feat: connect the reverse proxy to a casbin policy enforcement and separate hostnames

author: mo khan <mo@mokhan.ca> 2025-03-05 13:02:36 -0700
committer: mo khan <mo@mokhan.ca> 2025-03-05 13:02:36 -0700
commit: e1fe97ff76ac966039347465f79dc96e705f7f25 (patch)
tree: c0168a0884ce57d8827c4add7667219f04d69faa /model.conf
parent: 06a4e0783c1886ca46468c4caeb42a41d56fd956 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/model.conf b/model.conf
new file mode 100644
index 0000000..efe93e0
--- /dev/null
+++ b/model.conf
@@ -0,0 +1,17 @@
+[request_definition]
+r = subject, domain, action, object
+
+[policy_definition]
+p = subject, domain, action, object
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m =\
+  (\
+    (p.subject == "*" || r.subject == p.subject || regexMatch(r.subject, p.subject))\
+    && (p.domain == "*" || r.domain == p.domain)\
+    && (p.action == "*" || regexMatch(r.action, p.action))\
+    && keyMatch(r.object, p.object)\
+  )
author	mo khan <mo@mokhan.ca>	2025-03-05 13:02:36 -0700
committer	mo khan <mo@mokhan.ca>	2025-03-05 13:02:36 -0700
commit	e1fe97ff76ac966039347465f79dc96e705f7f25 (patch)
tree	c0168a0884ce57d8827c4add7667219f04d69faa /model.conf
parent	06a4e0783c1886ca46468c4caeb42a41d56fd956 (diff)