https://github.com/casbin-rs/poem-casbin

Casbin Poem access control middleware
https://github.com/casbin-rs/poem-casbin

abac acl auth authz casbin middleware poem rbac rust

Last synced: 5 months ago
JSON representation

Casbin Poem access control middleware

• Host: GitHub
• URL: https://github.com/casbin-rs/poem-casbin
• Owner: casbin-rs
• License: apache-2.0
• Created: 2022-06-13T12:42:39.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-07-10T03:27:15.000Z (over 3 years ago)
• Last Synced: 2025-04-05T19:51:12.273Z (7 months ago)
• Topics: abac, acl, auth, authz, casbin, middleware, poem, rbac, rust
• Language: Rust
• Homepage:
• Size: 13.7 KB
• Stars: 7
• Watchers: 6
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Poem Casbin Middleware

[Casbin](https://github.com/casbin/casbin-rs) access control middleware for [poem](https://github.com/poem-web/poem) framework

## Install

Add it to `Cargo.toml`

```toml

poem = "1.3.31"

poem-casbin-auth = "0.x.x"

tokio = { version = "1.17.0", features = ["rt-multi-thread", "macros"] }

```

## Requirement

**Casbin only takes charge of permission control**, so you need to implement an `Authentication Middleware` to identify user.

You should put `poem_casbin_auth::CasbinVals` which contains `subject`(username) and `domain`(optional) into [Extension](https://docs.rs/http/0.2.8/http/struct.Extensions.html).

For example:

```rust

use poem::{

    Endpoint, EndpointExt, Middleware, Request, Result,

};

use poem_casbin_auth::CasbinVals;

pub struct FakeAuth;

pub struct FakeAuthMiddleware {

    ep: E,

}

impl Middleware for FakeAuth {

    type Output = FakeAuthMiddleware;

    fn transform(&self, ep: E) -> Self::Output {

        FakeAuthMiddleware { ep }

    }

}

#[poem::async_trait]

impl Endpoint for FakeAuthMiddleware {

    type Output = E::Output;

    async fn call(&self, mut req: Request) -> Result {

        let vals = CasbinVals {

            subject: String::from("alice"),

            domain: None,

        };

        req.extensions_mut().insert(vals);

        self.ep.call(req).await

    }

}

```

## Example

```rust

use poem_casbin_auth::casbin::{DefaultModel, FileAdapter, Result};

use poem_casbin_auth::CasbinService;

use poem::{get, handler, listener::TcpListener, web::Path, Route, Server};

use poem_casbin_auth::casbin::function_map::key_match2;

#[allow(dead_code)]

mod fake_auth;

#[handler]

fn endpoint() -> () {}

#[tokio::main]

async fn main() -> Result<(), std::io::Error> {

    let m = DefaultModel::from_file("examples/rbac_with_pattern_model.conf")

        .await

        .unwrap();

    let a = FileAdapter::new("examples/rbac_with_pattern_policy.csv");

    let casbin_middleware = CasbinService::new(m, a).await.unwrap();

    casbin_middleware

        .write()

        .await

        .get_role_manager()

        .write()

        .matching_fn(Some(key_match2), None);

    let app = Route::new()

        .at("/pen/1", get(endpoint))

        .at("/pen/2", get(endpoint))

        .at("/book/:id", get(endpoint))

        .with(casbin_middleware)

        .with(FakeAuth);

    Server::new(TcpListener::bind("127.0.0.1:8080"))

        .run(app)

        .await

}

```

## License

This project is licensed under

* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0))