2 releases

Uses old Rust 2015

0.1.1 Dec 18, 2018
0.1.0 Dec 11, 2018

#6 in #opa

MIT license

17KB
285 lines

actix-web-middleware-opa

Build Status License Documentation

Open Policy Agent (openpolicyagent/OPA) middleware for actix-web applications.

This middleware performs a policy check against an Open Policy Agent instance for incoming HTTP requests.

Both the policy check request and response are generic.

Flow

Components

Example

Take the following request :

curl -XGET -H 'Authorization: Bearer 123123123' http://localhost:8080/order/item/1

This will need to be translated to a JSON call to OPA :

{
  "input" : {
    "token"  : "123123123",
    "method" : "GET",
    "path"   : ["order", "item", "1"]
  }
}

We represent this as two Rust structs which implement Serialize,

#[derive(Serialize)]
struct PolicyRequest {
    input: PolicyRequestInput,
}

#[derive(Serialize)]
struct PolicyRequestInput {
    token: String,
    method: String,
    path: Vec<String>,
}

The expected response is a JSON object :

{
   "result" : {
      "allow" : true
   }
}

We represent this as two Rust structs which implement Deserialize,

#[derive(Deserialize)]
struct PolicyResponse {
    input: PolicyResponseResult,
}

#[derive(Deserialize)]
struct PolicyResponseResult {
    allow: bool,
}

Lastly we have to implement the OPARequest<S> trait so that


    impl<S> OPARequest<S> for PolicyRequest {
        fn from_http_request(_req: &HttpRequest<S>) -> Result<Self, String> {
            // This needs to be constructured from _req
            Ok(PolicyRequest {
              input: PolicyRequestInput {
                token: "123".into(),
                method: "GET",
                path: vec!["order", "item", "1"],
              }
            })
        }
    }
    type VerifierMiddleware = PolicyVerifier<PolicyRequest, PolicyResponse>;

Dependencies

~23–32MB
~518K SLoC