authj

package

v0.3.0 Latest Latest Go to latest Published: May 6, 2021 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/thinkgos/http-middlewares

Links

Open Source Insights

README ¶

authj

authj is an authorization middleware for net/http, it's based on casbin.

Installation

    go get github.com/thinkgos/http-middlewares/authj

Simple Example

package main

import (
    "net/http"

    "github.com/casbin/casbin/v2"
    "github.com/thinkgos/http-middlewares/authj"
)

func main() {
    // load the casbin model and policy from files, database is also supported.
    e ,err := casbin.NewEnforcer("authz_model.conf", "authz_policy.csv")
    if err!= nil{
        panic(err)
    }

    // define your router, and use the Casbin authj middleware.
    // the access that is denied by authz will return HTTP 403 error.
    // before you use middleware2 your should use middleware1 to set subject
    middleware1 := func(next http.HandlerFunc) http.HandlerFunc{
        return func(w http.ResponseWriter, r *http.Request) {
            next.ServeHTTP(w, r.WithContext(authj.ContextWithSubject(r.Context(), "admin")))
        }
    }
    middleware2 := authj.NewAuthorizer(e)
}

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

subject: the logged-on user name
object: the URL path for the web resource like "dataset1/item1"
action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

License

This project is under MIT License. See the LICENSE file for the full license text.

Documentation ¶

Index ¶

func ContextWithSubject(ctx context.Context, subject string) context.Context
func NewAuthorizer(e casbin.IEnforcer, subject func(r *http.Request) string) func(next http.HandlerFunc) http.HandlerFunc
func Subject(r *http.Request) string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ContextWithSubject ¶

func ContextWithSubject(ctx context.Context, subject string) context.Context

ContextWithSubject return a copy of parent in which the value associated with subjectCtxKey is subject.

func NewAuthorizer ¶

func NewAuthorizer(e casbin.IEnforcer,
	subject func(r *http.Request) string) func(next http.HandlerFunc) http.HandlerFunc

NewAuthorizer returns the authorizer uses a Casbin enforcer and subject function as input

func Subject ¶ added in v0.0.3

func Subject(r *http.Request) string

Subject returns the value associated with this context for subjectCtxKey,

Types ¶

This section is empty.

Source Files ¶

View all Source files

authj.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL