auth

package
v0.1.26 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authorize

func Authorize() gin.HandlerFunc

Authorize returns a Gin middleware that enforces Casbin policy for the current request. It reads the authenticated user's roles from the "userInfo" context key and verifies that every role is permitted to access the requested URI and HTTP method. If any role fails the check the request is rejected with HTTP 403 Forbidden.

Example

ExampleAuthorize shows how to register the Casbin authorisation middleware on a Gin router. The middleware reads roles from the "userInfo" context key (set by the token.Authenticate middleware) and enforces the loaded policy.

Method-2 semantics: every role in the user's role list must pass the policy check. If any role is denied, the request is rejected with 403 Forbidden.

package main

import (
	"fmt"
	"net/http"
	"net/http/httptest"

	"github.com/phcp-tech/common-library-golang/auth"
	"github.com/phcp-tech/common-library-golang/dto"

	"github.com/gin-gonic/gin"
)

const exampleModel = `
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
`

const examplePolicy = `
p, admin, /api/data, GET
p, viewer, /api/data, GET
`

func main() {
	_ = auth.InitCasbin(true, exampleModel, examplePolicy)

	gin.SetMode(gin.TestMode)
	r := gin.New()

	// Inject userInfo into context (normally done by token.Authenticate).
	r.Use(func(c *gin.Context) {
		c.Set("userInfo", dto.LoginUser{
			UserId:   1,
			Username: "alice",
			Roles:    []string{"admin"},
		})
		c.Next()
	})
	r.Use(auth.Authorize())
	r.GET("/api/data", func(c *gin.Context) { c.Status(http.StatusOK) })

	// Allowed role — 200 OK.
	w := httptest.NewRecorder()
	req := httptest.NewRequest(http.MethodGet, "/api/data", nil)
	r.ServeHTTP(w, req)
	fmt.Println(w.Code)
}
Output:
200

func InitCasbin

func InitCasbin(fs bool, configModel string, configPolicy string) error

InitCasbin initializes the global Casbin enforcer from either in-memory strings or file paths. When fs is true, configModel and configPolicy are treated as raw model/policy strings; otherwise they are treated as file paths to the model and policy files.

Example (Files)

ExampleInitCasbin_files shows how to initialise the Casbin enforcer from model and policy files on disk. Pass fs=false to treat the arguments as file paths.

package main

import (
	"fmt"

	"github.com/phcp-tech/common-library-golang/auth"
)

func main() {
	err := auth.InitCasbin(false, "model.conf", "policy.csv")
	if err != nil {
		fmt.Println("error:", err != nil) // file not found in test environment
	}
}
Output:
error: true
Example (Strings)

ExampleInitCasbin_strings shows how to initialise the Casbin enforcer from in-memory model and policy strings. Pass fs=true to treat the arguments as raw strings instead of file paths.

package main

import (
	"fmt"

	"github.com/phcp-tech/common-library-golang/auth"
)

const exampleModel = `
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
`

const examplePolicy = `
p, admin, /api/data, GET
p, viewer, /api/data, GET
`

func main() {
	err := auth.InitCasbin(true, exampleModel, examplePolicy)
	fmt.Println(err)
}
Output:
<nil>

Types

This section is empty.

Directories

Path Synopsis
Package component provides Casbin lifecycle integration for bootstrap.
Package component provides Casbin lifecycle integration for bootstrap.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL