Authz is an authorization middleware for Gin, it's based on https://github.com/casbin/casbin.
go get github.com/gin-contrib/authz
package main
import (
"net/http"
"github.com/casbin/casbin/v2"
"github.com/gin-contrib/authz"
"github.com/gin-gonic/gin"
)
func main() {
// load the casbin model and policy from files, database is also supported.
e := casbin.NewEnforcer("authz_model.conf", "authz_policy.csv")
// define your router, and use the Casbin authz middleware.
// the access that is denied by authz will return HTTP 403 error.
router := gin.New()
router.Use(authz.NewAuthorizer(e))
}
The authorization determines a request based on {subject, object, action}
, which means what subject
can perform what action
on what object
. In this plugin, the meanings are:
subject
: the logged-on user nameobject
: the URL path for the web resource like "dataset1/item1"action
: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the Casbin's documentation.
This project is under MIT License. See the LICENSE file for the full license text.