1 unstable release
0.1.0 | Mar 18, 2022 |
---|
#1271 in HTTP server
21KB
145 lines
Actix Middleware for Oso Authorization
actix-web
middleware for the Oso authorization framework.
Installation
Add actix-web-middleware-oso
as a dependency:
[dependencies]
actix-web-middleware-oso = "0.1.0"
actix-web = "4"
oso = "0.26.0"
Usage
Create a function to run your Oso authorization logic.
async fn authorize(req: ServiceRequest, oso: Oso) -> Result<ServiceRequest, Error> {
let action = req.method().to_string().to_uppercase();
let resource = req.path();
match oso.is_allowed("_actor", action, resource) {
Ok(true) => Ok(req),
_ => Err(ErrorUnauthorized("not allowed")),
}
}
Initialize Oso and the middleware, and add it to your actix App
with wrap
.
#[actix_web::main]
async fn main() -> std::io::Result<()> {
HttpServer::new(|| {
let mut oso = Oso::new();
oso.load_str(r#"allow(_actor, action, resource) if action = "GET" and resource.starts_with("/ok/");"#)
.unwrap();
let authz = OsoMiddleware::new(oso, authorize);
App::new()
.wrap(middleware::Logger::default())
.wrap(authz)
.default_service(web::to(|| HttpResponse::Ok()))
})
.bind("127.0.0.1:8080")?
.run()
.await
}
In addition, your initialized Oso is available to handlers via the extractor:
#[get("/hello")]
async fn hello(oso: ExtractedOso) -> impl Responder {
let user = User {
name: "alice".to_string(),
};
if oso.is_allowed(user, "action", "resource").unwrap() {
HttpResponse::Ok().body("cool cool")
} else {
HttpResponse::Unauthorized().body("nope, sorry")
}
}
License
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Dependencies
~16–28MB
~476K SLoC