Casbin
Casbin middleware for Fiber.
Compatible with Fiber v3.
This middleware targets Casbin v3. Casbin v2 is no longer supported here; if you still need it, pin the previous major (
github.com/gofiber/contrib/v3/casbinat its lastv1tag). Migrating from Casbin v2 to v3 is mostly an import-path change; see the Casbin upgrade guide.
Go version support
We only support the latest two versions of Go. Visit https://go.dev/doc/devel/release for more information.
Install
go get -u github.com/gofiber/fiber/v3
go get -u github.com/gofiber/contrib/v3/casbin/v2
choose an adapter from here
go get -u github.com/casbin/gorm-adapter/v3
Signature
casbin.New(config ...casbin.Config) *casbin.Middleware
Config
| Property | Type | Description | Default |
|---|---|---|---|
| ModelFilePath | string | Model file path | "./model.conf" |
| PolicyAdapter | persist.Adapter | Database adapter for policies | ./policy.csv |
| Enforcer | *casbin.Enforcer | Custom casbin enforcer | Middleware generated enforcer using ModelFilePath & PolicyAdapter |
| Lookup | func(fiber.Ctx) string | Look up for current subject | "" |
| Unauthorized | func(fiber.Ctx) error | Response body for unauthorized responses | Unauthorized |
| Forbidden | func(fiber.Ctx) error | Response body for forbidden responses | Forbidden |
Examples
CustomPermission
package main
import (
"github.com/gofiber/fiber/v3"
"github.com/gofiber/contrib/v3/casbin/v2"
_ "github.com/go-sql-driver/mysql"
gormadapter "github.com/casbin/gorm-adapter/v3"
)
func main() {
app := fiber.New()
adapter, _ := gormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/")
authz := casbin.New(casbin.Config{
ModelFilePath: "path/to/rbac_model.conf",
PolicyAdapter: adapter,
Lookup: func(c fiber.Ctx) string {
return "" // fetch authenticated user subject
},
})
app.Post("/blog",
authz.RequiresPermissions([]string{"blog:create"}, casbin.WithValidationRule(casbin.MatchAllRule)),
func(c fiber.Ctx) error {
// your handler
},
)
app.Delete("/blog/:id",
authz.RequiresPermissions([]string{"blog:create", "blog:delete"}, casbin.WithValidationRule(casbin.AtLeastOneRule)),
func(c fiber.Ctx) error {
// your handler
},
)
app.Listen(":8080")
}
RoutePermission
package main
import (
"github.com/gofiber/fiber/v3"
"github.com/gofiber/contrib/v3/casbin/v2"
_ "github.com/go-sql-driver/mysql"
gormadapter "github.com/casbin/gorm-adapter/v3"
)
func main() {
app := fiber.New()
adapter, _ := gormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/")
authz := casbin.New(casbin.Config{
ModelFilePath: "path/to/rbac_model.conf",
PolicyAdapter: adapter,
Lookup: func(c fiber.Ctx) string {
return "" // fetch authenticated user subject
},
})
// check permission with Method and Path
app.Post("/blog",
authz.RoutePermission(),
func(c fiber.Ctx) error {
// your handler
},
)
app.Listen(":8080")
}
RoleAuthorization
package main
import (
"github.com/gofiber/fiber/v3"
"github.com/gofiber/contrib/v3/casbin/v2"
_ "github.com/go-sql-driver/mysql"
gormadapter "github.com/casbin/gorm-adapter/v3"
)
func main() {
app := fiber.New()
adapter, _ := gormadapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/")
authz := casbin.New(casbin.Config{
ModelFilePath: "path/to/rbac_model.conf",
PolicyAdapter: adapter,
Lookup: func(c fiber.Ctx) string {
return "" // fetch authenticated user subject
},
})
app.Put("/blog/:id",
authz.RequiresRoles([]string{"admin"}),
func(c fiber.Ctx) error {
// your handler
},
)
app.Listen(":8080")
}
