Open Policy Agent (OPA) middleware for actix-web
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Build Status Status License Documentation

Open Policy Agent (openpolicyagent/OPA) middleware for actix-web applications.

This middleware performs a policy check against an Open Policy Agent instance for incoming HTTP requests.

Both the policy check request and response are generic.




Take the following request :

curl -XGET -H 'Authorization: Bearer 123123123' http://localhost:8080/order/item/1

This will need to be translated to a JSON call to OPA :

  "input" : {
    "token"  : "123123123",
    "method" : "GET",
    "path"   : ["order", "item", "1"]

We represent this as two Rust structs which implement Serialize,

struct PolicyRequest {
    input: PolicyRequestInput,

struct PolicyRequestInput {
    token: String,
    method: String,
    path: Vec<String>,

The expected response is a JSON object :

   "result" : {
      "allow" : true

We represent this as two Rust structs which implement Deserialize,

struct PolicyResponse {
    input: PolicyResponseResult,

struct PolicyResponseResult {
    allow: bool,

Lastly we have to implement the OPARequest<S> trait so that

    impl<S> OPARequest<S> for PolicyRequest {
        fn from_http_request(_req: &HttpRequest<S>) -> Result<Self, String> {
            // This needs to be constructured from _req
            Ok(PolicyRequest {
              input: PolicyRequestInput {
                token: "123".into(),
                method: "GET",
                path: vec!["order", "item", "1"],
    type VerifierMiddleware = PolicyVerifier<PolicyRequest, PolicyResponse>;