From e1fe97ff76ac966039347465f79dc96e705f7f25 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 5 Mar 2025 13:02:36 -0700
Subject: feat: connect the reverse proxy to a casbin policy enforcement and
 separate hostnames

---
 model.conf | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 model.conf

(limited to 'model.conf')

diff --git a/model.conf b/model.conf
new file mode 100644
index 0000000..efe93e0
--- /dev/null
+++ b/model.conf
@@ -0,0 +1,17 @@
+[request_definition]
+r = subject, domain, action, object
+
+[policy_definition]
+p = subject, domain, action, object
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m =\
+  (\
+    (p.subject == "*" || r.subject == p.subject || regexMatch(r.subject, p.subject))\
+    && (p.domain == "*" || r.domain == p.domain)\
+    && (p.action == "*" || regexMatch(r.action, p.action))\
+    && keyMatch(r.object, p.object)\
+  )
-- 
cgit v1.2.3