DEV Community: Naman Kumar The latest articles on DEV Community by Naman Kumar (@hereisnaman). https://dev.to/hereisnaman https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F225372%2F36feb2f9-56b3-42dd-8c02-f3029fec6339.jpg DEV Community: Naman Kumar https://dev.to/hereisnaman en Logical OR (||) vs Nullish Coalescing Operator (??) in JavaScript Naman Kumar Wed, 22 Apr 2020 01:32:23 +0000 https://dev.to/hereisnaman/logical-or-vs-nullish-coalescing-operator-in-javascript-3851 https://dev.to/hereisnaman/logical-or-vs-nullish-coalescing-operator-in-javascript-3851 <p>With the latest release of version 14, the Nullish Coalescing Operator (??) is now supported in NodeJS. In this post let us see what is the use case of this operator and how is it different from the logical OR.</p> <h3> Logical Or (||) </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">paginate</span> <span class="o">=</span> <span class="p">(</span><span class="nx">options</span> <span class="o">=</span> <span class="p">{})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">5</span><span class="p">].</span><span class="nx">splice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">options</span><span class="p">.</span><span class="nx">limit</span> <span class="o">||</span> <span class="mi">3</span><span class="p">);</span> <span class="p">}</span> <span class="nx">paginate</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="c1">// expected: [1], output: [1]</span> <span class="nx">paginate</span><span class="p">();</span> <span class="c1">// expected: [1, 2, 3], output: [1, 2, 3]</span> <span class="nx">paginate</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="c1">// expected: [], output: [1, 2, 3]</span> </code></pre> </div> <p>How the logical or operator functions is, it returns the right hand value if the left hand value coerce to false. And that not only includes <code>undefined</code> and <code>null</code> but also <code>0</code> and <code>''</code>.</p> <p>In many of our use cases, like the one above this causes unexpected results and we end up using the <code>typeof</code> operator.</p> <h3> Nullish Coalescing Operator (??) </h3> <p>This solves the problem for us. This operators returns the right hand value only if the left hand value is either <code>null</code> or <code>undefined</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">paginate</span> <span class="o">=</span> <span class="p">(</span><span class="nx">options</span> <span class="o">=</span> <span class="p">{})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">5</span><span class="p">].</span><span class="nx">splice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">options</span><span class="p">.</span><span class="nx">limit</span> <span class="p">??</span> <span class="mi">3</span><span class="p">);</span> <span class="p">}</span> <span class="nx">paginate</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="c1">// expected: [1], output: [1]</span> <span class="nx">paginate</span><span class="p">();</span> <span class="c1">// expected: [1, 2, 3], output: [1, 2, 3]</span> <span class="nx">paginate</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="c1">// expected: [], output: []</span> </code></pre> </div> <p><em>Share your quick JavaScript bites in comments.</em></p> node javascript opensourc A minimal authorization policy builder for NodeJs Naman Kumar Tue, 14 Apr 2020 18:47:45 +0000 https://dev.to/hereisnaman/a-minimal-authorization-policy-builder-for-nodejs-60d https://dev.to/hereisnaman/a-minimal-authorization-policy-builder-for-nodejs-60d <h1> auth-policy </h1> <p>A minimal authorization policy builder which defines if a viewer can perform an action on an entity. The Policy can be defined in a declarative manner and can be consumed at various layers of any application.</p> <p><strong>Github</strong>: <a href="https://github.com/hereisnaman/auth-policy">https://github.com/hereisnaman/auth-policy</a><br> <strong>NPM</strong>: <a href="https://www.npmjs.com/package/auth-policy">https://www.npmjs.com/package/auth-policy</a></p> <h2> Usage </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn add auth-policy </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">Policy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">auth-policy</span><span class="dl">'</span> <span class="c1">// create a new policy</span> <span class="kd">const</span> <span class="nx">userPolicy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Policy</span><span class="p">();</span> <span class="c1">// register concern</span> <span class="nx">userPolicy</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">update</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">viewer</span><span class="p">,</span> <span class="na">entity</span><span class="p">:</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">value</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="nx">viewer</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Admin</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="nx">viewer</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="nx">value</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Admin</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">});</span> <span class="c1">// verify authorization</span> <span class="nx">userPolicy</span><span class="p">.</span><span class="nx">can</span><span class="p">(</span><span class="nx">viewer</span><span class="p">).</span><span class="nx">perform</span><span class="p">(</span><span class="dl">'</span><span class="s1">:update</span><span class="dl">'</span><span class="p">).</span><span class="nx">having</span><span class="p">(</span><span class="nx">value</span><span class="p">).</span><span class="nx">on</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> </code></pre> </div> <h2> Documentation </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Name</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>viewer</td> <td>The user for whom the authorization is being verified.</td> </tr> <tr> <td>action</td> <td>A string which defines the action to be performed by the viewer.</td> </tr> <tr> <td>entity</td> <td>The object against which the action is to be performed.</td> </tr> <tr> <td>value</td> <td>The value associated with the action.</td> </tr> </tbody> </table></div> <h3> Concerns </h3> <p>Every policy has multiple concerns, each of which maps to an action performed by the viewer and defines if the viewer is authorized to perfom that certain action. Concerns are added to a policy using the <code>register</code> function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">Policy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">auth-policy</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userPolicy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Policy</span><span class="p">();</span> <span class="c1">// registering a single concern</span> <span class="c1">// associated action = ':read'</span> <span class="nx">userPolicy</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">viewer</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="o">!!</span><span class="nx">viewer</span><span class="p">);</span> <span class="c1">// registering multiple concerns with same authorization policy</span> <span class="c1">// associated actions = ':update', ':delete'</span> <span class="nx">userPolicy</span><span class="p">.</span><span class="nx">register</span><span class="p">([</span><span class="dl">'</span><span class="s1">update</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">delete</span><span class="dl">'</span><span class="p">],</span> <span class="p">({</span> <span class="nx">viewer</span><span class="p">,</span> <span class="nx">entity</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">viewer</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Admin</span><span class="dl">'</span> <span class="o">||</span> <span class="nx">viewer</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">entity</span><span class="p">.</span><span class="nx">id</span> <span class="p">);</span> </code></pre> </div> <h3> Child Policies </h3> <p>Any policy can have multiple child policies which can be included using the <code>include</code> function. It is recommended to have a single root level policy and nest all the other entity level policies inside it.</p> <p>A policy can be included in two ways, either by passing a prebuilt instance of <code>Policy</code> or using a callback function which receives a fresh instance of <code>Policy</code> in the argument that can be used to define the concerns inside the function. Policies can be deeply nested as much as you need.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">Policy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">auth-policy</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">postPolicy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Policy</span><span class="p">();</span> <span class="c1">// associated action = ':read'</span> <span class="nx">postPolicy</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">viewer</span><span class="p">,</span> <span class="nx">entity</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">entity</span><span class="p">.</span><span class="nx">isPublished</span> <span class="o">||</span> <span class="nx">viewer</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">entity</span><span class="p">.</span><span class="nx">publisher_id</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">policy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Policy</span><span class="p">();</span> <span class="c1">// including a prebuilt policy</span> <span class="c1">// available actions = 'post:read'</span> <span class="nx">policy</span><span class="p">.</span><span class="nx">include</span><span class="p">(</span><span class="dl">'</span><span class="s1">post</span><span class="dl">'</span><span class="p">,</span> <span class="nx">postPolicy</span><span class="p">);</span> <span class="c1">// using a callback function to define a new policy</span> <span class="c1">// accociated actions = 'user:read', 'user:email:update', 'user:phone_number:update'</span> <span class="nx">policy</span><span class="p">.</span><span class="nx">include</span><span class="p">(</span><span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="nx">p</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">p</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">viewer</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="o">!!</span><span class="nx">viewer</span><span class="p">);</span> <span class="c1">// include another set of nested policies at once</span> <span class="nx">p</span><span class="p">.</span><span class="nx">include</span><span class="p">([</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">phone_number</span><span class="dl">'</span><span class="p">],</span> <span class="nx">p</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">p</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">update</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">viewer</span><span class="p">,</span> <span class="na">entity</span><span class="p">:</span> <span class="nx">user</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">viewer</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h3> Authorization </h3> <p>Once the policy is defined we can simply use the <code>can</code> function chain to verify the access to the viewer for a certain action.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">Policy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">auth-policy</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">policy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Policy</span><span class="p">();</span> <span class="nx">policy</span><span class="p">.</span><span class="nx">include</span><span class="p">(</span><span class="dl">'</span><span class="s1">invite</span><span class="dl">'</span><span class="p">,</span> <span class="nx">p</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">p</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">read</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">);</span> <span class="nx">p</span><span class="p">.</span><span class="nx">register</span><span class="p">(</span><span class="dl">'</span><span class="s1">update</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">viewer</span><span class="p">,</span> <span class="na">entity</span><span class="p">:</span> <span class="nx">invite</span><span class="p">,</span> <span class="nx">value</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="nx">viewer</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">invite</span><span class="p">.</span><span class="nx">organiser_id</span><span class="p">)</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="nx">viewer</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">invite</span><span class="p">.</span><span class="nx">user_id</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="nx">invite</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Requested</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">value</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Accepted</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">});</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">viewer</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">1</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">organiser</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">2</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">invite</span> <span class="o">=</span> <span class="p">{</span> <span class="na">user_id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">organiser_id</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Requested</span><span class="dl">'</span> <span class="p">};</span> <span class="nx">policy</span><span class="p">.</span><span class="nx">can</span><span class="p">(</span><span class="nx">viewer</span><span class="p">).</span><span class="nx">perform</span><span class="p">(</span><span class="dl">'</span><span class="s1">invite:read</span><span class="dl">'</span><span class="p">).</span><span class="nx">on</span><span class="p">(</span><span class="nx">invite</span><span class="p">);</span> <span class="c1">// true</span> <span class="kd">const</span> <span class="nx">updatedValue</span> <span class="o">=</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Accepted</span><span class="dl">'</span> <span class="p">};</span> <span class="cm">/* pass value using `having` function if * there is any value associated with the action. */</span> <span class="nx">policy</span><span class="p">.</span><span class="nx">can</span><span class="p">(</span><span class="nx">viewer</span><span class="p">).</span><span class="nx">perform</span><span class="p">(</span><span class="dl">'</span><span class="s1">invite:update</span><span class="dl">'</span><span class="p">).</span><span class="nx">having</span><span class="p">(</span><span class="nx">updatedValue</span><span class="p">).</span><span class="nx">on</span><span class="p">(</span><span class="nx">invite</span><span class="p">)</span> <span class="c1">// false</span> <span class="nx">policy</span><span class="p">.</span><span class="nx">can</span><span class="p">(</span><span class="nx">organiser</span><span class="p">).</span><span class="nx">perform</span><span class="p">(</span><span class="dl">'</span><span class="s1">invite:update</span><span class="dl">'</span><span class="p">).</span><span class="nx">having</span><span class="p">(</span><span class="nx">updatedValue</span><span class="p">).</span><span class="nx">on</span><span class="p">(</span><span class="nx">invite</span><span class="p">)</span> <span class="c1">// true</span> </code></pre> </div> npm node javascript authorization