An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Overview

Casbin

Go Report Card Build Status Coverage Status Godoc Release Gitter Sourcegraph

News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/

casbin Logo

Casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various access control models.

All the languages supported by Casbin:

golang java nodejs php
Casbin jCasbin node-Casbin PHP-Casbin
production-ready production-ready production-ready production-ready
python dotnet c++ rust
PyCasbin Casbin.NET Casbin-CPP Casbin-RS
production-ready production-ready beta-test production-ready

Table of contents

Supported models

  1. ACL (Access Control List)
  2. ACL with superuser
  3. ACL without users: especially useful for systems that don't have authentication or user log-ins.
  4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
  5. RBAC (Role-Based Access Control)
  6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
  7. RBAC with domains/tenants: users can have different role sets for different domains/tenants.
  8. ABAC (Attribute-Based Access Control): syntax sugar like resource.Owner can be used to get the attribute for a resource.
  9. RESTful: supports paths like /res/*, /res/:id and HTTP methods like GET, POST, PUT, DELETE.
  10. Deny-override: both allow and deny authorizations are supported, deny overrides the allow.
  11. Priority: the policy rules can be prioritized like firewall rules.

How it works?

In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

The most basic and simplest model in Casbin is ACL. ACL's model CONF is:

# Request definition
[request_definition]
r = sub, obj, act

# Policy definition
[policy_definition]
p = sub, obj, act

# Policy effect
[policy_effect]
e = some(where (p.eft == allow))

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

An example policy for ACL model is like:

p, alice, data1, read
p, bob, data2, write

It means:

  • alice can read data1
  • bob can write data2

We also support multi-line mode by appending '\' in the end:

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj \
  && r.act == p.act

Further more, if you are using ABAC, you can try operator in like following in Casbin golang edition (jCasbin and Node-Casbin are not supported yet):

# Matchers
[matchers]
m = r.obj == p.obj && r.act == p.act || r.obj in ('data2', 'data3')

But you SHOULD make sure that the length of the array is MORE than 1, otherwise there will cause it to panic.

For more operators, you may take a look at govaluate

Features

What Casbin does:

  1. enforce the policy in the classic {subject, object, action} form or a customized form as you defined, both allow and deny authorizations are supported.
  2. handle the storage of the access control model and its policy.
  3. manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
  4. support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
  5. multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What Casbin does NOT do:

  1. authentication (aka verify username and password when a user logs in)
  2. manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.

Installation

go get github.com/casbin/casbin

Documentation

https://casbin.org/docs/en/overview

Online editor

You can also use the online editor (https://casbin.org/editor/) to write your Casbin model and policy in your web browser. It provides functionality such as syntax highlighting and code completion, just like an IDE for a programming language.

Tutorials

https://casbin.org/docs/en/tutorials

Get started

  1. New a Casbin enforcer with a model file and a policy file:

    e, _ := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")

Note: you can also initialize an enforcer with policy in DB instead of file, see Policy-persistence section for details.

  1. Add an enforcement hook into your code right before the access happens:

    sub := "alice" // the user that wants to access a resource.
    obj := "data1" // the resource that is going to be accessed.
    act := "read" // the operation that the user performs on the resource.
    
    if res := e.Enforce(sub, obj, act); res {
        // permit alice to read data1
    } else {
        // deny the request, show an error
    }
  2. Besides the static policy file, Casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

    roles, _ := e.GetImplicitRolesForUser(sub)

See Policy management APIs for more usage.

Policy management

Casbin provides two sets of APIs to manage permissions:

  • Management API: the primitive API that provides full support for Casbin policy management.
  • RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

We also provide a web-based UI for model management and policy management:

model editor

policy editor

Policy persistence

https://casbin.org/docs/en/adapters

Policy consistence between multiple nodes

https://casbin.org/docs/en/watchers

Role manager

https://casbin.org/docs/en/role-managers

Benchmarks

https://casbin.org/docs/en/benchmark

Examples

Model Model file Policy file
ACL basic_model.conf basic_policy.csv
ACL with superuser basic_model_with_root.conf basic_policy.csv
ACL without users basic_model_without_users.conf basic_policy_without_users.csv
ACL without resources basic_model_without_resources.conf basic_policy_without_resources.csv
RBAC rbac_model.conf rbac_policy.csv
RBAC with resource roles rbac_model_with_resource_roles.conf rbac_policy_with_resource_roles.csv
RBAC with domains/tenants rbac_model_with_domains.conf rbac_policy_with_domains.csv
ABAC abac_model.conf N/A
RESTful keymatch_model.conf keymatch_policy.csv
Deny-override rbac_model_with_deny.conf rbac_policy_with_deny.csv
Priority priority_model.conf priority_policy.csv

Middlewares

Authz middlewares for web frameworks: https://casbin.org/docs/en/middlewares

Our adopters

https://casbin.org/docs/en/adopters

How to Contribute

Please read the contributing guide.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

This project is licensed under the Apache 2.0 license.

Contact

If you have any issues or feature requests, please contact us. PR is welcomed.

Issues
  • When should i call BuildRoleLinks function

    When should i call BuildRoleLinks function

    My App has about 1 millions policies, 800k P policy and 200K G policy. Whenever I add new P policy and assign it to one role, should I call BuildRoleLinks function?

    enhancement help wanted 
    opened by UnderTreeTech 44
  • Added multiple add and remove policies API functions.

    Added multiple add and remove policies API functions.

    Usage of the following functions is as follows :

    rule1 := []interface{} {"jack", "data4", "read"}
    rule2 := []interface{} {"katy", "data4", "write"}
    rule3 := []interface{} {"leyo", "data4", "read"}
    rule4 := []interface{} {"ham", "data4", "write"}
    
    e.AddPolicies(rule1, rule2, rule3, rule4)
    
    e.RemovePolicies(rule1, rule2, rule3, rule4)
    
    

    Have also added tests for these functions, all the tests pass. Please let me know if any changes required, this is open to changes if required any.

    opened by divy9881 31
  • fix: reimplement default role manager

    fix: reimplement default role manager

    @techoner, I re-implemented the default role manager as requested https://github.com/casbin/pycasbin/pull/232#issuecomment-995623085

    The implementation is almost identical to pycasbin:role_manager.py

    Changes:

    • split RoleManager into DomainManager and RoleManager
    • remove RoleManager.BuildRelationship

    Bugfixes:

    • avoid mixing RBAC systems in Enforcer.GetImplicitRolesForUser and Enforcer.GetImplicitUsersForRole

    This is my first contribution using golang, so please review carefully :)

    released 
    opened by abichinger 29
  • [QUESTION] what's the difference of `Enforcer` and `SyncedEnforcer` if by default we have locks in every struct with map?

    [QUESTION] what's the difference of `Enforcer` and `SyncedEnforcer` if by default we have locks in every struct with map?

    I'm confused while seeing Lock in every struct with `map. I'm wondering if it's correct and ncessary?

    It's not necessary for Enforcer because normal Enforcer is not thread-safe.

    For syncedEnforcer we can have multiple goroutines reading/writing, we already have a top-level mutex, why do we still need other mutex/lock?

    Any idea?

    bug 
    opened by GopherJ 29
  • suggestion: add YAML support for model

    suggestion: add YAML support for model

    YAML is a human friendly data serialization standard for all programming languages.

    It can help users to write and verify the model .

    How to help users to write and verify the model?

    We need to write the YAML schema then IDE can provides hints based upon YAML schema provided to helps user write schema efficiently.

    Please refer to https://dzone.com/articles/two-ways-configuration-documentation-with-springnb to write YAML schema then publish to https://github.com/SchemaStore/schemastore.

    enhancement 
    opened by nodece 27
  • Scaling ABAC Rules

    Scaling ABAC Rules

    I am looking to support ABAC for a CMS-type system, where there could be thousands to potentially even more ABAC rules. Writing one long matcher isn't feasible in this case, nor is having multiple enforcers. Is there any other workaround this?

    An ABAC policy for us is something like If user age is between 24 and 64, then they can "view" some "resource". Any thoughts?

    Also, if this isn't supported, yet, what's the roadmap for something like this?

    enhancement 
    opened by harsimranb 26
  • How to synchronize multiple Casbin enforcer instances running with a single pg Gorm adapter?

    How to synchronize multiple Casbin enforcer instances running with a single pg Gorm adapter?

    I'm using Casbin library with pg Gorm adapter in one of my services. I wonder how I can keep Casbin enforcers synched if I'm running multiple instances of that services? Since Casbin policies are loaded once at startup and stored in memory, if one of the instances updates policies later, other enforcers wouldn't be notified. I looked at Casbin server but not sure if that would be helpful in this case, if so how I can achieve the synchronization by using Casbin server? or what are the other options?

    enhancement 
    opened by rrasulzade 25
  • fix: prevent concurrent map writes in LoadPolicyLine function

    fix: prevent concurrent map writes in LoadPolicyLine function

    I managed to create an environment in which the LoadPolicyLine function regularly causes concurrent map writes panics. Added a global sync.Mutex object that is used exclusively within the LoadPolicyLine function. Have not encountered any locks or concurrent map writes since this addition.

    fatal error: concurrent map writes
    
    goroutine 2247 [running]:
    runtime.throw(0xdd5620, 0x15)
            /usr/local/go/src/runtime/panic.go:1116 +0x72 fp=0xc000175278 sp=0xc000175248 pc=0x43d8d2
    runtime.mapassign_faststr(0xcfd340, 0xc0001db200, 0xc0004d7fa0, 0x19, 0xc0002d1818)
            /usr/local/go/src/runtime/map_faststr.go:291 +0x3d8 fp=0xc0001752e0 sp=0xc000175278 pc=0x41be78
    github.com/casbin/casbin/v2/persist.LoadPolicyLine(0xc0004d7f20, 0x1e, 0xc0002a9ce0)
            /home/example/go/pkg/mod/github.com/casbin/casbin/[email protected]/persist/adapter.go:43 +0x547 fp=0xc000175470 sp=0xc0001752e0 pc=0x9fbcc7
    
    opened by jamesjmurtagh 24
  • I want to combine RBAC and ABAC. I read a lot of documentation and I have a few questions.

    I want to combine RBAC and ABAC. I read a lot of documentation and I have a few questions.

    Hello everyone. I wanna choose casbin for manage authorization. I read a lot of documentation and I have a few questions.

    I want to combine RBAC and ABAC. With RBAC I want to control the general access to the API. With ABAC, I want to control access to certain entities (records in database). For example, I have the entity of orders and the entity of the company. Should I create three enforcers? The first one will be with the RBAC model. The second with the ABAC model to control the entity of orders. The third with the ABAC model to control the entity of companies. Right? (each entity has its own set of fields).

    The procedure will be as follows (request to API):

    Run the RBAC enforcer to determine if the user has access to the entity. Run the ABAC enforcer for a specific entity (orders or companies). In the case of ABAC, should I first select an entity from the database and pass it to the enforcer? What if the user requests a list of orders (pagination = 1000)? How to handle this? For example, I can’t pass 1000 entities to an enforcer (my idea is that there should be a common API point, which, depending on the rule, gives only those records that satisfy the condition of the model matcher)? P.S. Sorry for my english. Thanks.

    question 
    opened by MatthewPattell 24
  • How to solve the huge data when I use persistent Database?

    How to solve the huge data when I use persistent Database?

    Hi hsluoyz,

    I use casbin gorm_adapter to store policies and roles in database, when I run the program, all policies will be load into memory. But if there are millions policies, I can not do this. How to solve the huge policy data? Can I check only one policy from database?

    Cheers Gordon

    document 
    opened by CHCP 24
  • feat: Support pattern function in 3rd args of g

    feat: Support pattern function in 3rd args of g

    This commit not only supports pattern function in 3rd args of g, but also can be used in policy, such as

    p, data1_admin, *, data1, read
    p, data1_admin, *, data1, write
    
    g, alice, data1_admin, domain1
    
    released 
    opened by dovics 22
  • [Bug] Performance issue in RBAC with pattern matching domains

    [Bug] Performance issue in RBAC with pattern matching domains

    Describe the bug When I modify the BenchmarkRBACModelWithDomainPatternLarge performance test to add a bunch of unrelated users and then try to fetch an unauthorized resource, I see an exponential number of calls to the domain matching function util.KeyMatch4, resulting in exponentially bad performance related to the number of additional users.

    For context, I am trying to use a model.conf similar to this large scale performance test, but I am hitting massive performance issues when many different users with different domains are added.

    To Reproduce I've modified the existing BenchmarkRBACModelWithDomainPatternLarge benchmark test to first add 1000 unrelated users with different domains to the unrelated role staffOrgUser. The result is that each of these users are being evaluated an exponential number of times when we try to run the enforcer.

    func BenchmarkRBACModelWithDomainPatternLarge(b *testing.B) {
    	e, _ := NewEnforcer("examples/performance/rbac_with_pattern_large_scale_model.conf", "examples/performance/rbac_with_pattern_large_scale_policy.csv")
    	e.AddNamedDomainMatchingFunc("g", "keyMatch4", util.KeyMatch4)
    
    	_ = e.BuildRoleLinks()
    	for i := 0; i < 1000; i++ {
    		orgID := rand.Int()
    		user := fmt.Sprintf("staffUser%d", orgID)
    		role := fmt.Sprintf("staffOrgUser")
    		dom := fmt.Sprintf("/orgs/%d/sites/*", orgID)
    		if err := e.GetRoleManager().AddLink(user, role, dom); err != nil {
    			b.Fatal(err)
    		}
    	}
    
    	b.ResetTimer()
    	for i := 0; i < b.N; i++ {
    		const unauthorizedSite = "/orgs/999/sites/site001"
    		_, _ = e.Enforce("staffUser1001", unauthorizedSite, "App001.Module001.Action1001")
    	}
    }
    

    This results in an exponential number of calls to util.KeyMatch4 (the domain matching function), exponentially related to the number of users added. (e.g. if I increase 1000 to 10000, the benchmark never ends).

    goos: darwin
    goarch: amd64
    pkg: github.com/casbin/casbin/v2
    cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
    BenchmarkRBACModelWithDomainPatternLarge-12    	      19	  61330779 ns/op
    PASS
    

    Expected behavior Without these additional 1000 users, the performance is:

    goos: darwin
    goarch: amd64
    pkg: github.com/casbin/casbin/v2
    cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
    BenchmarkRBACModelWithDomainPatternLarge-12    	    7998	    139011 ns/op
    
    bug 
    opened by silverspace 2
  • Why semantic-pr check is gone in every PR?

    Why semantic-pr check is gone in every PR?

    See: https://github.com/casbin/casbin/pull/992 and https://github.com/casbin/casnode/pull/497

    But previously like this PR: https://github.com/casbin/casbin/pull/941 , we have it:

    image

    Saw this issue: https://github.com/zeke/semantic-pull-requests/issues/183

    Can anyone fix this? We need to fix it in all Casbin orgs.

    bug 
    opened by hsluoyz 2
  • feat: support domain matching when getting permissions

    feat: support domain matching when getting permissions

    fix: https://github.com/casbin/casbin/issues/969

    How it works

    GetImplicitPermissionsForUser depends on GetFilteredPolicies to query permissions. But when enforcer gets filtered policies, it doesn't support domain matching. So there are main changes in this PR:

    1. Make match of role manager public and reuse this function for domain matching when getting policies.
    2. Add a new function GetFilteredPolicyWithDomainMatching for the user requirements mentioned in https://github.com/casbin/casbin/issues/969.
    3. Unit tests.
    opened by Abingcbc 3
  • [Feature] Support context

    [Feature] Support context

    Is your feature request related to a problem? Please describe.

    I would like to trace calls through casbin to troubleshoot slow queries / adapter performance issues, but this requires a context to be passed through and into the adapter layer so adapter actions can be associated with incoming requests (opentelemetry tracing / datadog)

    Describe the solution you'd like

    Add a WithContext version for methods (similar to AWS) using the adapter and pass the context through the call stack.

    Describe alternatives you've considered

    Looked at rebasing https://github.com/casbin/casbin/pull/635, but it is missing a lot.

    I looked at implementing this myself, but wasn't sure on the best approach. While adding a WithContext version to the interface is easy, passing the ctx parameter through the call stack is more challenging. I guess plainly duplicating internal methods to a with context and without version isn't really desirable so I wondered whether you would be open to always use context internally like:

    func (e *Enforcer) LoadPolicy() error {
      return e.LoadPolicyWithContext(context.Background())
    }
    
    func (e *Enforcer) LoadPolicyWithContext(ctx context.Context) error {
      // code
    }
    

    This way the overhead would stay fairly slim with the downside of creating unused context objects everywhere. In addition this approach would ensure that context passing is test covered from the beginning. How does that sound?

    enhancement 
    opened by johanneswuerbach 3
  • [Question] Get implicit permissions with pattern-matching in RBAC don't work

    [Question] Get implicit permissions with pattern-matching in RBAC don't work

    Want to prioritize this issue? Try:

    issuehunt-to-marktext


    What's your scenario? What do you want to achieve?

    Hello. From the Issue:968, I use this function to achieve what I expected:

    e.AddNamedDomainMatchingFunc("g", "KeyMatch", util.KeyMatch)
    

    It uses the KeyMatch func, trickily make it access all domains. But I found something wrong when I tried to get user's permission list.

    As the tutorial said, I tried GetImplicitRolesForUser and GetImplicitPermissionsForUser func to get the roles and permissions for user.

    I found the execution result of GetImplicitRolesForUser is what I need, but the result of GetImplicitPermissionsForUser is empty!


    Your model:

    [request_definition]
    r = sub, dom, obj, act
    
    [policy_definition]
    p = sub, dom, obj, act
    
    [role_definition]
    g = _, _, _
    
    [policy_effect]
    e = some(where (p.eft == allow))
    
    [matchers]
    m = g(r.sub, p.sub, r.dom) && r.obj == p.obj && r.act == p.act
    

    Your policy:

    p, visitor, *, /list, GET
    p, visitor, *, /menu, GET
    p, visitor, *, /insight, GET
    p, user, *, /update, POST
    p, manager, *, /manage, POST
    p, sysadmin, *, /account, GET
    
    
    g, user, visitor, *
    g, manager, user, *
    g, sysadmin, manager, *
    
    
    g, bob, manager, domain1
    

    Your request(s):

    // result: [manager user visitor]  --> (expected: [manager user visitor])
    e.GetImplicitRolesForUser("bob", "domain1")
    
    // result: [] --> (expected: [[manager * /manage POST] [user * /update POST] [visitor * /list GET] [visitor * /menu GET] [visitor * /insight GET]])
    // or [[manager domain1 /manage POST] [user domain1 /update POST] [visitor domain1 /list GET] [visitor domain1 /menu GET] [visitor domain1 /insight GET]] be better!
    e.GetImplicitPermissionsForUser("bob", "domain1")
    

    I found KeyMatch func doesn't affect the GetImplicitPermissionsForUser func at all.

    I tried to add multiple domain parameters ("domain1" and "*") into GetImplicitPermissionsForUser func, but found that GetImplicitPermissionsForUser func actually allows at most one domain param...

    As I annotated bellow, the domain "domain1" cannot matches "*", and the func KeyMatch I registered isn't used. ~~Also I found that at runtime, model[sec][ptype].RM is nil, so that I can't use its domainMatchingFunc(I registered as KeyMatch func) to do matching.~~

    I found the GetFilteredPolicy function uses model["p"]["p"] in the loop. But the KeyMatch func I registered is located in model["g"]["g"].RM.(*defaultrolemanager.RoleManager).domainMatchingFunc. And worse, this func is private, and the wrapped func domainMatch is private too.

    When I make domainMatch function to be public and straightly add an additional condition in GetFilteredPolicy func like this:

    !model["g"]["g"].RM.(*defaultrolemanager.RoleManager).DomainMatch(fieldValue, rule[fieldIndex+i])
    

    I get these results:

    [[manager * /manage POST] [user * /update POST] [visitor * /list GET] [visitor * /menu GET] [visitor * /insight GET]]
    

    I expect the domain of implicit permissions result is 'domain1' instead of '*', but solving this problem is the top priority.

    func (e *Enforcer) GetImplicitPermissionsForUser(user string, domain ...string) ([][]string, error) {
    	roles, err := e.GetImplicitRolesForUser(user, domain...)
    	if err != nil {
    		return nil, err
    	}
            // actually get roles:  [manager, user, visitor]
    	roles = append([]string{user}, roles...)
    
    	var res [][]string
    	var permissions [][]string
    	for _, role := range roles {
                     // can't match the role '*' with domain 'domain1', results in empty slice
    		permissions = e.GetPermissionsForUser(role, domain...)
    
    		res = append(res, permissions...)
    	}
    
    	return res, nil
    }
    
    func (model Model) GetFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) [][]string {
    	res := [][]string{}
    
    	for _, rule := range model[sec][ptype].Policy {
    		matched := true
    		for i, fieldValue := range fieldValues {
                             // when I straightly add an additional condition, results come out:
    			if fieldValue != "" && rule[fieldIndex+i] != fieldValue
                             && !model["g"]["g"].RM.(*defaultrolemanager.RoleManager).DomainMatch(fieldValue, rule[fieldIndex+i]) {
    				matched = false
    				break
    			}
    		}
    
    		if matched {
    			res = append(res, rule)
    		}
    	}
    
    	return res
    }
    

    Is this problem needed to fix?

    Or use another way to get implicit permissions?

    question 
    opened by sasakiyori 4
Releases(v2.47.0)
Owner
Casbin
Casbin authorization library and the official middlewares
Casbin
ACL, RBAC, ABAC authorization middleware for KubeSphere

casbin-kubesphere-auth Casbin-kubesphere-auth is a plugin which apply several security authentication check on kubesphere via casbin. This plugin supp

Casbin 3 Nov 5, 2021
goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.

goRBAC goRBAC provides a lightweight role-based access control implementation in Golang. For the purposes of this package: * an identity has one or mo

Xing 1.3k May 5, 2022
Role Based Access Control (RBAC) with database persistence

Authority Role Based Access Control (RBAC) Go package with database persistence Install First get authority go get github.com/harranali/authority Next

null 218 May 2, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Dinesh Bhattarai 0 Jan 30, 2022
BK-IAM is a centralized permission management service provided by The Tencent BlueKing; based on ABAC

(English Documents Available) Overview 蓝鲸权限中心(BK-IAM)是蓝鲸智云提供的集中权限管理服务,支持基于蓝鲸开发框架的SaaS和企业第三方系统的权限控制接入,以及支持细粒度的权限管理。 架构设计 代码目录 Features 蓝鲸权限中心是基于 ABAC 强

腾讯蓝鲸 34 May 12, 2022
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role.

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role. URLs and Roles are managed as YAML-based

HAHWUL 254 May 2, 2022
Backend Development Rest Api Project for book management system. Used Features like redis, jwt token,validation and authorization.

Golang-restapi-project Simple Rest Api Project with Authentication, Autherization,Validation and Connection with redis File Structure ├── cache │ ├──

Srijan Chakraborty 2 Nov 28, 2021
Minimalistic RBAC package for Go applications

RBAC Overview RBAC is a package that makes it easy to implement Role Based Access Control (RBAC) models in Go applications. Download To download this

Zack Patrick 95 Apr 22, 2022
Go + Vue开发的管理系统脚手架, 前后端分离, 仅包含项目开发的必需部分, 基于角色的访问控制(RBAC), 分包合理, 精简易于扩展。 后端Go包含了gin、 gorm、 jwt和casbin等的使用, 前端Vue基于vue-element-admin开发

go-web-mini Go + Vue开发的管理系统脚手架, 前后端分离, 仅包含项目开发的必需部分, 基于角色的访问控制(RBAC), 分包合理, 精简易于扩展。 后端Go包含了gin、 gorm、 jwt和casbin等的使用, 前端Vue基于vue-element-admin开发: http

gnimli 41 May 10, 2022
YSHOP-GO基于当前流行技术组合的前后端RBAC管理系统:Go1.15.x+Beego2.x+Jwt+Redis+Mysql8+Vue 的前后端分离系统,权限控制采用 RBAC,支持数据字典与数据权限管理,支持动态路由等

YSHOP-GO 后台管理系统 项目简介 YSHOP-GO基于当前流行技术组合的前后端RBAC管理系统:Go1.15.x+Beego2.x+Jwt+Redis+Mysql8+Vue 的前后端分离系统,权限控制采用 RBAC,支持数据字典与数据权限管理,支持动态路由等 体验地址: https://go

null 94 May 10, 2022
RBAC scaffolding based on Gin + Gorm+ Casbin + Wire

Gin Admin 基于 GIN + GORM + CASBIN + WIRE 实现的RBAC权限管理脚手架,目的是提供一套轻量的中后台开发框架,方便、快速的完成业务需求的开发。 特性 遵循 RESTful API 设计规范 & 基于接口的编程规范 基于 GIN 框架,提供了丰富的中间件支持(JWT

Lyric 2k May 6, 2022
基于 Echo + Gorm + Casbin + Uber-FX 实现的 RBAC 权限管理脚手架,致力于提供一套尽可能轻量且优雅的中后台解决方案。

Echo-Admin 基于 Echo + Gorm + Casbin + Uber-FX 实现的 RBAC 权限管理脚手架,致力于提供一套尽可能轻量且优雅的中后台解决方案。 English | 简体中文 特性 遵循 RESTful API 设计规范 基于 Echo API 框架,提供了丰富的中间件支

LiuSha 68 Mar 23, 2022
Generate K8s RBAC policies based on e2e test runs

rbac-audit Have you ever wondered whether your controller actually needs all the permissions it has granted to it? Wonder no more! This repo contains

Jason Hall 28 Aug 2, 2021
Incomplete CRUD/RBAC service meant to be a practice for Go

Incomplete CRUD / RBAC Service in Go The repository name means nothing. But your task is to complete this repository on your own to be a functional CR

Teknologi Umum 5 Nov 9, 2021
A practical RBAC implementation

RBAC This project contains a practical RBAC implementation by Golang. It's actually a demo now. With in-memory storage, no database or file storage ye

Max Xu 0 Dec 1, 2021
⛩️ Go library for protecting HTTP handlers with authorization bearer token.

G8, pronounced Gate, is a simple Go library for protecting HTTP handlers with tokens. Tired of constantly re-implementing a security layer for each

Chris C. 39 Apr 21, 2022
Go library providing in-memory implementation of an OAuth2 Authorization Server / OpenID Provider

dispans Go library providing in-memory implementation of an OAuth2 Authorization Server / OpenID Provider. The name comes from the Swedish word dispen

Xenit AB 3 Dec 22, 2021
A library for Go client applications that need to perform OAuth authorization against a server

oauth-0.8.0.zip oauth A library for Go client applications that need to perform OAuth authorization against a server, typically GitHub.com. Traditiona

tigressma 1 Oct 13, 2021
Herbert Fischer 196 Nov 17, 2021