An example application of integrating Cerbos with an Express server.
- Try online with the Cerbos playground
- Explore demo repositories
- Read the documentation
- Subscribe to our newsletter
- Join the community on Slack
- Node.js v18+
- Docker for running the Cerbos Policy Decision Point (PDP)
- Start up the Cerbos PDP instance docker container. This will be called by the Express app to check authorization.
cd cerbos
./start.sh- Install node dependencies
npm install- Start the Express server
npm run startThis example uses @cerbos/grpc to communicate with the Cerbos PDP over gRPC.
The Express server exposes three endpoints for managing articles:
GET /article/:id- Read an articlePATCH /article/:id- Update an articleDELETE /article/:id- Delete an article
Each endpoint calls cerbos.checkResource() to determine if the current user is authorized to perform the requested action based on the policies defined in the cerbos/policies directory.
The Cerbos policy (cerbos/policies/article.yaml) defines the following rules:
- Admin and User roles can
readandcreatearticles - Admin role can
updateanddeleteany article - User role can only
updateanddeletearticles they own