Skip to content
Open Policy Agent-based API Authorization in Dart
Dart Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin
lib
policies
.gitignore
CHANGELOG.md
Dockerfile
LICENSE
README.md
logo.png
pubspec.yaml

README.md

logo OPA API Authorization in Dart Example

This repository shows how to integrate a service written in Dart with OPA to perform API authorization. It is a direct port of the OPA-Python example, with a few enhancements.

Trying the example

This example utilizes an independent OPA server which must already be running, and which must allow new policies to be uploaded. An existing OPA server URI can be defined in the OPA_URL environment variable, which otherwise defaults to a local instance at http://localhost:8181.

To run the OPA instance locally:

$ opa run -s

note that the example policy (in the ./policies directory) will be uploaded to the OPA server by the application directly. Any additional policies with the .rego extension found in this directory will similarly be uploaded to the OPA server on start.

Run the server:

$ dart bin/server.dart

Without authorization, view a list of cars:

$ curl -X GET localhost:8080/cars

As someone with the manager role, create a car (this should be allowed):

$ curl -H 'Authorization: alice' -H 'Content-Type: application/json' \
    -X PUT localhost:8080/cars/test-car \
    -d '{"model": "Toyota", "vehicle_id": "357192", "owner_id": "4821", "id": "test-car"}'

As someone with the car admin role, try to delete a car (this should be denied):

$ curl -H 'Authorization: kelly' \
    -X DELETE localhost:8080/cars/test-car

Running from Docker

To run from Docker, simply specify the host and port of the OPA server through the passed in OPA_URL environment variable:

$ docker run -e OPA_URL='opa:8181' -p 8080:8080 adaptant/opa-api-authz-dart

Note that by default the Docker image enables the Dart Observatory, which binds port 8181 within the container by default. If using --net=host, the default Observatory port needs to be shifted out of the way. This can be done by tweaking the DART_VM_OPTIONS, as so:

$ docker run -e DART_VM_OPTIONS='--enable-vm-service=8282' --net=host adaptant/opa-api-authz-dart:latest

Starting Dart with additional options --enable-vm-service=8282
Observatory listening on http://127.0.0.1:8282/4y7welzb8Fc=/
Applying policy: ./policies/example.rego
Example Service listening on 0.0.0.0:8080
...

Features and bugs

Please file feature requests and bugs at the issue tracker.

License

Licensed under the terms of the Apache 2.0 license (the license under which the OPA-Python example was released), the full version of which can be found in the LICENSE file included in this distribution.

Acknowledgements

You can’t perform that action at this time.