Skip to main content
Version: websocket_v1.x.x

Casbin

Release Discord Test Security Linter

Casbin middleware for Fiber.

Note: Requires Go 1.18 and above

Install

go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/contrib/casbin

choose an adapter from here

go get -u github.com/casbin/xorm-adapter

Signature

casbin.New(config ...casbin.Config) *casbin.Middleware

Config

PropertyTypeDescriptionDefault
ModelFilePathstringModel file path"./model.conf"
PolicyAdapterpersist.AdapterDatabase adapter for policies./policy.csv
Enforcer*casbin.EnforcerCustom casbin enforcerMiddleware generated enforcer using ModelFilePath & PolicyAdapter
Lookupfunc(*fiber.Ctx) stringLook up for current subject""
Unauthorizedfunc(*fiber.Ctx) errorResponse body for unauthorized responsesUnauthorized
Forbiddenfunc(*fiber.Ctx) errorResponse body for forbidden responsesForbidden

Examples

CustomPermission

package main

import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/contrib/casbin"
_ "github.com/go-sql-driver/mysql"
"github.com/casbin/xorm-adapter/v2"
)

func main() {
app := fiber.New()

authz := casbin.New(casbin.Config{
ModelFilePath: "path/to/rbac_model.conf",
PolicyAdapter: xormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/"),
Lookup: func(c *fiber.Ctx) string {
// fetch authenticated user subject
},
})

app.Post("/blog",
authz.RequiresPermissions([]string{"blog:create"}, casbin.WithValidationRule(casbin.MatchAllRule)),
func(c *fiber.Ctx) error {
// your handler
},
)

app.Delete("/blog/:id",
authz.RequiresPermissions([]string{"blog:create", "blog:delete"}, casbin.WithValidationRule(casbin.AtLeastOneRule)),
func(c *fiber.Ctx) error {
// your handler
},
)

app.Listen(":8080")
}

RoutePermission

package main

import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/contrib/casbin"
_ "github.com/go-sql-driver/mysql"
"github.com/casbin/xorm-adapter/v2"
)

func main() {
app := fiber.New()

authz := casbin.New(casbin.Config{
ModelFilePath: "path/to/rbac_model.conf",
PolicyAdapter: xormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/"),
Lookup: func(c *fiber.Ctx) string {
// fetch authenticated user subject
},
})

// check permission with Method and Path
app.Post("/blog",
authz.RoutePermission(),
func(c *fiber.Ctx) error {
// your handler
},
)

app.Listen(":8080")
}

RoleAuthorization

package main

import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/contrib/casbin"
_ "github.com/go-sql-driver/mysql"
"github.com/casbin/xorm-adapter/v2"
)

func main() {
app := fiber.New()

authz := casbin.New(casbin.Config{
ModelFilePath: "path/to/rbac_model.conf",
PolicyAdapter: xormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/"),
Lookup: func(c *fiber.Ctx) string {
// fetch authenticated user subject
},
})

app.Put("/blog/:id",
authz.RequiresRoles([]string{"admin"}),
func(c *fiber.Ctx) error {
// your handler
},
)

app.Listen(":8080")
}