Skip to content

apache/casbin-python-sanic-authz

Repository files navigation

sanic-authz

build Coverage Status Version PyPI - Wheel Pyversions Download Discord

sanic-authz is an authorization middleware for Sanic. It is based on PyCasbin.

Installation

pip install sanic-authz

Module Usage:

import casbin
from sanic import Sanic, response
from sanic.request import Request
from sanic_authz.middleware import CasbinAuthMiddleware

app = Sanic("SanicAuthzExample")
enforcer = casbin.Enforcer("rbac_model.conf", "policy.csv")

# Registration middleware
CasbinAuthMiddleware(sanic_app, enforcer)

# CasbinAuthMiddleware is a global middleware.
# The authorization check will be performed automatically on each request.
# You don't need to manually invoke the middleware in your route handlers.
@app.route("/")
async def homepage(request):
    return response.text("Hello, world!")

Custom subject_getter:

By default, the middleware extracts user identity from the X-User header field. Client requests need to include the X-User header:

curl -H "X-User: alice" http://localhost:8000/data

You can customize the subject_getter to adapt to different authentication mechanisms. For example, JWT authentication:

def jwt_subject_getter(request: Request) -> str:
    token = request.headers.get("Authorization", "").replace("Bearer ", "")
    payload = decode_jwt(token)
    return payload.get("user_id", "anonymous")

CasbinAuthMiddleware(app, enforcer, subject_getter=jwt_subject_getter)

session authentication:

def session_subject_getter(request: Request) -> str:
    return request.ctx.session.get("user_id", "anonymous")

CasbinAuthMiddleware(app, enforcer, subject_getter=session_subject_getter)

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-in user name
  2. object: the URL path for the web resource like "dataset1/item1"
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the PyCasbin's documentation.

Getting Help

License

This project is licensed under the Apache 2.0 license.

About

Sanic authorization middleware based on Casbin

Topics

Resources

License

Code of conduct

Security policy

Stars

3 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors

Languages