This project implements a RESTful API for a blog application with built-in authorization using Cerbos. The API allows users to perform CRUD (Create, Read, Update, Delete) operations on blog posts while enforcing access control policies defined by Cerbos.
- User Authentication: Users can authenticate using basic authentication to access protected endpoints.
- Post Management: Users can create, read, update, and delete blog posts via the API.
- Fine-Grained Authorization: Access to API endpoints is controlled by Cerbos policies, enabling fine-grained control over who can perform specific actions on blog posts based on user roles, resource attributes, and environmental context.
| Users | Passwords | Roles |
|---|---|---|
| kunal | kunalPass | admin |
| bella | bellaPass | user |
| john | johnPass | user |
To run the project locally, follow these steps:
- Clone the repository:
git clone https://github.com/verma-kunal/blogapi-auth-cerbos.git
- Install dependencies:
go mod tidy
- Build and run the project:
cerbos run --set=storage.disk.directory=cerbos/policies -- go run main.go
Once the project is running, you can interact with the API using tools like cURL or Postman. Here are some example API endpoints:
- Create a Post:
curl -i -u kunal:kunalPass -X PUT http://localhost:8080/posts -d '{"title": "gitops 101", "owner": "kunal"}' - Read a Post:
curl -i -u kunal:kunalPass -X GET http://localhost:8080/posts/1
- Update a Post:
curl -i -u kunal:kunalPass -X POST http://localhost:8080/posts/1 -d '{"title": "kubernetes 101", "owner": "kunal"}' - Delete a Post:
curl -i -u kunal:kunalPass -X DELETE http://localhost:8080/posts/1
Contributions are welcome! If you'd like to contribute to the project, please fork the repository, make your changes, and submit a pull request. Make sure to follow the contribution guidelines outlined in the repository.
This project is licensed under the Apache License. See the LICENSE file for details.