{"id":16623691,"url":"https://github.com/jandelgado/rabbitmq-http-auth","last_synced_at":"2025-11-03T11:03:06.471Z","repository":{"id":52684459,"uuid":"359258064","full_name":"jandelgado/rabbitmq-http-auth","owner":"jandelgado","description":"HTTP AuthN/AuthZ backend for RabbitMQ implemented in Go","archived":false,"fork":false,"pushed_at":"2021-04-21T07:12:59.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-02-26T23:22:48.597Z","etag":null,"topics":["authn","authz","rabbitmq","rabbitmq-http-auth-backend"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jandelgado.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-18T21:38:43.000Z","updated_at":"2021-04-21T07:13:01.000Z","dependencies_parsed_at":"2022-08-22T05:40:46.465Z","dependency_job_id":null,"html_url":"https://github.com/jandelgado/rabbitmq-http-auth","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Frabbitmq-http-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Frabbitmq-http-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Frabbitmq-http-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Frabbitmq-http-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jandelgado","download_url":"https://codeload.github.com/jandelgado/rabbitmq-http-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243021531,"owners_count":20223068,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authn","authz","rabbitmq","rabbitmq-http-auth-backend"],"created_at":"2024-10-12T03:24:38.169Z","updated_at":"2025-11-03T11:03:06.400Z","avatar_url":"https://github.com/jandelgado.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RabbitMQ HTTP Auth Backend in Go\n\n[![run tests](https://github.com/jandelgado/rabbitmq-http-auth/actions/workflows/test.yml/badge.svg)](https://github.com/jandelgado/rabbitmq-http-auth/actions/workflows/test.yml)\n[![Coverage Status](https://coveralls.io/repos/github/jandelgado/rabbitmq-http-auth/badge.svg?branch=main)](https://coveralls.io/github/jandelgado/rabbitmq-http-auth?branch=main)\n\nPackage and example service to build a RabbitMQ HTTP Auth service for use with\nthe RabbitMQ \"HTTP Auth Backend\" (actually it is an AuthN/AuthZ backend).\n\nFor details see https://github.com/rabbitmq/rabbitmq-server/tree/master/deps/rabbitmq_auth_backend_http\n\n\u003c!-- vim-markdown-toc GFM --\u003e\n\n* [Build your own service](#build-your-own-service)\n* [Test it](#test-it)\n* [Test with RabbitMQ](#test-with-rabbitmq)\n* [Author \u0026 License](#author--license)\n\n\u003c!-- vim-markdown-toc --\u003e\n\n## Build your own service\n\nTo build a RabbitMQ HTTP Auth Backend, you just need to implement the provided\n`Auth` interface, which will be called by `POST` requests to the paths\n`/auth/user`, `/auth/vhost`, `/auth/topic` and `/auth/resource`:\n\n```go\npackage rabbitmqauth\n\ntype Decision bool\n\ntype Auth interface {\n\t// User authenticates the given user. In addition to the decision, the tags\n\t// associated with the user are returned.\n\tUser(username, password string) (Decision, string)\n\t// VHost checks if the given user/ip combination is allowed to access the\n\t// vhosts\n\tVHost(username, vhost, ip string) Decision\n\t// Resource checks if the given user has access to the presented resource\n\tResource(username, vhost, resource, name, permission string) Decision\n\t// Topic checks if the given user has access to the presented topic when\n\t// using topic authorization (https://www.rabbitmq.com/access-control.html#topic-authorisation)\n\tTopic(username, vhost, resource, name, permission, routingKey string) Decision\n}\n```\n\nStart a web server using your Auth implementation and the http router provided\nby the `rabbitmqauth.AuthService.NewRouter()` function like:\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"time\"\n\n\trabbitmqauth \"github.com/jandelgado/rabbitmq-http-auth/pkg\"\n)\n\nconst httpReadTimeout = 10 * time.Second\nconst httpWriteTimeout = 10 * time.Second\n\nfunc main() {\n\tauth := NewLogInterceptingAuth(DemoAuth{})\n\tservice := rabbitmqauth.NewAuthService(auth)\n\n\tserver := \u0026http.Server{\n\t\tHandler:      service.NewRouter(),\n\t\tAddr:         fmt.Sprintf(\":%d\", 8000),\n\t\tWriteTimeout: httpWriteTimeout,\n\t\tReadTimeout:  httpReadTimeout,\n\t}\n\n\terr := server.ListenAndServe()\n\n\tif err != nil {\n\t\tpanic(err)\n\t}\n}\n```\n\nHave a look at the [example](cmd/example) for a complete example.\n\n## Test it\n\nStart the example by running `make build \u0026\u0026 make run` and then test the service\nby issueing POST requests to the `User` endpoint , for example:\n\n```sh\n$ curl  -XPOST localhost:8000/auth/user -d \"username=guest\u0026password=test\"\nallow [management administrator demo]\n$ curl  -XPOST localhost:8000/auth/user -d \"username=john\u0026password=test\"\ndeny\n```\n\nSince the `DemoAuth` only allows the `guest` user (but with any\npassword), this is the expected result.\n\n## Test with RabbitMQ\n\nA docker-compose file is provided which sets up a RabbitMQ broker with the\nauthentication service configured. To test it, run:\n\n```sh\n$ cd demo \u0026\u0026 docker-compose up\n```\n\nThen in another console, try to publish a message using [rabtap](TODO)\n```sh\n$  echo \"hello\" | rabtap pub --uri amqp://guest:123@localhost:5672 --exchange amq.topic --routingkey \"#\"\n```\n\nIn the docker-compose log, should see the auth server logging the request:\n```\nauth-http_1  | 2021/04/18 21:28:01 auth user(u=guest) -\u003e allow [management administrator demo]\n```\n\nAs the `DemoAuth` allows any password for the guest user, you can \ntry to change the password in the `rabtap` command or try to login on the \n[management console](http://localhost:15672) with any password.\n\n## Author \u0026 License\n\n(c) Copyright 2021 by Jan Delgado. Licence: MIT\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjandelgado%2Frabbitmq-http-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjandelgado%2Frabbitmq-http-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjandelgado%2Frabbitmq-http-auth/lists"}