{"id":21599445,"url":"https://github.com/abichinger/fastac","last_synced_at":"2025-04-11T01:07:07.636Z","repository":{"id":40454450,"uuid":"483982849","full_name":"abichinger/fastac","owner":"abichinger","description":"access control for go, supports RBAC, ABAC and ACL, drop-in replacement for casbin","archived":false,"fork":false,"pushed_at":"2022-06-11T18:18:53.000Z","size":372,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-06-21T14:20:37.190Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abichinger.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-21T09:12:01.000Z","updated_at":"2023-09-27T08:53:44.000Z","dependencies_parsed_at":"2022-08-09T21:00:41.052Z","dependency_job_id":null,"html_url":"https://github.com/abichinger/fastac","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abichinger%2Ffastac","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abichinger%2Ffastac/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abichinger%2Ffastac/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abichinger%2Ffastac/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abichinger","download_url":"https://codeload.github.com/abichinger/fastac/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226201972,"owners_count":17589343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T18:15:23.829Z","updated_at":"2024-11-24T18:15:24.289Z","avatar_url":"https://github.com/abichinger.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n\u003cimg src=\"logo.png\" alt=\"FastAC\"\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n    \u003cem\u003eaccess control for go, supports RBAC, ABAC and ACL, drop-in replacement for casbin\u003c/em\u003e\n\u003c/p\u003e\n\n[![Test](https://github.com/abichinger/fastac/actions/workflows/test.yml/badge.svg?branch=main)](https://codecov.io/gh/abichinger/fastac)\n[![Coverage](https://img.shields.io/codecov/c/github/abichinger/fastac)](https://codecov.io/gh/abichinger/fastac)\n[![Go Report Card](https://goreportcard.com/badge/github.com/abichinger/fastac)](https://goreportcard.com/report/github.com/abichinger/fastac)\n[![Godoc](https://godoc.org/github.com/abichinger/fastac?status.svg)](https://pkg.go.dev/github.com/abichinger/fastac)\n\nFastAC is a drop in replacement for [Casbin](https://github.com/casbin/casbin). In some cases, FastAC can improve the [performance](#performance-comparison) significantly.\n\nAPI documentation: [https://pkg.go.dev/github.com/abichinger/fastac](https://pkg.go.dev/github.com/abichinger/fastac)\n\nPlease refer to the [Casbin Docs](https://casbin.org/docs/en/how-it-works) for explanation of terms.\n\n# Getting Started\n\n**Installation**\n\n```\ngo get github.com/abichinger/fastac\n```\n\nFirst you need to prepare an access control model. The [syntax](https://casbin.org/docs/en/syntax-for-models) of [FastAC models](#supported-models) is identical to Casbin models.\n\nAn ACL (Access Control List) model looks like this: \n```ini\n#File: model.conf\n\n[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nr.sub == p.sub \u0026\u0026 r.obj == p.obj \u0026\u0026 r.act == p.act\n```\n\nNext, you need to load some policy rules.\nTo get started you can load your rules from a text file.\nFor production you should use a [storage adapter](#adapter-list).\n```ini\n#File: policy.csv\np, alice, data1, read\np, alice, data2, read\np, bob, data1, write\np, bob, data2, write\n```\n\nGo code to resolve access requests\n```go\n//create an enforcer\ne, err := fastac.NewEnforcer(\"model.conf\", \"policy.csv\")\n\n//check if alice is allowed to read data1\nif allow, _ := e.Enforce(\"alice\", \"data1\", \"read\"); allow == true {\n    // permit alice to read data1\n} else {\n    // deny the request\n}\n```\n\n\n# New Features\n\n## Policy Indexing\n\n[Matchers](https://casbin.org/docs/en/syntax-for-models#matchers) will be divided into multiple stages. As a result FastAC will index all policy rules, which reduces the search space for access requests. This feature brings the most **performance gain**.\n\n## Advanced Policy Filtering\n\nFastAC can filter the policy rules with matchers. The `Filter` function also supports filtering grouping rules.\nThe fields of a grouping rule can be accessed by `g.user`, `g.role`, `g.domain`\n\n```go\n//Examples\n\n//get all policy rules belonging to domain1\ne.Filter(SetMatcher(\"p.dom == \\\"domain1\\\"\")\n\n//get all policy rules, which grant alice read access\ne.Filter(SetMatcher(\"g(\\\"alice\\\", p.sub) \u0026\u0026 p.act == \\\"read\\\"\")\n\n//get all grouping rules for alice\ne.Filter(SetMatcher(\"g.user == \\\"alice\\\"\")\n```\n\n# Supported Models\n\n- [ACL](/examples/basic_model.conf) - Access Control List\n- [ACL-su](/examples/basic_with_root_model.conf) - Access Control List with super user\n- [ABAC](/examples/abac_rule_model.conf) - Attribute Based Access Control\n- [RBAC](/examples/rbac_model.conf) - Role Based Access Control\n- [RBAC-domain](/examples/rbac_with_domains_model.conf) - Role Based Access Control with domains/tenants\n\n# Adapter List\n\n- File Adapter (built-in) - not recommended for production\n- [Gorm Adapter](https://github.com/abichinger/gorm-adapter)\n\n# Performance Comparison\n\n![RBAC Benchmark](./bench/RBAC_op.svg)\n\n![ABAC Benchmark](./bench/ABAC_op.svg)\n\n[More benchmarks](./bench)\n\n# Feature Overview\n\n- [x] Enforcement\n- [x] RBAC\n- [x] ABAC\n- [x] Adapter\n- [x] Default Role Manager\n- [ ] Third Party Role Managers\n- [ ] Filtered Adapter\n- [ ] Watcher\n- [ ] Dispatcher\n\n# Attribution\n\nFastAC uses the following libraries or parts of it.\n\n- [Casbin](https://github.com/casbin/casbin) - concept, examples and builtin_operators are used\n- [govaluate](https://github.com/Knetic/govaluate) - used to evaluate matcher expressions ([modified version](https://github.com/abichinger/govaluate))\n- [go-ini](https://github.com/go-ini/ini) - used to read the model config\n- [testify](https://github.com/stretchr/testify)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabichinger%2Ffastac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabichinger%2Ffastac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabichinger%2Ffastac/lists"}