...

Source file src/github.com/go-kit/kit/auth/casbin/middleware.go

Documentation: github.com/go-kit/kit/auth/casbin 

     1  package casbin
     2  
     3  import (
     4  	"context"
     5  	"errors"
     6  
     7  	stdcasbin "github.com/casbin/casbin/v2"
     8  	"github.com/go-kit/kit/endpoint"
     9  )
    10  
    11  type contextKey string
    12  
    13  const (
    14  	// CasbinModelContextKey holds the key to store the access control model
    15  	// in context, it can be a path to configuration file or a casbin/model
    16  	// Model.
    17  	CasbinModelContextKey contextKey = "CasbinModel"
    18  
    19  	// CasbinPolicyContextKey holds the key to store the access control policy
    20  	// in context, it can be a path to policy file or an implementation of
    21  	// casbin/persist Adapter interface.
    22  	CasbinPolicyContextKey contextKey = "CasbinPolicy"
    23  
    24  	// CasbinEnforcerContextKey holds the key to retrieve the active casbin
    25  	// Enforcer.
    26  	CasbinEnforcerContextKey contextKey = "CasbinEnforcer"
    27  )
    28  
    29  var (
    30  	// ErrModelContextMissing denotes a casbin model was not passed into
    31  	// the parsing of middleware's context.
    32  	ErrModelContextMissing = errors.New("CasbinModel is required in context")
    33  
    34  	// ErrPolicyContextMissing denotes a casbin policy was not passed into
    35  	// the parsing of middleware's context.
    36  	ErrPolicyContextMissing = errors.New("CasbinPolicy is required in context")
    37  
    38  	// ErrUnauthorized denotes the subject is not authorized to do the action
    39  	// intended on the given object, based on the context model and policy.
    40  	ErrUnauthorized = errors.New("Unauthorized Access")
    41  )
    42  
    43  // NewEnforcer checks whether the subject is authorized to do the specified
    44  // action on the given object. If a valid access control model and policy
    45  // is given, then the generated casbin Enforcer is stored in the context
    46  // with CasbinEnforcer as the key.
    47  func NewEnforcer(
    48  	subject string, object interface{}, action string,
    49  ) endpoint.Middleware {
    50  	return func(next endpoint.Endpoint) endpoint.Endpoint {
    51  		return func(ctx context.Context, request interface{}) (response interface{}, err error) {
    52  			casbinModel := ctx.Value(CasbinModelContextKey)
    53  			casbinPolicy := ctx.Value(CasbinPolicyContextKey)
    54  			enforcer, err := stdcasbin.NewEnforcer(casbinModel, casbinPolicy)
    55  			if err != nil {
    56  				return nil, err
    57  			}
    58  
    59  			ctx = context.WithValue(ctx, CasbinEnforcerContextKey, enforcer)
    60  			ok, err := enforcer.Enforce(subject, object, action)
    61  			if err != nil {
    62  				return nil, err
    63  			}
    64  			if !ok {
    65  				return nil, ErrUnauthorized
    66  			}
    67  
    68  			return next(ctx, request)
    69  		}
    70  	}
    71  }
    72  

View as plain text