casbin/caddy-authz

Stars
240
Rank 168,229 (Top 4 %)
Language
Go
License
Apache License 2.0
Created over 7 years ago
Updated over 1 year ago

casbin/caddy-authz

casbin

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Caddy-authz is a middleware for Caddy that blocks or allows requests based on access control policies.

Caddy-authz

Caddy-authz is an authorization middleware for Caddy, it's based on https://github.com/casbin/casbin.

Installation

go get github.com/casbin/caddy-authz

Caddyfile syntax

localhost {
    route { 
        authz "/folder/to/caddy_binary/authz_model.conf" "/folder/to/caddy_binary/authz_policy.csv"
    }
    respond "Hello, world!"
    ...
}

or

{
    order authz before respond
}

localhost {
	authz "/folder/to/caddy_binary/authz_model.conf" "/folder/to/caddy_binary/authz_policy.csv"
	respond "Hello, world!"
    ...
}

The authz directive specifies the path to Casbin model file (.conf) and Casbin policy file (.csv). The Casbin model file describes access control models like ACL, RBAC, ABAC, etc. The Casbin policy file describes the authorization policy rules. For how to write these files, please refer to: https://github.com/casbin/casbin#get-started

A working example

cd into the folder of caddy binary.
Put your Casbin model file authz_model.conf and Casbin policy file authz_policy.csv into this folder.
Add authz directive to your Caddyfile like:

localhost:666 {
    route { 
        authz "authz_model.conf" "authz_policy.csv"
    }
    respond "Hello, world!"
    ...
}

Run caddy and enjoy.

Note: This plugin only supports HTTP basic authentication to get the logged-in user name, if you use other kinds of authentication like OAuth, LDAP, etc, you may need to customize this plugin.

How to control the access

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

subject: the logged-on user name
object: the URL path for the web resource like "dataset1/item1"
action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

Casbin

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.

casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS

node-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser

jcasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Java

pycasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Python

Casbin.NET

An authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#)

casibase

Open-Source Domain Knowledge Database & IM & Forum Software powered by ChatGPT. See demo: https://ai.casbin.com

awesome-auth

📊 Software and Libraries for Authentication & Authorization & SSO & IAM

casbin-rs

An authorization library that supports access control models like ACL, RBAC, ABAC in Rust.

gorm-adapter

GORM adapter for Casbin, see extended version of GORM Adapter Ex at: https://github.com/casbin/gorm-adapter-ex

xorm-adapter

Xorm adapter for Casbin

caswaf

HTTP & OAuth Gateway and Web Application Firewall (WAF) based on ModSecurity, online demo: https://door.caswaf.com

casbin-server

Casbin as a Service (CaaS)

mongodb-adapter

MongoDB adapter for Casbin

casbin-cpp

An authorization library that supports access control models like ACL, RBAC, ABAC in C/C++

docker-casbin-plugin

Docker RBAC and ABAC Authorization Plugin Based on Casbin: https://github.com/casbin/casbin

redis-adapter

Redis adapter for Casbin

protobuf-adapter

Google Protocol Buffers adapter for Casbin

etcd-watcher

Etcd watcher for Casbin

casbin.js

An authorization library that supports access control models like ACL, RBAC, ABAC in Frontend Javascript

negroni-authz

negroni-authz is an authorization middleware for Negroni

casdoor-old

An open-source Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, WebAuthn, TOTP and MFA

casbin-hub

The hub for Casbin

casbin-editor

Web-based model & policy editor for Casbin

casnode

Open-Source Forum and Social Platform, Alternative to StackOverflow & Flarum

casbin-ex

An authorization library that supports access control models like ACL, RBAC, ABAC in Elixir

Talent2023

Casbin明日之星预选生计划-Talents for Casbin 2023 【学生报名请加QQ群：540163681】

lua-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Lua (Kong, APISIX, OpenResty)

ent-adapter

Ent adapter for Casbin

casbin-oa

The OA system used by Casbin community

casbin-website

Deprecated! Please use v2 docs site: https://github.com/casbin/casbin-website-v2 | The v1 docs website for Casbin

casbin-pg-adapter

A go-pg adapter for casbin

dart-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Dart/Flutter

redis-watcher

Redis WatcherEx for Casbin

k8s-gatekeeper

Kubernetes (k8s) admission controller webhook based on Casbin

openstack-policy-editor

A Casbin Policy Editor for OpenStack

k8s-authz

Kubernetes (k8s) RBAC & ABAC authorization middleware based on Casbin

casbin-go-client

Go client for Casbin-Server

casbin-mesh

A scalable authorization layer built on Casbin (The experimental project is currently unstable)

SummerOfCode2022

GSoC 2022 Idea List for Casbin

casbin-vscode-plugin

VSCode plugin for working with Casbin Models

beego-orm-adapter

Beego ORM adapter for Casbin

envoy-authz

Istio/Envoy RBAC & ABAC authorization middleware based on Casbin

casbin-website-v2

The new docs website for Casbin based on Docusaurus v2

hraft-dispatcher

A dispatcher based on Hashicorp's Raft for Casbin.

json-adapter

JSON adapter for Casbin

casbin-server-deprecated

Casbin as a Service via RESTful

auth0-role-manager

Auth0 role manager for Casbin

casbin-raft

Etcd Raft Dispatcher for Casbin

govaluate

Arbitrary expression evaluation for golang, maintained by Casbin

session-role-manager

Session based role manager for Casbin

mysql-adapter

MySQL DB adapter for Casbin

SwiftCasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in iOS Swift / Objective-C

gorm-adapter-ex

Extended version of GORM Adapter, see original version of GORM Adapter at: https://github.com/casbin/gorm-adapter

SummerOfCode2021

GSoC 2021 Idea List for Casbin

iam-to-casbin-translator

Translate AWS IAM policy to Casbin policy

confita

An open-source version of Kaggle written in Go and React

deno-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Deno.

Summer2021

开源软件供应链点亮计划-暑期2021 for Casbin 【学生报名请加QQ群：540163681】

mux-authz

gorilla/mux's RBAC & ABAC Authorization middleware based on Casbin

graphql-authz

graphql-authz is an authorization middleware for graphql-go

Talent2024

Casbin明日之星预选生计划-Talents for Casbin 2024 【学生报名请加QQ群：540163681】

casbin-core

An authorization library that supports access control models like ACL, RBAC, ABAC in modern JavaScript platforms

kubesphere-authz

ACL, RBAC, ABAC authorization middleware for KubeSphere

okta-role-manager

Okta role manager for Casbin

cassandra-adapter

Cassandra DB adapter for Casbin

zap-logger

Zap logger for Casbin

google-groups-crawler

This tool is for legitimate use. We internally use it for synchronizing posts between Casnode forum and our own Casbin Google Group

static

Casbin static resources like js, css, img

revel-authz

revel-authz is an authorization middleware for Revel

xacml-to-casbin-translator

Translate XACML policy to Casbin policy

laravel-rbac

An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel

casnode-web-new

casbin-pythonclient

Python client for Casbin Server

scala-casbin

Summer2022

开源软件供应链点亮计划-暑期2022 for Casbin 【学生报名请加QQ群：540163681】

VisualPCD

VisualPCD aims to parse the XACML format policy file and detect the authorization conflicts between XACML policies.

caswire

An open-source host-based anti-virus, firewall and IDS (Intrusion Detection System) platform: https://discord.gg/S5UjpzGZjN

casbin.github.io

The GitHub pages (static site) for: https://github.com/casbin/casbin-website

Summer2023

开源软件供应链点亮计划-暑期2023 for Casbin 【学生报名请加QQ群：540163681】

tyk-authz

Casbin authorization plugin for tyk API gateway

caswaf-website

The docs website for CasWAF: https://github.com/casbin/caswaf

chi-authz

Chi Authorization Middleware based on Casbin

SeasonOfDocs2022

Google Season of Docs 2022 Proposal for Casbin

casvisor

An open-source security log auditing & RDP, VNC, SSH bastion platform: https://discord.gg/S5UjpzGZjN

istio-authz

Permap

A permission mapper

awesome-chatgpt

Software and Libraries for OpenAI & ChatGPT & LLM

casvisor-website

Docs site of Casvisor : https://github.com/casbin/casvisor

tikv-watcher

TiKV watcher for Casbin

casdoc

Docs helper based on OpenAI ChatGPT

pycasbin-on-cpp

An authorization library that supports access control models like ACL, RBAC, ABAC in Python, based on C/C++ (Casbin-CPP)