relation-tuple-parser

This is a collection of libraries that can parse a string representation of a Relation tuple to an object structure in different languages or frameworks.

Relation tuples are used to evaluate permissions in "Zanzibar: Google's Consistent, Global Authorization System".

The BNF of a valid Relation tuple is as follows:

<relation-tuple> ::= <object>'#'relation'@'<subject> | <object>'#'relation'@('<subject>')'
<object> ::= namespace':'object_id
<subject> ::= subject_id | <subject_set>
<subject_set> ::= <object>'#'relation

Examples of valid strings:

namespace:object#relation@subjectId
namespace:object#relation@(subjectId)
namespace:object#relation@subjectNamespace:subjectObject#subjectRelation
namespace:object#relation@(subjectNamespace:subjectObject#subjectRelation)

The different parts of the Relation tuple can contain any character but :#@().

A Relation tuple can easily be verbalised: The Relation tuple sharedFiles:a.txt#access@(dirs:b#access) can be verbalised as "Anyone with access to dirs:b has access to sharedFiles:a.txt".

Repository content

Examples

• nestjs-guard: An example on how to use keto to secure a NestJS endpoint

Libraries

• @nidomiro/relation-tuple-parser: A typescript implementation including dynamic value replacements
• @nidomiro/relation-tuple-parser-ory-keto: same as @nidomiro/relation-tuple-parser but uses types from ory keto

Development Info

Publish typescript versions

nx run-many --projects=typescript,typescript-ory-keto --target=publish --tag latest --ver x.x.x