const { GRPC } = require("@cerbos/grpc");
// The Cerbos PDP instance
const cerbos = new GRPC("localhost:3593", {
tls: false,
});
const SHOW_PDP_REQUEST_LOG = false;
module.exports = async (user, action, resourceAtrr = {}) => {
const cerbosObject = {
principal: {
id: user.id+ "" || "0",
policyVersion: "default",
roles: [user?.role || "unknown"],
attributes: user,
},
resource: {
kind: "blogpost",
policyVersion: "default",
id: resourceAtrr?.id + "" || "new",
attributes: resourceAtrr,
},
actions: [action],
};
SHOW_PDP_REQUEST_LOG &&
console.log("cerbosObject \n", JSON.stringify(cerbosObject, null, 4));
const cerbosCheck = await cerbos.checkResource(cerbosObject);
const isAuthorized = cerbosCheck.isAllowed(action);
if (!isAuthorized)
throw new Error("You are not authorized to visit this resource");
return true;
};