Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/segrax/openpolicyagent
PSR-7 and PSR-15 OPA Authorization Middleware and Open Policy Agent Client
https://github.com/segrax/openpolicyagent
authorization authorization-middleware middlewares opa openpolicyagent php psr-15 psr-7
Last synced: 3 months ago
JSON representation
PSR-7 and PSR-15 OPA Authorization Middleware and Open Policy Agent Client
- Host: GitHub
- URL: https://github.com/segrax/openpolicyagent
- Owner: segrax
- License: mit
- Created: 2019-12-06T22:43:37.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-03-06T19:35:47.000Z (4 months ago)
- Last Synced: 2024-03-06T20:42:50.739Z (4 months ago)
- Topics: authorization, authorization-middleware, middlewares, opa, openpolicyagent, php, psr-15, psr-7
- Language: PHP
- Homepage:
- Size: 78.1 KB
- Stars: 15
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: LICENSE.txt
Lists
- awesome-opa - OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware (Language and Platform Integrations / PHP)
README
# Open Policy Agent Library
This library provides a client for the [Open Policy Agent](https://www.openpolicyagent.org/) (OPA), a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware.
[](https://packagist.org/packages/segrax/open-policy-agent)
[](https://packagist.org/packages/segrax/open-policy-agent)
[](LICENSE.txt)
[](https://app.travis-ci.com/github/segrax/openpolicyagent)
[](https://codecov.io/gh/segrax/openpolicyagent)
For working examples, please see [segrax/opa-php-examples](https://github.com/segrax/opa-php-examples) and a [walkthrough](https://coil.com/p/segra/OPA-for-API-Authorization-with-Slim-PHP/H-7YsQL2m) is available to guide you through the examples.
## Install
Install the latest using [composer](https://getcomposer.org/).
```bash
composer require segrax/open-policy-agent
```
### Usage Examples
### Client Usage
```php
use Segrax\OpenPolicyAgent\Client;
use GuzzleHttp\Client as GuzzleHttpClient;
$apiPolicy = "package my.api
default allow=false
allow {
input.path = [\"abc\"]
input.user == \"a random user\"
}";
$client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken');
// Push a policy to the agent
$client->policyUpdate('my/api', $apiPolicy, false);
// Execute the policy
$inputs = [ 'path' => ['abc'],
'user' => 'a random user'];
$res = $client->policy('my/api', $inputs, false, false, false, false );
if ($res->getByName('allow') === true ) {
// Do stuff
}
```
### Authorization Middleware
Create the client, and add the Authorization object onto the middleware stack
```php
use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Authorization;
$app = AppFactory::create();
$client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken');
$app->add(new Authorization(
[Authorization::OPT_POLICY => 'auth/api'],
$client,
$app->getResponseFactory()));
```
### Distributor Middleware
Insert the middleware, it will respond to bundle requests at /opa/bundles/{service_name} for users with a valid JWT with the subfield 'opa'
```php
use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Distributor;
$app = AppFactory::create();
$app->add(new Distributor(
'/opa/bundles/', // Route
__DIR__ . '/opa', // Policy Path
[Distributor::OPT_AGENT_USER => 'opa'], // Token Sub Field
$app->getResponseFactory(),
new StreamFactory(),
$app->getLogger()));
// Add a GET route for the opa bundle route
$app->get('/opa/bundles/{name}', function (Request $request, Response $response, array $args) {
return $response->withStatus(404);
});
```
## Code Testing
``` bash
make tests
```
## Security
If you discover any security related issues, please email [[email protected]](mailto:[email protected]).
## License
The MIT License (MIT). Please see [License File](LICENSE.txt) for more information.