finally, adding middleware to a router
router.post('/comments', [verifyPermission(1, 1)], (req: Request, res: Response, next: NextFunction) => {});Conclusion
In this article, I showed you how to build an RBAC in Node.js using Bitwise Operators. This ensures users can or cannot allow access to resources, enhancing the security of your application.
I hope this article helps secure your application.
Thank you for your following.
❤️ Code for fun!!! ❤️