refactor: move authorizers into authz package

author: mo khan <mo@mokhan.ca> 2025-03-28 17:49:09 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-28 17:49:09 -0600
commit: 30bbdad4ef99449f29f412d0b770e4b9f76ede42 (patch)
tree: c295bb8b9020ba8a609d7a0a527a2a06fc5db342 /pkg/authz/casbin.go
parent: e47813ecaa942631945215a8c0c938a240c3894a (diff)
1 files changed, 43 insertions, 0 deletions
diff --git a/pkg/authz/casbin.go b/pkg/authz/casbin.go
new file mode 100644
index 0000000..99dcc8e
--- /dev/null
+++ b/pkg/authz/casbin.go
@@ -0,0 +1,43 @@
+package authz
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/casbin/casbin/v3"
+	"github.com/xlgmokha/x/pkg/x"
+	xlog "gitlab.com/mokhax/spike/pkg/log"
+)
+
+func WithCasbin() Authorizer {
+	enforcer := x.Must(casbin.NewEnforcer("casbin.conf", "casbin.csv"))
+
+	return AuthorizerFunc(func(r *http.Request) bool {
+		host, _, err := net.SplitHostPort(r.Host)
+		if err != nil {
+			xlog.WithFields(r, xlog.Fields{"error": err})
+			return false
+		}
+
+		subject, found := TokenFrom(r).Subject()
+		if !found {
+			subject = "*"
+		}
+		ok, err := enforcer.Enforce(subject, host, r.Method, r.URL.Path)
+		if err != nil {
+			xlog.WithFields(r, xlog.Fields{"error": err})
+			return false
+		}
+
+		fmt.Printf("%v: %v -> %v %v%v\n", ok, subject, r.Method, host, r.URL.Path)
+		xlog.WithFields(r, xlog.Fields{
+			"ok":      ok,
+			"subject": subject,
+			"action":  r.Method,
+			"domain":  host,
+			"object":  r.URL.Path,
+		})
+		return ok
+	})
+}
author	mo khan <mo@mokhan.ca>	2025-03-28 17:49:09 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-28 17:49:09 -0600
commit	30bbdad4ef99449f29f412d0b770e4b9f76ede42 (patch)
tree	c295bb8b9020ba8a609d7a0a527a2a06fc5db342 /pkg/authz/casbin.go
parent	e47813ecaa942631945215a8c0c938a240c3894a (diff)