Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Joffref/opa-middleware
opa-middleware gather all the middlewares you need to use Open Policy Agent with your API
https://github.com/Joffref/opa-middleware
Last synced: 3 months ago
JSON representation
opa-middleware gather all the middlewares you need to use Open Policy Agent with your API
- Host: GitHub
- URL: https://github.com/Joffref/opa-middleware
- Owner: Joffref
- License: mit
- Created: 2022-08-24T19:57:28.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-03-14T11:31:55.000Z (8 months ago)
- Last Synced: 2024-07-25T05:37:22.876Z (4 months ago)
- Language: Go
- Homepage:
- Size: 290 KB
- Stars: 19
- Watchers: 1
- Forks: 5
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-opa - HTTP API OPA middlewares - Collection of OPA middlewares for your HTTP/Gin/Fiber API. (Language and Platform Integrations / Go)
- awesome-gin - joffref/opa-middleware - Provides a Gin's OPA middleware. (Middlewares)
- awesome-fiber - joffref/opa-middleware - Provides an OPA middleware integration for fiber. (⚙️ Middlewares / 🌱 Third Party)
README
# Open Policy Agent Middleware
This middleware integrates Open Policy Agent (OPA) to your http/gin/fiber/echo app.
You can use it to enforce policies on endpoints.
You can use OPA as local policy engine, or as a remote policy engine.
## Installation
```bash
go get github.com/Joffref/opa-middleware
```
## Usage Generic with OPA and HTTP
### Local based policy engine
```go
package main
import (
"github.com/Joffref/opa-middleware"
"github.com/Joffref/opa-middleware/config"
"net/http"
)
var Policy = `
package policy
default allow = false
allow {
input.path = "/api/v1/users"
input.method = "GET"
}`
type H struct {
Name string
}
func (h *H) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Hello World : " + h.Name))
}
func main() {
handler, err := opamiddleware.NewHTTPMiddleware(
&config.Config{
Policy: Policy,
Query: "data.policy.allow",
InputCreationMethod: func(r *http.Request) (map[string]interface{}, error) {
return map[string]interface{}{
"path": r.URL.Path,
"method": r.Method,
}, nil
},
ExceptedResult: true,
DeniedStatusCode: 403,
DeniedMessage: "Forbidden",
},
&H{
Name: "John Doe",
},
)
if err != nil {
panic(err)
}
http.HandleFunc("/", handler.ServeHTTP)
err = http.ListenAndServe(":8080", nil)
if err != nil {
return
}
}
```
### Remote based policy engine
The policy is the same as above, but the policy is stored in a remote server.
```go
package main
import (
"github.com/Joffref/opa-middleware"
"github.com/Joffref/opa-middleware/config"
"net/http"
)
type H struct {
Name string
}
func (h *H) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Hello World : " + h.Name))
}
func main() {
handler, err := opamiddleware.NewHTTPMiddleware(
&config.Config{
URL: "http://localhost:8181/",
Query: "data.policy.allow",
InputCreationMethod: func(r *http.Request) (map[string]interface{}, error) {
return map[string]interface{}{
"path": r.URL.Path,
"method": r.Method,
}, nil
},
ExceptedResult: true,
DeniedStatusCode: 403,
DeniedMessage: "Forbidden",
},
&H{
Name: "John Doe",
},
)
if err != nil {
panic(err)
}
http.HandleFunc("/", handler.ServeHTTP)
err = http.ListenAndServe(":8080", nil)
if err != nil {
return
}
}
```
## Usage with GIN
```go
package main
import (
"github.com/Joffref/opa-middleware"
"github.com/Joffref/opa-middleware/config"
"github.com/gin-gonic/gin"
)
func main() {
r := gin.Default()
middleware, err := opamiddleware.NewGinMiddleware(
&config.Config{
URL: "http://localhost:8181/",
Query: "data.policy.allow",
ExceptedResult: true,
DeniedStatusCode: 403,
DeniedMessage: "Forbidden",
},
func(c *gin.Context) (map[string]interface{}, error) {
return map[string]interface{}{
"path": c.Request.URL.Path,
"method": c.Request.Method,
}, nil
},
)
if err != nil {
return
}
r.Use(middleware.Use())
r.GET("/ping", func(c *gin.Context) {
c.JSON(200, gin.H{
"message": "pong",
})
})
r.Run(":8080")
}
```
## Usage with Fiber
```go
package main
import (
"github.com/Joffref/opa-middleware"
"github.com/Joffref/opa-middleware/config"
"github.com/gofiber/fiber/v2"
)
func main() {
app := fiber.New()
middleware, err := opamiddleware.NewFiberMiddleware(
&config.Config{
URL: "http://localhost:8181/",
Query: "data.policy.allow",
ExceptedResult: true,
DeniedStatusCode: 403,
DeniedMessage: "Forbidden",
},
func(c *fiber.Ctx) (map[string]interface{}, error) {
return map[string]interface{}{
"path": c.Path(),
"method": c.Method(),
}, nil
},
)
if err != nil {
return
}
app.Use(middleware.Use())
app.Get("/ping", func(c *fiber.Ctx) error {
err := c.JSON("pong")
if err != nil {
return err
}
return nil
})
app.Listen(":8080")
}
```
## Usage with Echo
```go
package main
import (
"github.com/Joffref/opa-middleware"
"github.com/Joffref/opa-middleware/config"
"github.com/labstack/echo/v4"
)
func main() {
e := echo.New()
middleware, err := opamiddleware.NewEchoMiddleware(
&config.Config{
URL: "http://localhost:8181/",
Query: "data.policy.allow",
ExceptedResult: true,
DeniedStatusCode: 403,
DeniedMessage: "Forbidden",
},
func(c echo.Context) (map[string]interface{}, error) {
return map[string]interface{}{
"path": c.Request().URL.Path,
"method": c.Request().Method,
}, nil
},
)
if err != nil {
return
}
e.Use(middleware.Use())
e.GET("/ping", func(c echo.Context) error {
err := c.JSON(200, "pong")
if err != nil {
return err
}
return nil
})
e.Start(":8080")
}
```