JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 42
  • Score
    100M100P100Q89983F
  • License ISC

Package Exports

  • better-auth-rbac
  • better-auth-rbac/client

Readme

Better Auth RBAC Plugin

A flexible Role-Based Access Control (RBAC) plugin for Better Auth that provides fine-grained permission management.

Features

  • Role-based permission management
  • Granular access control
  • Easy integration with Better Auth
  • Built-in user impersonation
  • Ban/unban user management
  • Session management
  • Default role assignment

Installation

npm install better-auth-rbac

Basic Usage

Server Configuration

import { rbac } from 'better-auth-rbac';
import { betterAuth } from "better-auth";

// Initialize Better Auth with RBAC plugin
const auth = betterAuth({
    plugins: [
        rbac({
            // Optional configuration
            defaultRoleId: '2', // Default role ID for new users
            adminRoleIds: ['1'], // Array of admin role IDs
            bannedUserMessage: "Custom ban message", // Custom message for banned users
            impersonationSessionDuration: 3600 // Duration in seconds for impersonation sessions
        })
    ]
});

Client Configuration

import { rbacClient } from "better-auth-rbac/client";

export const authClient = createAuthClient({
  plugins: [
    rbacClient()
  ]
});

Permission Checks

// Check permissions by IDs
const hasAccess = auth.api.hasPermission({
    body: {
        permissionIds: ['1', '2', '3'],
        userId: "1", // Optional: Check specific user
        roleId: '1'    // Optional: Check specific role
    }
});

// Check permissions by resource/action mapping
const hasAccess = auth.api.hasPermission({
    body: {
        permissions: {
            user: ["read", "create"],
            post: ["read"]
        },
        userId: "1"
    }
});

API Reference

Core Endpoints

Endpoint Method Description
/admin/has-permission POST Check if a user/role has specific permissions
/admin/:roleId/role-permissions GET List permissions for a role
/admin/update-role-permission POST Update role permissions
/admin/set-role POST Set a user's role

User Management

Endpoint Method Description
/admin/create-user POST Create a new user
/admin/update-user POST Update user details
/admin/remove-user POST Delete a user
/admin/set-user-password POST Set user's password
/admin/ban-user POST Ban a user
/admin/unban-user POST Unban a user

Session Management

Endpoint Method Description
/admin/list-user-sessions POST List user's sessions
/admin/revoke-user-session POST Revoke specific session
/admin/revoke-user-sessions POST Revoke all user sessions
/admin/impersonate-user POST Impersonate a user
/admin/stop-impersonating POST Stop user impersonation

User Operations

Endpoint Method Description
/admin/get-user GET Get user details
/admin/list-users GET List users with filtering and pagination

License

ISC