API Reference
abac-engine API Reference
Complete API documentation for the ABAC Engine core classes, methods, and utilities.
ABACEngine
The main Policy Decision Point (PDP) that evaluates authorization requests.
Constructor
constructor(config: ABACEngineConfig)
Configuration Options:
interface ABACEngineConfig {
policies: ABACPolicy[];
attributeProviders?: AttributeProvider[];
enableAuditLog?: boolean; // Default: true
enablePerformanceMetrics?: boolean; // Default: true
cacheResults?: boolean; // Default: false
cacheTTL?: number; // Default: 300 (seconds)
maxEvaluationTime?: number; // Default: 5000 (ms)
logger?: ILogger; // Default: SilentLogger
}Example:
import { ABACEngine, CombiningAlgorithm } from 'abac-engine'
const engine = new ABACEngine({
policies: myPolicies,
enableAuditLog: true,
combiningAlgorithm: CombiningAlgorithm.DenyOverrides,
logger: new ConsoleLogger()
})evaluate()
Evaluate an authorization request against policies.
async evaluate( request: ABACRequest, policies?: ABACPolicy[] ): Promise<ABACDecision>
Parameters:
request- The authorization requestpolicies- Optional policies to use (overrides config policies)
Returns:
Promise<ABACDecision>
Example:
const decision = await engine.evaluate({
subject: {
id: 'user-123',
attributes: { department: 'Engineering' }
},
resource: {
id: 'doc-456',
attributes: { owner: 'user-123' }
},
action: { id: 'read' }
})
if (decision.decision === 'Permit') {
// Allow access
}addAttributeProvider()
Add an attribute provider to the engine.
addAttributeProvider(provider: AttributeProvider): void
// Example
const provider = new DatabaseAttributeProvider('subject', 'users', config)
engine.addAttributeProvider(provider)registerFunction()
Register a custom function for use in conditions.
registerFunction(name: string, func: ConditionFunction): void
// Example
engine.registerFunction('isBusinessHours', (time: Date) => {
const hour = time.getHours()
return hour >= 9 && hour < 17
})getMetrics()
Get evaluation metrics.
getMetrics(): EvaluationMetrics
// Returns
interface EvaluationMetrics {
totalEvaluations: number
permitCount: number
denyCount: number
indeterminateCount: number
notApplicableCount: number
averageEvaluationTime: number
policyEvaluations: number
}PolicyBuilder
Fluent API for building ABAC policies.
create()
Create a new policy builder instance.
static create(id: string): PolicyBuilder
// Example
const policy = PolicyBuilder
.create('document-access-policy')
.version('1.0.0')
.permit()
.description('Users can access their documents')
.condition(/* ... */)
.build()Builder Methods
permit()
Set the policy effect to Permit
permit(): PolicyBuilderdeny()
Set the policy effect to Deny
deny(): PolicyBuilderversion()
Set the policy version
version(v: string): PolicyBuilderdescription()
Set the policy description
description(d: string): PolicyBuildercondition()
Set the policy condition
condition(c: Condition): PolicyBuilderbuild()
Build and return the policy
build(): ABACPolicyConditionBuilder
Utility class for building policy conditions with comparison and logical operators.
Comparison Operators
// Equality ConditionBuilder.equals(left, right) ConditionBuilder.notEquals(left, right) // Comparison ConditionBuilder.greaterThan(left, right) ConditionBuilder.greaterThanOrEqual(left, right) ConditionBuilder.lessThan(left, right) ConditionBuilder.lessThanOrEqual(left, right) // Membership ConditionBuilder.in(left, array) ConditionBuilder.notIn(left, array) // String operations ConditionBuilder.contains(left, right) ConditionBuilder.startsWith(left, right) ConditionBuilder.endsWith(left, right) ConditionBuilder.matches(left, pattern) // Existence ConditionBuilder.exists(attribute) ConditionBuilder.notExists(attribute)
Logical Operators
// AND - All conditions must be true ConditionBuilder.and(...conditions) // OR - At least one condition must be true ConditionBuilder.or(...conditions) // NOT - Negate a condition ConditionBuilder.not(condition)
Example:
// Complex condition: (role === 'admin' OR level > 5) AND department === 'Engineering'
const condition = ConditionBuilder.and(
ConditionBuilder.or(
ConditionBuilder.equals(
AttributeRef.subject('role'),
'admin'
),
ConditionBuilder.greaterThan(
AttributeRef.subject('level'),
5
)
),
ConditionBuilder.equals(
AttributeRef.subject('department'),
'Engineering'
)
)AttributeRef
Helper class for creating attribute references in conditions.
// Subject attributes
AttributeRef.subject('attributeName')
// Resource attributes
AttributeRef.resource('attributeName')
// Action attributes
AttributeRef.action('attributeName')
// Environment attributes
AttributeRef.environment('attributeName')Example Usage:
import { ConditionBuilder, AttributeRef } from 'abac-engine'
// Check if subject's ID matches resource's owner
ConditionBuilder.equals(
AttributeRef.subject('id'),
AttributeRef.resource('ownerId')
)
// Check if subject's clearance level is sufficient
ConditionBuilder.greaterThanOrEqual(
AttributeRef.subject('clearanceLevel'),
AttributeRef.resource('classification')
)