casbin

package module

v1.0.14 Latest Latest Go to latest Published: Apr 19, 2024 License: MIT Imports: 6 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gofiber/contrib

Links

Open Source Insights

README ¶

id: casbin

Casbin

Release

Casbin middleware for Fiber.

Note: Requires Go 1.18 and above

Install

go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/contrib/casbin

choose an adapter from here

go get -u github.com/casbin/xorm-adapter

Signature

casbin.New(config ...casbin.Config) *casbin.Middleware

Config

Property	Type	Description	Default
ModelFilePath	`string`	Model file path	`"./model.conf"`
PolicyAdapter	`persist.Adapter`	Database adapter for policies	`./policy.csv`
Enforcer	`*casbin.Enforcer`	Custom casbin enforcer	`Middleware generated enforcer using ModelFilePath & PolicyAdapter`
Lookup	`func(*fiber.Ctx) string`	Look up for current subject	`""`
Unauthorized	`func(*fiber.Ctx) error`	Response body for unauthorized responses	`Unauthorized`
Forbidden	`func(*fiber.Ctx) error`	Response body for forbidden responses	`Forbidden`

Examples

CustomPermission

package main

import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/contrib/casbin"
  _ "github.com/go-sql-driver/mysql"
  "github.com/casbin/xorm-adapter/v2"
)

func main() {
  app := fiber.New()

  authz := casbin.New(casbin.Config{
      ModelFilePath: "path/to/rbac_model.conf",
      PolicyAdapter: xormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/"),
      Lookup: func(c *fiber.Ctx) string {
          // fetch authenticated user subject
      },
  })

  app.Post("/blog",
      authz.RequiresPermissions([]string{"blog:create"}, casbin.WithValidationRule(casbin.MatchAllRule)),
      func(c *fiber.Ctx) error {
        // your handler
      },
  )
  
  app.Delete("/blog/:id",
    authz.RequiresPermissions([]string{"blog:create", "blog:delete"}, casbin.WithValidationRule(casbin.AtLeastOneRule)),
    func(c *fiber.Ctx) error {
      // your handler
    },
  )

  app.Listen(":8080")
}

RoutePermission

package main

import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/contrib/casbin"
  _ "github.com/go-sql-driver/mysql"
  "github.com/casbin/xorm-adapter/v2"
)

func main() {
  app := fiber.New()

  authz := casbin.New(casbin.Config{
      ModelFilePath: "path/to/rbac_model.conf",
      PolicyAdapter: xormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/"),
      Lookup: func(c *fiber.Ctx) string {
          // fetch authenticated user subject
      },
  })

  // check permission with Method and Path
  app.Post("/blog",
    authz.RoutePermission(),
    func(c *fiber.Ctx) error {
      // your handler
    },
  )

  app.Listen(":8080")
}

RoleAuthorization

package main

import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/contrib/casbin"
  _ "github.com/go-sql-driver/mysql"
  "github.com/casbin/xorm-adapter/v2"
)

func main() {
  app := fiber.New()

  authz := casbin.New(casbin.Config{
      ModelFilePath: "path/to/rbac_model.conf",
      PolicyAdapter: xormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/"),
      Lookup: func(c *fiber.Ctx) string {
          // fetch authenticated user subject
      },
  })
  
  app.Put("/blog/:id",
    authz.RequiresRoles([]string{"admin"}),
    func(c *fiber.Ctx) error {
      // your handler
    },
  )

  app.Listen(":8080")
}

Documentation ¶

Index ¶

Variables
type Config
type Middleware
- func New(config ...Config) *Middleware
type Option
- func WithPermissionParser(pp PermissionParserFunc) Option
- func WithValidationRule(vr ValidationRule) Option
type OptionFunc
type Options
type PermissionParserFunc
- func PermissionParserWithSeperator(sep string) PermissionParserFunc
type ValidationRule

Constants ¶

This section is empty.

Variables ¶

View Source

var ConfigDefault = Config{
	ModelFilePath: "./model.conf",
	PolicyAdapter: fileadapter.NewAdapter("./policy.csv"),
	Lookup:        func(c *fiber.Ctx) string { return "" },
	Unauthorized:  func(c *fiber.Ctx) error { return c.SendStatus(fiber.StatusUnauthorized) },
	Forbidden:     func(c *fiber.Ctx) error { return c.SendStatus(fiber.StatusForbidden) },
}

View Source

var OptionsDefault = Options{
	ValidationRule:   MatchAllRule,
	PermissionParser: PermissionParserWithSeperator(":"),
}

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// ModelFilePath is path to model file for Casbin.
	// Optional. Default: "./model.conf".
	ModelFilePath string

	// PolicyAdapter is an interface for different persistent providers.
	// Optional. Default: fileadapter.NewAdapter("./policy.csv").
	PolicyAdapter persist.Adapter

	// Enforcer is an enforcer. If you want to use your own enforcer.
	// Optional. Default: nil
	Enforcer *casbin.Enforcer

	// Lookup is a function that is used to look up current subject.
	// An empty string is considered as unauthenticated user.
	// Optional. Default: func(c *fiber.Ctx) string { return "" }
	Lookup func(*fiber.Ctx) string

	// Unauthorized defines the response body for unauthorized responses.
	// Optional. Default: func(c *fiber.Ctx) error { return c.SendStatus(401) }
	Unauthorized fiber.Handler

	// Forbidden defines the response body for forbidden responses.
	// Optional. Default: func(c *fiber.Ctx) error { return c.SendStatus(403) }
	Forbidden fiber.Handler
}

Config holds the configuration for the middleware

func New ¶

func New(config ...Config) *Middleware

New creates an authorization middleware for use in Fiber

func (*Middleware) RequiresPermissions ¶

func (m *Middleware) RequiresPermissions(permissions []string, opts ...Option) fiber.Handler

RequiresPermissions tries to find the current subject and determine if the subject has the required permissions according to predefined Casbin policies.

func (*Middleware) RequiresRoles ¶

func (m *Middleware) RequiresRoles(roles []string, opts ...Option) fiber.Handler

RequiresRoles tries to find the current subject and determine if the subject has the required roles according to predefined Casbin policies.

func (*Middleware) RoutePermission ¶

func (m *Middleware) RoutePermission() fiber.Handler

RoutePermission tries to find the current subject and determine if the subject has the required permissions according to predefined Casbin policies. This method uses http Path and Method as object and action.

type Option ¶

type Option interface {
	// contains filtered or unexported methods
}

Option specifies casbin configuration options.

func WithPermissionParser ¶

func WithPermissionParser(pp PermissionParserFunc) Option

func WithValidationRule ¶

func WithValidationRule(vr ValidationRule) Option

type OptionFunc ¶

type OptionFunc func(*Options)

type Options ¶

type Options struct {
	ValidationRule   ValidationRule
	PermissionParser PermissionParserFunc
}

Options holds Options of middleware

type PermissionParserFunc ¶

type PermissionParserFunc func(str string) []string

PermissionParserFunc is used for parsing the permission to extract object and action usually

func PermissionParserWithSeperator ¶

func PermissionParserWithSeperator(sep string) PermissionParserFunc

type ValidationRule ¶

type ValidationRule int

const (
	MatchAllRule ValidationRule = iota
	AtLeastOneRule
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL