From 319986f9b8df133127f9024eaf77457ecdeff418 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 20 Mar 2025 10:53:47 -0600 Subject: refactor: rename casbin files --- casbin.conf | 17 +++++++++++++++++ casbin.csv | 13 +++++++++++++ model.conf | 17 ----------------- pkg/app/app.go | 2 +- policy.csv | 13 ------------- 5 files changed, 31 insertions(+), 31 deletions(-) create mode 100644 casbin.conf create mode 100644 casbin.csv delete mode 100644 model.conf delete mode 100644 policy.csv diff --git a/casbin.conf b/casbin.conf new file mode 100644 index 0000000..efe93e0 --- /dev/null +++ b/casbin.conf @@ -0,0 +1,17 @@ +[request_definition] +r = subject, domain, action, object + +[policy_definition] +p = subject, domain, action, object + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m =\ + (\ + (p.subject == "*" || r.subject == p.subject || regexMatch(r.subject, p.subject))\ + && (p.domain == "*" || r.domain == p.domain)\ + && (p.action == "*" || regexMatch(r.action, p.action))\ + && keyMatch(r.object, p.object)\ + ) diff --git a/casbin.csv b/casbin.csv new file mode 100644 index 0000000..5b66e8e --- /dev/null +++ b/casbin.csv @@ -0,0 +1,13 @@ +p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/\d+\z", api.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /*.json +p, *, *, (GET)|(HEAD), /health +p, *, *, GET, /.well-known/* +p, *, *, GET, /favicon.ico +p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/\d+\z", idp.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /twirp/authx.rpc.* +p, *, idp.example.com, (GET)|(POST), /oauth* +p, *, idp.example.com, (GET)|(POST), /saml* +p, *, idp.example.com, (GET)|(POST), /sessions* +p, *, ui.example.com, (GET)|(POST), /oauth* +p, *, ui.example.com, (GET)|(POST), /oidc* +p, *, ui.example.com, (GET)|(POST), /saml* +p, *, ui.example.com, (GET), /*.html +p, *, ui.example.com, (POST), /logout diff --git a/model.conf b/model.conf deleted file mode 100644 index efe93e0..0000000 --- a/model.conf +++ /dev/null @@ -1,17 +0,0 @@ -[request_definition] -r = subject, domain, action, object - -[policy_definition] -p = subject, domain, action, object - -[policy_effect] -e = some(where (p.eft == allow)) - -[matchers] -m =\ - (\ - (p.subject == "*" || r.subject == p.subject || regexMatch(r.subject, p.subject))\ - && (p.domain == "*" || r.domain == p.domain)\ - && (p.action == "*" || regexMatch(r.action, p.action))\ - && keyMatch(r.object, p.object)\ - ) diff --git a/pkg/app/app.go b/pkg/app/app.go index 6e50dad..35609d7 100644 --- a/pkg/app/app.go +++ b/pkg/app/app.go @@ -18,7 +18,7 @@ import ( ) func WithCasbin() authz.Authorizer { - enforcer := x.Must(casbin.NewEnforcer("model.conf", "policy.csv")) + enforcer := x.Must(casbin.NewEnforcer("casbin.conf", "casbin.csv")) return authz.AuthorizerFunc(func(r *http.Request) bool { host, _, err := net.SplitHostPort(r.Host) diff --git a/policy.csv b/policy.csv deleted file mode 100644 index 5b66e8e..0000000 --- a/policy.csv +++ /dev/null @@ -1,13 +0,0 @@ -p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/\d+\z", api.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /*.json -p, *, *, (GET)|(HEAD), /health -p, *, *, GET, /.well-known/* -p, *, *, GET, /favicon.ico -p, "\Agid:\/\/[a-z]+\/[A-Za-z:]+\/\d+\z", idp.example.com, (GET)|(POST)|(PATCH)|(PUT)|(DELETE)|(HEAD), /twirp/authx.rpc.* -p, *, idp.example.com, (GET)|(POST), /oauth* -p, *, idp.example.com, (GET)|(POST), /saml* -p, *, idp.example.com, (GET)|(POST), /sessions* -p, *, ui.example.com, (GET)|(POST), /oauth* -p, *, ui.example.com, (GET)|(POST), /oidc* -p, *, ui.example.com, (GET)|(POST), /saml* -p, *, ui.example.com, (GET), /*.html -p, *, ui.example.com, (POST), /logout -- cgit v1.2.3