casbin-server

command module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 23, 2020 License: Apache-2.0 Imports: 2 Imported by: 0

README

PasySuper Casbin Server

License contributions welcome Build Status Go Report Card

Table of Contents

What is Casbin Server?

Casbin Server is the Access Control as a Service (ACaaS) solution based on Casbin. It provides go-micro interface for Casbin authorization.

Casbin-Server is just a container of Casbin enforcers and adapters. Casbin-Server is designed to be compute-intensive (for calculating whether an access should be allowed) instead of a centralized policy storage. Just like how the native Casbin library works, each Casbin enforcer in Casbin-Server can use its own adapter, which is linked with external database for a policy storage.

Of course, you can setup Casbin-Server together with your policy database in the same machine. But they can be separated. If you want to achieve high availability, you can use a Redis cluster as policy storage, then link Casbin-Server's adapter with it. In this sense, Casbin enforcer can be viewed as stateless component. It just retrieves the policy rules it is interested in (via sharding), does some computation and then returns allow or deny.

Architecture

Casbin-Server uses the client-server architecture. Casbin-Server itself is the server (in Golang only for now). The clients for Casbin-Server are listed here:

Installation

go get github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger

go get github.com/unistack-org/protoc-gen-microrest

go get github.com/paysuper/casbin-server

Optionally regenerate:

go generate

Database Support

Application handles database configurations from the environment variables:

Environment variables:
Name Description
CASBIN_ADAPTER Specifies adapter name. Available values: "postgres", "sqlite3", "mysql and so.
CASBIN_DSN Specifies additional data for adapter like path to sqlite3 database file, or user, password and host for mysql/postgres.

For example:

CASBIN_ADAPTER="postgres" CASBIN_DSN="user=postgres password=mysecretpassword host=127.0.0.1 port=5432 sslmode=disable"

Similar to Casbin, Casbin-Server also uses adapters to provide policy storage. However, because Casbin-Server is a service instead of a library, the adapters have to be implemented inside Casbin-Server. As Golang is a static language, each adapter requires to import 3rd-party library for that database. We cannot import all those 3rd-party libraries inside Casbin-Server's code, as it causes dependency overhead.

Limitation of ABAC

Casbin-Server also supports the ABAC model as the Casbin library does. You may wonder how Casbin-Server passes the Go structs to the server-side via network? Good question. In fact, Casbin-Server's client dumps Go struct into JSON and transmits the JSON string prefixed by ABAC:: to Casbin-Server. Casbin-Server will recognize the prefix and load the JSON string into a pre-defined Go struct with 11 string members, then pass it to Casbin. So there will be several limitations for Casbin-Server's ABAC compared to Casbin's ABAC:

  1. The Go struct should be flat, all members should be primitive types, e.g., string, int, boolean. No nested struct, no slice or map.
  2. All members should be public (first letter capitalized).
  3. The Go struct is limited to 11 members at most. If you want to have more members, you should modify Casbin-Server's source code by adding more members and rebuild it.

Contributing, Feature Requests and Support

If you like this project then you can put a ⭐ on it. It means a lot to us.

If you have an idea of how to improve PaySuper (or any of the product parts) or have general feedback, you're welcome to submit a feature request.

Chances are, you like what we have already but you may require a custom integration, a special license or something else big and specific to your needs. We're generally open to such conversations.

If you have a question and can't find the answer yourself, you can raise an issue and describe what exactly you're trying to do. We'll do our best to reply in a meaningful time.

We feel that a welcoming community is important and we ask that you follow PaySuper's Open Source Code of Conduct in all interactions with the community.

PaySuper welcomes contributions from anyone and everyone. Please refer to our contribution guide to learn more.

License

The project is available as open source under the terms of the Apache-2.0 License.

Documentation

Overview

/go:generate go get github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger /go:generate go get github.com/unistack-org/protoc-gen-microrest /go:generate go get go get github.com/vektra/mockery/.../ /go:generate mockery -dir=api/proto/casbinpb -name=CasbinService /go:generate protoc -I./assets/proto -Iapi/proto/casbinpb/ --swagger_out=allow_delete_body=true,logtostderr=true:. --micro_out=paths=source_relative:./api/proto/casbinpb --go_out=paths=source_relative:./api/proto/casbinpb casbin.proto /go:generate protoc -I./assets/proto -Iapi/proto/casbinpb/ --microrest_out=paths=source_relative:./api/proto/casbinpb casbin.proto /go:generate go get github.com/envoyproxy/protoc-gen-validate /go:generate protoc -I./assets/proto -Iapi/proto/casbinpb/ --validate_out=paths=source_relative,lang=go:./api/proto/casbinpb casbin.proto

Source Files

View all Source files

Directories

Path Synopsis
cmd
http
root
version
internal
config
daemon
dispatcher
dispatcher/common
handlers
server
pkg
generated/api/proto/casbinpb
http
micro
mocks

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.