10 dépôts
Logic for defining granular, application-specific authorization rules to control access to resolvers and controllers.
Distinct from Document Access Permissions: None of the candidates describe general application-level granular permission definition for API resolvers.
Explore 10 awesome GitHub repositories matching security & cryptography · Custom Permissions. Refine with filters or upvote what's useful.
This project is a human resources management system built using Spring Boot and Vue. It serves as a platform for managing employee records, professional titles, and organizational hierarchies. The system features a role-based access control framework that maps users to specific roles and resources to secure API endpoints and user interface elements. It includes a real-time communication hub utilizing WebSockets for internal corporate chat and system notifications, as well as a dedicated manager for defining and modifying nested organizational department structures. Additional capabilities co
Intercepts unauthorized access attempts to return formatted JSON error messages and custom status codes.
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
Provides granular permissions to restrict or allow access to specific API resolvers and controllers.
This is a Backend as a Service SDK for Apple platforms, providing a collection of libraries that connect iOS and macOS applications to cloud databases, authentication services, and serverless infrastructure. It serves as a developer kit for integrating real-time data synchronization, file storage, and push notifications into native apps. The SDK is distinguished by its generative AI integration, which routes text and multimodal prompts between on-device models and cloud-hosted large language models. It further differentiates itself with a specialized app distribution tool for managing pre-rel
Rejects API requests lacking valid attestation tokens to prevent unauthorized backend access.
Upspin is a decentralized naming and storage system that provides an end-to-end encrypted file system. It assigns every user a unique identity and organizes files within a global, permissioned namespace where data is encrypted on the client before transmission. The system separates identity resolution from data storage using a public-key identity provider and a key-server architecture. This allows for decentralized identity management and the resolution of usernames to specific directory and storage server addresses. The project includes a hierarchical access control system that manages read
Hides directory entries or returns privacy errors when a user lacks the necessary access rights to view them.
Rack-attack est un middleware de limitation de débit (rate limiter) et un filtre de requêtes pour l'interface Rack. Il fournit un système pour brider les requêtes HTTP et maintenir des listes de blocage d'adresses IP afin de protéger les applications contre le trafic malveillant et les attaques par déni de service. Le projet permet l'atténuation des attaques DDoS au niveau applicatif et la gestion des limites de débit des API en identifiant et en rejetant les requêtes provenant de clients bannis ou d'adresses IP abusives. Il permet de définir des listes blanches (safelists) pour contourner les filtres et utilise une logique personnalisée pour déterminer si un client doit être bloqué ou bridé. L'outil couvre une gestion complète du trafic grâce au bannissement automatisé des clients, à des stratégies d'attente exponentielle (exponential backoff) et à la possibilité de définir des réponses de rejet personnalisées. Il inclut une instrumentation pour surveiller les modèles de requêtes et prend en charge des backends de cache externes pour synchroniser l'état entre les instances d'application distribuées.
Allows defining custom HTTP response objects, status codes, and headers for blocklisted or throttled requests.
GraphQL-Ruby est une bibliothèque Ruby pour construire des API GraphQL avec un schéma fortement typé et un moteur d'exécution de requêtes dédié. Elle fournit un framework complet pour mapper les objets de l'application à un système de types formel, permettant une récupération de données structurée via des résolveurs définis. Le projet se distingue par des mécanismes avancés de performance et de livraison, incluant un data loader pour le batching et le cache afin d'éviter les patterns de requêtes N+1. Il supporte la livraison de données haute performance via le streaming de réponses incrémentales, les réponses de requêtes différées et la récupération de données en parallèle utilisant des fibers. De plus, il offre un support natif pour les conventions Relay, incluant des helpers spécialisés pour les connexions et l'identification d'objets. La bibliothèque couvre une large surface de gestion d'API, incluant un contrôle d'accès granulaire, le versioning de schéma pour maintenir la rétrocompatibilité et des mises à jour en temps réel via des abonnements. Elle inclut également des outils de gestion de trafic pour protéger les ressources serveur, tels que la limitation de complexité des requêtes et le rate limiting. Le développement et l'observabilité sont supportés par des outils d'analyse AST, le traçage d'exécution et des utilitaires de test spécialisés pour la vérification du chargement par lots.
Provides custom replacements or specific error shapes when a user lacks permissions for a requested object.
Kimai is an open-source time tracking system that records employee working hours, manages absences, and generates professional invoices from recorded timesheets and expenses. It organizes all time records through a mandatory three-level hierarchy of customer, project, and activity, and supports project budget monitoring with configurable time and money limits. The application is extensible through a plugin system that allows adding custom features, invoice templates, reporting views, and dashboard widgets without modifying core files. It provides a RESTful JSON API for programmatic read and w
Registers new permissions through a plugin extension class for the permission administration UI.
BaoTa is a web-based Linux server control panel and system administration dashboard designed for managing hosting environments and system resources. It provides a graphical interface to translate administrative actions into system-level configurations, allowing users to manage Linux servers and web hosting stacks without relying solely on the command line. The platform distinguishes itself through AI-driven server operations, utilizing artificial intelligence for performance analysis and the execution of maintenance tasks via natural language commands. It supports multi-node orchestration, en
Customizes HTTP response codes for unauthenticated users to hide the management panel from attackers.
TastyIgniter is a comprehensive restaurant management system and digital ordering engine. Built as a modular application framework, it provides the tools necessary to operate online food ordering, table reservation systems, and multi-vendor e-commerce platforms. The platform is designed to handle complex restaurant operations, including multi-location networking and multi-vendor marketplace management. It distinguishes itself through specialized restaurant automation, such as coordinating guest limits and time slots for bookings, managing ingredient and allergen catalogs, and implementing mul
Enables the definition of custom permission keys and groups to implement granular access control throughout the system.
Pothos is a code-first GraphQL schema builder and framework designed for type-safe development. It allows developers to construct schemas using typed definitions in TypeScript, eliminating the need for external code generation steps. The framework distinguishes itself through a dedicated data mapper that connects GraphQL types to relational databases and ORMs, such as Prisma, while optimizing query resolution. It provides a full implementation of the Relay specification, including global object identification and cursor-based pagination. The project covers several core capability areas, incl
Customizes the outcome of unauthorized requests by returning custom values, empty collections, or specific errors.