2 releases
Uses old Rust 2015
0.1.1 | Dec 18, 2018 |
---|---|
0.1.0 | Dec 11, 2018 |
#6 in #opa
17KB
285 lines
actix-web-middleware-opa
Open Policy Agent (openpolicyagent/OPA) middleware for actix-web applications.
This middleware performs a policy check against an Open Policy Agent instance for incoming HTTP requests.
Both the policy check request and response are generic.
Flow
Example
Take the following request :
curl -XGET -H 'Authorization: Bearer 123123123' http://localhost:8080/order/item/1
This will need to be translated to a JSON call to OPA :
{
"input" : {
"token" : "123123123",
"method" : "GET",
"path" : ["order", "item", "1"]
}
}
We represent this as two Rust structs which implement Serialize
,
#[derive(Serialize)]
struct PolicyRequest {
input: PolicyRequestInput,
}
#[derive(Serialize)]
struct PolicyRequestInput {
token: String,
method: String,
path: Vec<String>,
}
The expected response is a JSON object :
{
"result" : {
"allow" : true
}
}
We represent this as two Rust structs which implement Deserialize
,
#[derive(Deserialize)]
struct PolicyResponse {
input: PolicyResponseResult,
}
#[derive(Deserialize)]
struct PolicyResponseResult {
allow: bool,
}
Lastly we have to implement the OPARequest<S>
trait so that
impl<S> OPARequest<S> for PolicyRequest {
fn from_http_request(_req: &HttpRequest<S>) -> Result<Self, String> {
// This needs to be constructured from _req
Ok(PolicyRequest {
input: PolicyRequestInput {
token: "123".into(),
method: "GET",
path: vec!["order", "item", "1"],
}
})
}
}
type VerifierMiddleware = PolicyVerifier<PolicyRequest, PolicyResponse>;
Dependencies
~23–32MB
~518K SLoC