Opafiber
Open Policy Agent support for Fiber.
Note: Requires Go 1.18 and above
Install
go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/contrib/opafiber
Signature
opafiber.New(config opafiber.Config) fiber.Handler
Config
Property | Type | Description | Default |
---|---|---|---|
RegoQuery | string | Required - Rego query | - |
RegoPolicy | io.Reader | Required - Rego policy | - |
IncludeQueryString | bool | Include query string as input to rego policy | false |
DeniedStatusCode | int | Http status code to return when policy denies request | 400 |
DeniedResponseMessage | string | Http response body text to return when policy denies request | "" |
IncludeHeaders | []string | Include headers as input to rego policy | - |
InputCreationMethod | InputCreationFunc | Use your own function to provide input for OPA | func defaultInput(ctx *fiber.Ctx) (map[string]interface{}, error) |
Types
type InputCreationFunc func(c *fiber.Ctx) (map[string]interface{}, error)
Usage
OPA Fiber middleware sends the following example data to the policy engine as input:
{
"method": "GET",
"path": "/somePath",
"query": {
"name": ["John Doe"]
},
"headers": {
"Accept": "application/json",
"Content-Type": "application/json"
}
}
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/contrib/opafiber"
)
func main() {
app := fiber.New()
module := `
package example.authz
default allow := false
allow {
input.method == "GET"
}
`
cfg := opafiber.Config{
RegoQuery: "data.example.authz.allow",
RegoPolicy: bytes.NewBufferString(module),
IncludeQueryString: true,
DeniedStatusCode: fiber.StatusForbidden,
DeniedResponseMessage: "status forbidden",
IncludeHeaders: []string{"Authorization"},
InputCreationMethod: func (ctx *fiber.Ctx) (map[string]interface{}, error) {
return map[string]interface{}{
"method": ctx.Method(),
"path": ctx.Path(),
}, nil
},
}
app.Use(opafiber.New(cfg))
app.Get("/", func(ctx *fiber.Ctx) error {
return ctx.SendStatus(200)
})
app.Listen(":8080")
}