{"id":21714908,"url":"https://github.com/stephanerob/authit","last_synced_at":"2025-03-20T19:24:51.176Z","repository":{"id":44549505,"uuid":"278644635","full_name":"StephaneRob/authit","owner":"StephaneRob","description":"Tiny authorization library for Phoenix application. (POC)","archived":false,"fork":false,"pushed_at":"2024-11-18T07:55:52.000Z","size":23,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-25T17:33:23.385Z","etag":null,"topics":["elixir","phoenix","phoenix-framework"],"latest_commit_sha":null,"homepage":"","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StephaneRob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-10T13:46:09.000Z","updated_at":"2024-11-18T07:55:55.000Z","dependencies_parsed_at":"2025-01-25T17:40:06.813Z","dependency_job_id":null,"html_url":"https://github.com/StephaneRob/authit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StephaneRob%2Fauthit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StephaneRob%2Fauthit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StephaneRob%2Fauthit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StephaneRob%2Fauthit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StephaneRob","download_url":"https://codeload.github.com/StephaneRob/authit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244676454,"owners_count":20491828,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elixir","phoenix","phoenix-framework"],"created_at":"2024-11-26T00:39:24.565Z","updated_at":"2025-03-20T19:24:51.162Z","avatar_url":"https://github.com/StephaneRob.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Authit\n\nTiny authorization library for Phoenix application. (POC)\n\n## Installation\n\nIf [available in Hex](https://hex.pm/docs/publish), the package can be installed\nby adding `authit` to your list of dependencies in `mix.exs`:\n\n```elixir\ndef deps do\n  [\n    {:authit, \"~\u003e 0.1.0\"}\n  ]\nend\n```\n\n## Usage\n\n**Authit** comes with 2 plugs:\n\n- `Authit.Plug.Enforce`: Router plug, will verify that authorization has been check in controller before sending the response\n\n```elixir\ndefmodule HelloWeb.Router do\n  use HelloWeb, :router\n\n  pipeline :browser do\n    plug :accepts, [\"html\"]\n    plug :fetch_session\n    plug :fetch_flash\n    plug :protect_from_forgery\n    plug :put_secure_browser_headers\n  end\n\n  pipeline :auth do\n    plug :ensure_authenticated\n    plug Authit.Plug.Enforce\n  end\n\n  scope \"/\", HelloWeb do\n    pipe_through :browser\n\n    get \"/\", PageController, :index\n\n    scope \"/sensible\" do\n      pipe_through [:auth]\n      ...\n    end\n  end\n\nend\n```\n\n- `Authit.Plug.Authorize`: per controller plug, to check authorization for each action\n\n```elixir\ndefmodule HelloWeb.PageController do\n  use HelloWeb, :controller\n  plug Authit.Plug.Authorize,\n    resource: Hello.Pages.Page,\n    current_resource: :current_user\n\n  def index(conn, _params) do\n    render(conn, \"index.html\")\n  end\nend\n```\n\nIn this controller `Authit.Plug.Authorize` will expect an `Hello.Pages.Page.Authorizer` module to check authorization with your own logic. An authorizer MUST `use Authit.Authorizer` to be valid.\n\n```elixir\ndefmodule Hello.Pages.Page.Authorizer do\n  use Authit.Authorizer\nend\n```\n\n#### Not authorized by default\n\nAn emtpy authorizer like above, will reject all action and the authorize plug will send back a 403. To customize authorization you can define rule depending on 3 parameters: `current_user` (picked up in conn assigns), `action`(phoenix action) and `params`.\n\n```elixir\ndefmodule Hello.Pages.Page.Authorizer do\n  use Authit.Authorizer\n\n  # allow show action for everybody\n  can?(_, :show, _, do: true)\n\n\n  # allow index action for admin user ony\n  can?(current_user, :index, _, do: current_user.admin?)\n\n  # allow only the author to delete a page\n  can?(current_user, :delete, %{\"id\" =\u003e id}) do\n    page = Hello.Pages.get(id)\n    current_user.id == page.author_id\n  end\nend\n```\n\n#### Avoid load resource many times\n\nTo authorize request it's possible to return either `true` or `{:ok, assigns}`. In case you need to reuse already loaded resource in a can?/3 block you can return the resource in assigns and they will be merged in the conn.\n\n```elixir\ndefmodule Hello.Pages.Page.Authorizer do\n  use Authit.Authorizer\n  # allow only the author to delete a page\n  can?(current_user, :delete, %{\"id\" =\u003e id}) do\n    page = Hello.Pages.get(id)\n    if current_user.id == page.author_id do\n      {:ok, page: page}\n    else\n      false\n    end\n  end\nend\n```\n\n```elixir\ndefmodule HelloWeb.PageController do\n  use HelloWeb, :controller\n  plug Authit.Plug.Authorize,\n    resource: Hello.Pages.Page,\n    current_resource: :current_user\n\n  def delete(conn, _params) do\n    with page when not is_nil(page) \u003c- conn.assigns[:page],\n        Hello.Pages.delete_page(page) do\n      ...\n    end\n  end\nend\n```\n\n### Handle errors\n\nin the same way `true` will allow the resource, `false` will be interpreted as un unauthorized error. But errors can be describe as tuples too.\n\nfor ex : \n`{:error, :not_found}` will response with 404\n`{:error, :forbidden}` will response with 403 (same as false)\n\nalso, `nil` will be interpreted as `{:error, :not_found}`\n\n```elixir\ndefmodule Hello.Pages.Page.Authorizer do\n  use Authit.Authorizer\n  # handle not found errors\n  can?(current_user, :delete, %{\"id\" =\u003e id}) do\n    case Hello.Pages.get(id) do\n      nil -\u003e {:error, :not_found}\n\n      page -\u003e current_user.id == page.author_id\n    end\n  end\n\n  # same as\n  can?(current_user, :delete, %{\"id\" =\u003e id}) do\n    case Hello.Pages.get(id) do\n      nil -\u003e nil\n\n      page -\u003e current_user.id == page.author_id\n    end\n  end\nend\n```\n\n### Define your own responses\n\nAuthit will handle by default the responses in case of failed authorization.\nYou can configure that by implementing your own ResponseHandler.\n\n```elixir\ndefmodule HelloWeb.AuthorizationResponseHandler do\n  @behaviour Authit.ResponseHandler\n\n  import Plug.Conn\n\n  @impl true\n  def forbidden(conn) do\n    conn\n    |\u003e put_status(403)\n    |\u003e render(\"forbidden.html\")\n  end\n\n  @impl true\n  def unauthorized(conn) do\n    conn\n    |\u003e put_status(401)\n    |\u003e render(\"unauthorized.html\")\n  end\nend\n```\n\nThen, you can pass it for a given controller :\n\n```elixir\ndefmodule HelloWeb.PageController do\n  use HelloWeb, :controller\n  plug Authit.Plug.Authorize,\n    resource: Hello.Pages.Page,\n    response_handler: HelloWeb.AuthorizationResponseHandler\n\n  def index(conn, _params) do\n    render(conn, \"index.html\")\n  end\nend\n```\n\nor into `config.exs` to enable it globally:\n```elixir\nconfig :authit, response_handler: HelloWeb.AuthorizationResponseHandler\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstephanerob%2Fauthit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstephanerob%2Fauthit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstephanerob%2Fauthit/lists"}