https://github.com/josestg/bitfield-rbac-demo
https://github.com/josestg/bitfield-rbac-demo
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/josestg/bitfield-rbac-demo
- Owner: josestg
- Created: 2023-09-28T12:59:33.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-09-28T12:59:48.000Z (over 1 year ago)
- Last Synced: 2025-01-31T06:47:20.632Z (3 months ago)
- Language: Go
- Size: 4.88 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# BitField RBAC Demo
### Run the server
```bash
SECRET=myjwtsecret go run main.go
```
### Demo
1. Create a token with permissions `SeeUser` (0), `AddUsers` (1), and `DelUsers` (2)
```bash
curl -X POST --location "http://localhost:8080/token" \
-H "Content-Type: application/json" \
-d "{
\"permissions\": [0, 1, 2]
}"
```
2. Create a user with the token
```bash
curl -X POST --location "http://localhost:8080/users" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2OTU5MDU0MzgsInBlcm1pc3Npb25zIjpbMCwxLDJdfQ.pV3T00JgFwFexM-JHTePftuS3UMO3kMA2NHZYNivwkI" \
-d "{
\"username\": \"test\",
\"password\": \"test\"
}"
```
> Should return `200 OK`
3. Try access API that requires permissions that the token does not have
```bash
curl -X GET --location "http://localhost:8080/emails" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2OTU5MDU2MzMsInBlcm1pc3Npb25zIjpbMCwxLDIsNTIsNTNdfQ.LEEuDKjFNdOkyCVzvurZq6foQmhLtnjY2IQwQSM0D3o"
```
> Should return `403 Forbidden` with message `You don't have permission`.