{"id":13776486,"url":"https://github.com/casbin-lua/lua-resty-casbin","last_synced_at":"2025-07-04T00:05:09.028Z","repository":{"id":47677315,"uuid":"382081114","full_name":"casbin-lua/lua-resty-casbin","owner":"casbin-lua","description":"Casbin authorization plugin for OpenResty","archived":false,"fork":false,"pushed_at":"2023-07-06T14:54:20.000Z","size":20,"stargazers_count":6,"open_issues_count":1,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-06-01T16:20:09.037Z","etag":null,"topics":["abac","acl","auth","authorization","authz","casbin","lua","openresty","rbac"],"latest_commit_sha":null,"homepage":"https://github.com/casbin/lua-casbin","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/casbin-lua.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-07-01T15:39:16.000Z","updated_at":"2025-01-05T09:50:56.000Z","dependencies_parsed_at":"2024-01-13T09:36:42.251Z","dependency_job_id":"f72df302-f1ee-44ce-93b6-14be706e9938","html_url":"https://github.com/casbin-lua/lua-resty-casbin","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/casbin-lua/lua-resty-casbin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin-lua%2Flua-resty-casbin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin-lua%2Flua-resty-casbin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin-lua%2Flua-resty-casbin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin-lua%2Flua-resty-casbin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/casbin-lua","download_url":"https://codeload.github.com/casbin-lua/lua-resty-casbin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/casbin-lua%2Flua-resty-casbin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263421888,"owners_count":23464046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","acl","auth","authorization","authz","casbin","lua","openresty","rbac"],"created_at":"2024-08-03T18:00:27.355Z","updated_at":"2025-07-04T00:05:07.834Z","avatar_url":"https://github.com/casbin-lua.png","language":"Lua","readme":"# lua-resty-casbin\n\n[![GitHub Action](https://github.com/casbin-lua/lua-resty-casbin/workflows/test/badge.svg?branch=master)](https://github.com/casbin-lua/lua-resty-casbin/actions)\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord\u0026label=discord\u0026color=5865F2)](https://discord.gg/S5UjpzGZjN)\n\nlua-resty-casbin is an authorization plugin/middleware for OpenResty, based on [lua-casbin](https://github.com/casbin/lua-casbin/).\n\n## Installing OpenResty\nYou can follow [this guide](https://blog.openresty.com/en/ubuntu20-or-install/) to install OpenResty on Ubuntu 20.04 if you have not yet installed it.\n\n## Installation\n\nIf you do not have LuaRocks installed for OpenResty then install it by:\n\n```\nsudo apt install make wget unzip zip\n\nwget https://luarocks.org/releases/luarocks-3.3.1.tar.gz\ntar zxpf luarocks-3.3.1.tar.gz\ncd luarocks-3.3.1\n\n./configure --prefix=/usr/local/openresty/luajit \\\n--with-lua=/usr/local/openresty/luajit/ \\\n--lua-suffix=jit-2.1.0-beta3 \\\n--with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1\n\nsudo make\nsudo make install\n```\n\n**NOTE**: \n- This is assuming OpenResty (not the executable) is installed at `/usr/local/`, if it isn't so - replace `/usr/local/` with file path you have installed it in.\n- Also assumed is that LuaJIT version is `2.1.0-beta3`, you can check which LuaJIT version it is by doing: `cd /usr/local/openresty/luajit/share/` and then `ls`. It will list a luajit folder like `luajit-2.1.0-beta3`, the suffix here is `jit-2.1.0-beta3`. If this isn't so, replace the suffix accordingly.\n\nThen install Casbin's system dependencies by:\n```\nsudo apt update\nsudo apt install gcc libpcre3 libpcre3-dev\n```\n\n**NOTE**: If you use `yum` you could use `pcre` and `pcre-devel` for PCRE.\n\nThen install Casbin's latest current release using:\n\n```\nsudo /usr/local/openresty/luajit/bin/luarocks install casbin\n\n```\n\n**NOTE**: Here too the LuaRocks has its executable at `/usr/local/openresty/luajit/bin/luarocks`, if you have it installed somewhere else for OpenResty replace with that instead.\n\n\n## Usage\n\n- Install `lua-resty-casbin` by LuaRocks:\n```\nsudo /usr/local/openresty/luajit/bin/luarocks install https://raw.githubusercontent.com/casbin-lua/lua-resty-casbin/master/lua-resty-casbin-1.0.0-1.rockspec\n```\n- In your `conf/nginx.conf`, initialize a CasbinMiddleware in the `init_by_lua_block` as (where `authorizedRequest` is a function which is called after a request is authorised):\n```lua\ne = CasbinMiddleware:new(authorizedRequest)\n```\n- Then in your `content_by_lua_block`, insert the command to check if the request is authorized everytime a request is sent (after you have authenticated):\n```lua\ne:check()\n```\n\n## Example\n\nYou can try out an example of this by copying `openresty_example` directory to your system. Then to start the server:\n\n```sh\ncd openresty_example\nsudo openresty -p $PWD/\n```\n\nThis will start the server at `http://127.0.0.1:8080/`.\n\nThe current policy `authz_policy.csv` is:\n```\np, *, /, GET\np, admin, *, *\ng, alice, admin\n```\n\nThis means that all users can access the homepage `/` but only users with admin permissions like alice can access other pages and other HTTP request methods.\n\nFor example, if you use:\n```sh\ncurl --header \"username: anonymous\" 'http://127.0.0.1:8080/'\n```\nit will result in:\n```sh\nAuthorized request\n```\nwhile,\n```sh\ncurl --header \"username: anonymous\" 'http://127.0.0.1:8080/res1'\n```\nit will result in a 403 Forbidden page.\n\n\nBut if you send:\n```sh\ncurl --header \"username: alice\" 'http://127.0.0.1:8080/res1'\n```\nit will result in:\n```sh\nAuthorized request\n```\nsince alice has admin permissions.\n\n## Documentation\n\nThe authorization determines a request based on `{subject, object, action}`, which means what `subject` can perform what `action` on what `object`. In this plugin, the meanings are:\n1. `subject`: the logged-in username as passed in the header\n2. `object`: the URL path for the web resource like \"dataset1/item1\"\n3. `action`: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like \"read-file\", \"write-blog\"\nFor how to write authorization policy and other details, please refer to the [Casbin's documentation](https://casbin.org/).\n\n## Example (without the middleware)\n\nYou can use Casbin without the middleware as per your authorization design, this is a sample example for that. You can create a lua module for OpenResty applications as shown [here](https://blog.openresty.com/en/or-lua-module/) or add it to your existing lua module:\n\n- In the file where you want to use Casbin, use `local Enforcer = require(\"casbin\")` inside the `content_by_lua_block`. Here is a sample describing usage for basic model/policy and ABAC model/policy:\n\n**Basic model/policy example (nginx.conf file)**\n```\nworker_processes 1;\n\nevents {\n    worker_connections 1024;\n}\n\nhttp {\n    lua_package_path \"$prefix/lua/?.lua;;\";\n\n    server {\n        listen 8080 reuseport;\n\n        location / {\n            default_type text/plain;\n            content_by_lua_block {\n                local Enforcer = require(\"casbin\")\n                local model  = \"examples/basic_model.conf\" -- The model file path\n                local policy  = \"examples/basic_policy.csv\" -- The policy file path\n                \n                local e = Enforcer:new(model, policy) -- The Casbin Enforcer\n                ngx.say(\"The result is:\")\n                ngx.say(e:enforce(\"alice\", \"data1\", \"read\")) -- The enforce function with its arguments\n            }\n        }\n    }\n}\n```\n\n**NOTE**: To use this example, you need to create an `examples` directory at the top level of your application `/` along with the `conf` directory. And then copy the [basic_model.conf](https://raw.githubusercontent.com/casbin/lua-casbin/master/examples/basic_model.conf) and [basic_policy.csv](https://raw.githubusercontent.com/casbin/lua-casbin/master/examples/basic_policy.csv) to that `examples` directory.\n\n**ABAC model/policy example (nginx.conf file)**\n```\nworker_processes 1;\n\nevents {\n    worker_connections 1024;\n}\n\nhttp {\n    lua_package_path \"$prefix/lua/?.lua;;\";\n\n    server {\n        listen 8080 reuseport;\n\n        location / {\n            default_type text/plain;\n            content_by_lua_block {\n                local Enforcer = require(\"casbin\")\n                local model  = \"examples/abac_rule_model.conf\"\n    \t\tlocal policy  = \"examples/abac_rule_policy.csv\"\n    \t\tlocal sub1 = {\n        \t\tName = \"Alice\",\n        \t\tAge = 16\n    \t\t}\n    \t\tlocal sub2 = {\n        \t\tName = \"Bob\",\n        \t\tAge = 20\n    \t\t}\n    \t\tlocal sub3 = {\n        \t\tName = \"Alice\",\n        \t\tAge = 65\n    \t\t}\n    \t\tlocal e = Enforcer:new(model, policy)\n    \t\tngx.say(\"The result is:\")\n    \t\tngx.say(e:enforce(sub2, \"/data1\", \"read\"))\n            }\n        }\n    }\n}\n```\n\n**NOTE**: Similar to the former example to use this, you need to create an `examples` directory at the top level of your application `/` along with the `conf` directory. And then copy the [abac_rule_model.conf](https://raw.githubusercontent.com/casbin/lua-casbin/master/examples/abac_model.conf) and [abac_rule_policy.csv](https://raw.githubusercontent.com/casbin/lua-casbin/master/examples/abac_rule_policy.csv) to that `examples` directory.\n\nThen use `sudo openresty -p $PWD/` to start the server and use `curl http://127.0.0.1:8080/` to fetch the page which for the above examples should output in:\n```\nThe result is:\ntrue\n```\n\nYou can check other examples [here](https://github.com/casbin/lua-casbin/blob/master/tests/main/enforcer_spec.lua) and the Built-In Functions currently supported [here](https://github.com/casbin/lua-casbin/blob/master/src/model/FunctionMap.lua).\n\n## Getting Help\n\n- [Casbin](https://casbin.org/)\n\n## License\n\nThis project is under the Apache 2.0 License.","funding_links":[],"categories":["Libraries"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcasbin-lua%2Flua-resty-casbin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcasbin-lua%2Flua-resty-casbin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcasbin-lua%2Flua-resty-casbin/lists"}