13 unstable releases (3 breaking)

0.4.4 Sep 27, 2020
0.4.1 Aug 31, 2020
0.3.1 Jul 29, 2020
Download history 22/week @ 2021-09-28 52/week @ 2021-10-05 76/week @ 2021-10-12 61/week @ 2021-10-19 37/week @ 2021-10-26 34/week @ 2021-11-02 28/week @ 2021-11-09 25/week @ 2021-11-16 23/week @ 2021-11-23 54/week @ 2021-11-30 94/week @ 2021-12-07 70/week @ 2021-12-14 52/week @ 2021-12-21 3/week @ 2021-12-28 53/week @ 2022-01-04 42/week @ 2022-01-11

169 downloads per month
Used in actix-casbin

Apache-2.0

12KB
146 lines

Actix Casbin Middleware

Crates.io Docs CI codecov

Casbin access control middleware for actix-web framework

Install

Add it to Cargo.toml

actix-casbin-auth = "0.4.4"
actix-rt = "1.1.1"
actix-web = "3.0.2"

Requirement

Casbin only takes charge of permission control, so you need to implement an Authentication Middleware to identify user.

You should put actix_casbin_auth::CasbinVals which contains subject(username) and domain(optional) into Extension.

For example:

use std::cell::RefCell;
use std::pin::Pin;
use std::rc::Rc;
use std::task::{Context, Poll};

use actix_service::{Service, Transform};
use actix_web::{dev::ServiceRequest, dev::ServiceResponse, Error, HttpMessage};
use futures::future::{ok, Future, Ready};

use actix_casbin_auth::CasbinVals;


pub struct FakeAuth;

impl<S: 'static, B> Transform<S> for FakeAuth
    where
        S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
        S::Future: 'static,
        B: 'static,
{
    type Request = ServiceRequest;
    type Response = ServiceResponse<B>;
    type Error = Error;
    type InitError = ();
    type Transform = FakeAuthMiddleware<S>;
    type Future = Ready<Result<Self::Transform, Self::InitError>>;

    fn new_transform(&self, service: S) -> Self::Future {
        ok(FakeAuthMiddleware {
            service: Rc::new(RefCell::new(service)),
        })
    }
}

pub struct FakeAuthMiddleware<S> {
    service: Rc<RefCell<S>>,
}

impl<S, B> Service for FakeAuthMiddleware<S>
    where
        S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
        S::Future: 'static,
        B: 'static,
{
    type Request = ServiceRequest;
    type Response = ServiceResponse<B>;
    type Error = Error;
    type Future = Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>>>>;

    fn poll_ready(&mut self, cx: &mut Context) -> Poll<Result<(), Self::Error>> {
        self.service.poll_ready(cx)
    }

    fn call(&mut self, req: ServiceRequest) -> Self::Future {
        let mut svc = self.service.clone();

        Box::pin(async move {
            let vals = CasbinVals {
                subject: String::from("alice"),
                domain: None,
            };
            req.extensions_mut().insert(vals);
            svc.call(req).await
        })
    }
}

Example

use actix_casbin_auth::casbin::{DefaultModel, FileAdapter, Result};
use actix_casbin_auth::CasbinService;
use actix_web::{web, App, HttpResponse, HttpServer};

#[allow(dead_code)]
mod fake_auth;

#[actix_rt::main]
async fn main() -> Result<()> {
    let m = DefaultModel::from_file("examples/rbac_with_pattern_model.conf")
        .await
        .unwrap();
    let a = FileAdapter::new("examples/rbac_with_pattern_policy.csv");  //You can also use diesel-adapter or sqlx-adapter

    let casbin_middleware = CasbinService::new(m, a).await?;

    casbin_middleware
        .write()
        .await
        .get_role_manager()
        .write()
        .unwrap()
        .matching_fn(Some(key_match2), None);

    HttpServer::new(move || {
        App::new()
            .wrap(casbin_middleware.clone())
            .wrap(FakeAuth)          
            .route("/pen/1", web::get().to(|| HttpResponse::Ok()))
            .route("/book/{id}", web::get().to(|| HttpResponse::Ok()))
    })
    .bind("127.0.0.1:8080")?
    .run()
    .await?;

    Ok(())
}

License

This project is licensed under

Dependencies

~25MB
~573K SLoC