main
1package authz
2
3import (
4 "fmt"
5 "net"
6 "net/http"
7
8 "github.com/casbin/casbin/v3"
9 "github.com/xlgmokha/x/pkg/log"
10 "github.com/xlgmokha/x/pkg/x"
11)
12
13func WithCasbin() Authorizer {
14 enforcer := x.Must(casbin.NewEnforcer("casbin.conf", "casbin.csv"))
15
16 return AuthorizerFunc(func(r *http.Request) bool {
17 host, _, err := net.SplitHostPort(r.Host)
18 if err != nil {
19 log.WithFields(r.Context(), log.Fields{"error": err})
20 return false
21 }
22
23 subject, found := TokenFrom(r).Subject()
24 if !found {
25 subject = "*"
26 }
27 ok, err := enforcer.Enforce(subject, host, r.Method, r.URL.Path)
28 if err != nil {
29 log.WithFields(r.Context(), log.Fields{"error": err})
30 return false
31 }
32
33 fmt.Printf("%v: %v -> %v %v%v\n", ok, subject, r.Method, host, r.URL.Path)
34 log.WithFields(r.Context(), log.Fields{
35 "authz": ok,
36 "subject": subject,
37 "action": r.Method,
38 "domain": host,
39 "object": r.URL.Path,
40 })
41 return ok
42 })
43}