wauth is an authorization middleware for Gin, it's based on https://github.com/casbin/casbin.
go get github.com/wyy-go/wauthpackage main
import (
"net/http"
"github.com/casbin/casbin/v2"
"github.com/gin-gonic/gin"
"github.com/wyy-go/wauth"
)
func main() {
e, err := casbin.NewEnforcer("../casbin_model.conf", "../casbin_policy.csv")
if err != nil {
panic(err)
}
router := gin.New()
router.Use(
func(c *gin.Context) {
wauth.CtxWithSubject(c, "alice")
},
wauth.NewAuthorizer(e),
)
router.GET("/dataset1/resource1", func(c *gin.Context) {
c.String(http.StatusOK, "alice own this resource")
})
router.GET("/dataset2/resource1", func(c *gin.Context) {
c.String(http.StatusOK, "alice do not own this resource")
})
router.Run(":8080")
}The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:
subject: the logged-on user nameobject: the URL path for the web resource like "dataset1/item1"action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the Casbin's documentation.
This project is under MIT License. See the LICENSE file for the full license text.