This example shows how to use iron session with Cerbos in a Nuxt.js 3.
The example features sign-in, guarded route and authenticated API to your Nuxt.js application which using Cerbos to authorize access.
Cerbos is an open-source authorization-as-a-service option for allowing decoupled access control in your software. It allows writing human-readable policy definitions that serve as context-aware access control policies for your application resources.
Cerbos works with any identity provider services like Auth0, Okta, FusionAuth, Clerk, Magic, WorkOS or even your own, bespoke directory system.
Our Nuxt.js application uses iron-sesion behind the scene to provide a simple session mechanism to showcase the power of cerbos. The application is meant to showcase cerbos features like guarded route and permission based API endpoints.
The policies is defined in the cerbos/policies
directory. Each policy is authored in the a very human-readable format which you can learn more about at the Cerbos Policy documentation site, and for the demo revolves around access to a contacts
resource.
- Cerbos
- iron-session
- Nuxt.js v3.x - Vue meta framework
git clone https://github.com/cerbos/nuxtjs3-cerbos-iron-session
Then cd
into the project directory and run npm install
to install the dependencies.
npm install
Alternatviely you could use yarn
or pnpm
or anything that runs npm scripts
Iron session provides a simple mechanism to achieve stateless session. To simplify the use of this showcase the information required to define iron-session
have been hardcoded within the session.ts, but it is suggested to move this our into environment variables if you are planning to use this starter pack for production applications.
Cerbos runs along side of the app. All Cerbos command included in this Showcase make use of a deployed sample cerbos app. This instance is automatically by the showcase and it does not need any further setup.
The content of the Docker Container can be found in ./cerbos
. This folder includes all the information necessary to run a local copy of Cerbos. You should take a look at the content of the policies
folder.
In the event in which you would like to run a local copy of Cerbos, you can easily do so using docker by following the steps below:
- Run a Local istance of Cerbos
If you have Docker installed: you can simply run the following command to start Cerbos in a Docker container:
cd ./cerbos
sh ./start.sh
- Change the app to use query our local instance instead than the deployed version
To achieve this open ./utils/cerbos.js
and replace the existing code, with the suggested replacement in the comment. The end file should look something like this:
import { GRPC } from "@cerbos/grpc";
export const cerbos = new GRPC(
"localhost:3593",
{ tls: false }
);
- Make changes to your Cerbos Policies
Your showcase is now running a local version of Cerbos, and you can easily make changes to the Policies and learn more about Cerbos and all its features.
To run your Nuxtjs application locally you can use the following command:
npm run dev
You could also build
and start
the app to see what it would be like in production. Deployment of this app is out of scope for this example.
- Open your browser to
http://localhost:3000/login
to see the included example code running.
There is a demonstration of changing the user's role, and seeing how that affects the permissions of the user to take actions on the resources.
npm run dev
- Starts the development server.npm run build
- Builds the project for production.npm run start
- Starts the production preview after build.
To learn more about Cerbos and Nuxt.js, take a look at the following resources: