From 0cab5f54c2e78e1fdca1ae399a09b04911f1f1ec Mon Sep 17 00:00:00 2001 From: Roland Groza Date: Tue, 16 Jul 2019 11:52:20 +0800 Subject: [PATCH] Upgrade to casbin v2 and close #10 --- casbin/broken_auth_model.conf | 14 ++++++++++++++ casbin/casbin.go | 28 ++++++++++++++++++---------- casbin/casbin_test.go | 13 +++++++++---- go.mod | 3 +-- go.sum | 24 +++--------------------- 5 files changed, 45 insertions(+), 37 deletions(-) create mode 100644 casbin/broken_auth_model.conf diff --git a/casbin/broken_auth_model.conf b/casbin/broken_auth_model.conf new file mode 100644 index 0000000..b692c34 --- /dev/null +++ b/casbin/broken_auth_model.conf @@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(, p.sub) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*") diff --git a/casbin/casbin.go b/casbin/casbin.go index 6c45f8d..ab4cb3c 100644 --- a/casbin/casbin.go +++ b/casbin/casbin.go @@ -5,16 +5,16 @@ Simple example: package main import ( - "github.com/casbin/casbin" + "github.com/casbin/casbin/v2" "github.com/labstack/echo/v4" - "github.com/labstack/echo-contrib/casbin" casbin-mw + casbin_mw "github.com/labstack/echo-contrib/casbin" ) func main() { e := echo.New() // Mediate the access for every request - e.Use(casbin-mw.Middleware(casbin.NewEnforcer("auth_model.conf", "auth_policy.csv"))) + e.Use(casbin_mw.Middleware(casbin.NewEnforcer("auth_model.conf", "auth_policy.csv"))) e.Logger.Fatal(e.Start(":1323")) } @@ -24,19 +24,19 @@ Advanced example: package main import ( - "github.com/casbin/casbin" + "github.com/casbin/casbin/v2" "github.com/labstack/echo/v4" - "github.com/labstack/echo-contrib/casbin" casbin-mw + casbin_mw "github.com/labstack/echo-contrib/casbin" ) func main() { - ce := casbin.NewEnforcer("auth_model.conf", "") + ce, _ := casbin.NewEnforcer("auth_model.conf", "") ce.AddRoleForUser("alice", "admin") ce.AddPolicy(...) e := echo.New() - echo.Use(casbin-mw.Middleware(ce)) + e.Use(casbin_mw.Middleware(ce)) e.Logger.Fatal(e.Start(":1323")) } @@ -45,7 +45,9 @@ Advanced example: package casbin import ( - "github.com/casbin/casbin" + "net/http" + + "github.com/casbin/casbin/v2" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" ) @@ -89,8 +91,14 @@ func MiddlewareWithConfig(config Config) echo.MiddlewareFunc { return func(next echo.HandlerFunc) echo.HandlerFunc { return func(c echo.Context) error { - if config.Skipper(c) || config.CheckPermission(c) { + if config.Skipper(c) { + return next(c) + } + + if pass, err := config.CheckPermission(c); err == nil && pass { return next(c) + } else if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, err.Error()) } return echo.ErrForbidden @@ -107,7 +115,7 @@ func (a *Config) GetUserName(c echo.Context) string { // CheckPermission checks the user/method/path combination from the request. // Returns true (permission granted) or false (permission forbidden) -func (a *Config) CheckPermission(c echo.Context) bool { +func (a *Config) CheckPermission(c echo.Context) (bool, error) { user := a.GetUserName(c) method := c.Request().Method path := c.Request().URL.Path diff --git a/casbin/casbin_test.go b/casbin/casbin_test.go index b30db12..4286fc5 100644 --- a/casbin/casbin_test.go +++ b/casbin/casbin_test.go @@ -5,7 +5,7 @@ import ( "net/http/httptest" "testing" - "github.com/casbin/casbin" + "github.com/casbin/casbin/v2" "github.com/labstack/echo/v4" ) @@ -37,7 +37,7 @@ func testRequest(t *testing.T, ce *casbin.Enforcer, user string, path string, me } func TestAuth(t *testing.T) { - ce := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") + ce, _ := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") testRequest(t, ce, "alice", "/dataset1/resource1", echo.GET, 200) testRequest(t, ce, "alice", "/dataset1/resource1", echo.POST, 200) @@ -46,7 +46,7 @@ func TestAuth(t *testing.T) { } func TestPathWildcard(t *testing.T) { - ce := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") + ce, _ := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") testRequest(t, ce, "bob", "/dataset2/resource1", "GET", 200) testRequest(t, ce, "bob", "/dataset2/resource1", "POST", 200) @@ -64,7 +64,7 @@ func TestPathWildcard(t *testing.T) { } func TestRBAC(t *testing.T) { - ce := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") + ce, _ := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") // cathy can access all /dataset1/* resources via all methods because it has the dataset1_admin role. testRequest(t, ce, "cathy", "/dataset1/item", "GET", 200) @@ -84,3 +84,8 @@ func TestRBAC(t *testing.T) { testRequest(t, ce, "cathy", "/dataset2/item", "POST", 403) testRequest(t, ce, "cathy", "/dataset2/item", "DELETE", 403) } + +func TestEnforceError(t *testing.T) { + ce, _ := casbin.NewEnforcer("broken_auth_model.conf", "auth_policy.csv") + testRequest(t, ce, "cathy", "/dataset1/item", "GET", 500) +} diff --git a/go.mod b/go.mod index d4e4f39..7eae27c 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,10 @@ module github.com/labstack/echo-contrib require ( - github.com/casbin/casbin v1.8.2 + github.com/casbin/casbin/v2 v2.0.0 github.com/gorilla/context v1.1.1 github.com/gorilla/sessions v1.1.3 github.com/labstack/echo/v4 v4.1.6 github.com/stretchr/testify v1.3.0 golang.org/x/sys v0.0.0-20190610200419-93c9922d18ae // indirect - golang.org/x/tools v0.0.0-20190610214847-0945d3616f18 // indirect ) diff --git a/go.sum b/go.sum index 37c8763..5c023e9 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,7 @@ -github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg= -github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/casbin/casbin v1.4.0 h1:TCykTIM1VrxrEsglLtp4cbDHF0GwPU/pjMKxRpRmnJQ= -github.com/casbin/casbin v1.4.0/go.mod h1:c67qKN6Oum3UF5Q1+BByfFxkwKvhwW57ITjqwtzR1KE= -github.com/casbin/casbin v1.8.2 h1:hJrnZxIXnsxyxQ8zvrUWYrR+MJK+J1X7sBeA5DuLh+o= -github.com/casbin/casbin v1.8.2/go.mod h1:z8uPsfBJGUsnkagrt3G8QvjgTKFMBJ32UP8HpZllfog= +github.com/casbin/casbin/v2 v2.0.0 h1:OIcnP8SxwF1gmGxOn7Kod/O/7yJikpHWQz0qiBJpG/U= +github.com/casbin/casbin/v2 v2.0.0/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -18,20 +14,12 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.1.3 h1:uXoZdcdA5XdXF3QzuSlheVRUvjl+1rKY7zBXL68L9RU= github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w= -github.com/labstack/echo/v4 v4.0.0 h1:q1GH+caIXPP7H2StPIdzy/ez9CO0EepqYeUg6vi9SWM= -github.com/labstack/echo/v4 v4.0.0/go.mod h1:tZv7nai5buKSg5h/8E6zz4LsD/Dqh9/91Mvs7Z5Zyno= github.com/labstack/echo/v4 v4.1.6 h1:WOvLa4T1KzWCRpANwz0HGgWDelXSSGwIKtKBbFdHTv4= github.com/labstack/echo/v4 v4.1.6/go.mod h1:kU/7PwzgNxZH4das4XNsSpBSOD09XIF5YEPzjpkGnGE= -github.com/labstack/gommon v0.2.8 h1:JvRqmeZcfrHC5u6uVleB4NxxNbzx6gpbJiQknDbKQu0= -github.com/labstack/gommon v0.2.8/go.mod h1:/tj9csK2iPSBvn+3NLM9e52usepMtrd5ilFYA+wQNJ4= github.com/labstack/gommon v0.2.9 h1:heVeuAYtevIQVYkGj6A41dtfT91LrvFG220lavpWhrU= github.com/labstack/gommon v0.2.9/go.mod h1:E8ZTmW9vw5az5/ZyHWCp0Lw4OH2ecsaBP1C/NKavGG4= -github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -42,12 +30,8 @@ github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasttemplate v0.0.0-20170224212429-dcecefd839c4 h1:gKMu1Bf6QINDnvyZuTaACm9ofY+PRh+5vFz4oxBZeF8= -github.com/valyala/fasttemplate v0.0.0-20170224212429-dcecefd839c4/go.mod h1:50wTf68f99/Zt14pr046Tgt3Lp2vLyFZKzbFXTOabXw= github.com/valyala/fasttemplate v1.0.1 h1:tY9CJiPnMXf1ERmG2EyK7gNUd+c6RKGD0IfU8WdUSz8= github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8= -golang.org/x/crypto v0.0.0-20190130090550-b01c7a725664 h1:YbZJ76lQ1BqNhVe7dKTSB67wDrc2VPRR75IyGyyPDX8= -golang.org/x/crypto v0.0.0-20190130090550-b01c7a725664/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5 h1:58fnuSXlxZmFdJyvtTFVmVhcMLU6v5fEb/ok4wyqtNU= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -56,17 +40,15 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190607181551-461777fb6f67 h1:rJJxsykSlULwd2P2+pg/rtnwN2FrWp4IuCxOSyS0V00= golang.org/x/net v0.0.0-20190607181551-461777fb6f67/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc h1:WiYx1rIFmx8c0mXAFtv5D/mHyKe1+jmuP7PViuwqwuQ= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190609082536-301114b31cce/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190610200419-93c9922d18ae h1:xiXzMMEQdQcric9hXtr1QU98MHunKK7OTtsoU6bYWs4= golang.org/x/sys v0.0.0-20190610200419-93c9922d18ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190608022120-eacb66d2a7c3/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190610214847-0945d3616f18/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=