4 releases (2 stable)

1.1.0 Feb 27, 2024
1.0.0 Feb 26, 2024
0.1.1 Dec 14, 2022
0.1.0 Dec 13, 2022

#405 in Authentication

Download history 64/week @ 2024-08-17 5/week @ 2024-08-24 30/week @ 2024-08-31 21/week @ 2024-09-07 50/week @ 2024-09-14 51/week @ 2024-09-21 38/week @ 2024-09-28 55/week @ 2024-10-05 53/week @ 2024-10-12 2/week @ 2024-10-19 4/week @ 2024-10-26 37/week @ 2024-11-02 5/week @ 2024-11-09 31/week @ 2024-11-16 17/week @ 2024-11-23 9/week @ 2024-11-30

77 downloads per month

Apache-2.0

14KB
161 lines

axum-casbin

Crates.io Docs CI codecov

Casbin access control middleware for axum framework

Install

Add dependencies to Cargo.toml

cargo add axum
cargo add axum-casbin
cargo add tokio --features full

Requirement

Casbin only takes charge of permission control, so you need to implement an Authentication Middleware to identify user.

You should put axum_casbin::CasbinVals which contains subject(username) and domain(optional) into Extension.

For example:

use axum::{response::Response, BoxError};
use futures::future::BoxFuture;

use bytes::Bytes;
use http::{self, Request};
use http_body::Body as HttpBody;
use std::{
    boxed::Box,
    convert::Infallible,
    task::{Context, Poll},
};
use tower::{Layer, Service};

use axum_casbin::CasbinVals;

#[derive(Clone)]
struct FakeAuthLayer;

impl<S> Layer<S> for FakeAuthLayer {
    type Service = FakeAuthMiddleware<S>;

    fn layer(&self, inner: S) -> Self::Service {
        FakeAuthMiddleware { inner }
    }
}

#[derive(Clone)]
struct FakeAuthMiddleware<S> {
    inner: S,
}

impl<S, ReqBody, ResBody> Service<Request<ReqBody>> for FakeAuthMiddleware<S>
where
    S: Service<Request<ReqBody>, Response = Response<ResBody>, Error = Infallible>
        + Clone
        + Send
        + 'static,
    S::Future: Send + 'static,
    ReqBody: Send + 'static,
    Infallible: From<<S as Service<Request<ReqBody>>>::Error>,
    ResBody: HttpBody<Data = Bytes> + Send + 'static,
    ResBody::Error: Into<BoxError>,
{
    type Response = S::Response;
    type Error = S::Error;
    // `BoxFuture` is a type alias for `Pin<Box<dyn Future + Send + 'a>>`
    type Future = BoxFuture<'static, Result<Self::Response, Self::Error>>;

    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
        self.inner.poll_ready(cx)
    }

    fn call(&mut self, mut req: Request<ReqBody>) -> Self::Future {
        let not_ready_inner = self.inner.clone();
        let mut inner = std::mem::replace(&mut self.inner, not_ready_inner);

        Box::pin(async move {
            let vals = CasbinVals {
                subject: String::from("alice"),
                domain: None,
            };
            req.extensions_mut().insert(vals);
            inner.call(req).await
        })
    }
}

Example

use axum::{routing::get, Router};
use axum_casbin::{CasbinAxumLayer};
use axum_casbin::casbin::function_map::key_match2;
use axum_casbin::casbin::{CoreApi, DefaultModel, FileAdapter, Result};

// Handler that immediately returns an empty `200 OK` response.
async fn handler() {}

#[tokio::main]
async fn main() -> Result<()> {
    let m = DefaultModel::from_file("examples/rbac_with_pattern_model.conf")
        .await
        .unwrap();

    let a = FileAdapter::new("examples/rbac_with_pattern_policy.csv");

    let casbin_middleware = CasbinAxumLayer::new(m, a).await.unwrap();

    casbin_middleware
        .write()
        .await
        .get_role_manager()
        .write()
        .matching_fn(Some(key_match2), None);

    let app = Router::new()
        .route("/pen/1", get(handler))
        .route("/pen/2", get(handler))
        .route("/book/:id", get(handler))
        .layer(casbin_middleware)
        .layer(FakeAuthLayer);

    axum::Server::bind(&"127.0.0.1:8080".parse().unwrap())
        .serve(app.into_make_service())
        .await;
    
        Ok(())
}

License

This project is licensed under

Dependencies

~15–30MB
~451K SLoC