-
Notifications
You must be signed in to change notification settings - Fork 91
/
casbin.go
123 lines (97 loc) · 2.81 KB
/
casbin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/* Package casbin provides middleware to enable ACL, RBAC, ABAC authorization support.
Simple example:
package main
import (
"github.com/casbin/casbin/v2"
"github.com/labstack/echo/v4"
casbin_mw "github.com/labstack/echo-contrib/casbin"
)
func main() {
e := echo.New()
// Mediate the access for every request
e.Use(casbin_mw.Middleware(casbin.NewEnforcer("auth_model.conf", "auth_policy.csv")))
e.Logger.Fatal(e.Start(":1323"))
}
Advanced example:
package main
import (
"github.com/casbin/casbin/v2"
"github.com/labstack/echo/v4"
casbin_mw "github.com/labstack/echo-contrib/casbin"
)
func main() {
ce, _ := casbin.NewEnforcer("auth_model.conf", "")
ce.AddRoleForUser("alice", "admin")
ce.AddPolicy(...)
e := echo.New()
e.Use(casbin_mw.Middleware(ce))
e.Logger.Fatal(e.Start(":1323"))
}
*/
package casbin
import (
"net/http"
"github.com/casbin/casbin/v2"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
)
type (
// Config defines the config for CasbinAuth middleware.
Config struct {
// Skipper defines a function to skip middleware.
Skipper middleware.Skipper
// Enforcer CasbinAuth main rule.
// Required.
Enforcer *casbin.Enforcer
}
)
var (
// DefaultConfig is the default CasbinAuth middleware config.
DefaultConfig = Config{
Skipper: middleware.DefaultSkipper,
}
)
// Middleware returns a CasbinAuth middleware.
//
// For valid credentials it calls the next handler.
// For missing or invalid credentials, it sends "401 - Unauthorized" response.
func Middleware(ce *casbin.Enforcer) echo.MiddlewareFunc {
c := DefaultConfig
c.Enforcer = ce
return MiddlewareWithConfig(c)
}
// MiddlewareWithConfig returns a CasbinAuth middleware with config.
// See `Middleware()`.
func MiddlewareWithConfig(config Config) echo.MiddlewareFunc {
// Defaults
if config.Skipper == nil {
config.Skipper = DefaultConfig.Skipper
}
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if config.Skipper(c) {
return next(c)
}
if pass, err := config.CheckPermission(c); err == nil && pass {
return next(c)
} else if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
}
return echo.ErrForbidden
}
}
}
// GetUserName gets the user name from the request.
// Currently, only HTTP basic authentication is supported
func (a *Config) GetUserName(c echo.Context) string {
username, _, _ := c.Request().BasicAuth()
return username
}
// CheckPermission checks the user/method/path combination from the request.
// Returns true (permission granted) or false (permission forbidden)
func (a *Config) CheckPermission(c echo.Context) (bool, error) {
user := a.GetUserName(c)
method := c.Request().Method
path := c.Request().URL.Path
return a.Enforcer.Enforce(user, path, method)
}