diff --git a/api/casbin.go b/api/casbin.go new file mode 100644 index 0000000..cccc62f --- /dev/null +++ b/api/casbin.go @@ -0,0 +1,95 @@ +package api + +import ( + "github.com/casbin/casbin/v2" + "github.com/casbin/casbin/v2/model" + "github.com/casbin/casbin/v2/persist" + "go.uber.org/zap" + "strings" + "sync" +) + +func GetCasbin(logger *zap.Logger) *casbin.Enforcer { + m := model.NewModel() + m.AddDef("r", "r", "sub, obj, act") + m.AddDef("p", "p", "sub, obj, act") + m.AddDef("e", "e", "some(where (p.eft == allow))") + m.AddDef("m", "m", "r.sub == p.sub && keyMatch2(r.obj, p.obj) && r.act == p.act") + + a := NewPolicyAdapter(logger) + + _ = a.AddPolicy("admin", "/admin", []string{"GET"}) + _ = a.AddPolicy("admin", "/admin", []string{"POST"}) + _ = a.AddPolicy("admin", "/admin", []string{"DELETE"}) + + e, err := casbin.NewEnforcer(m, a) + if err != nil { + logger.Fatal("Failed to create casbin enforcer", zap.Error(err)) + } + + return e +} + +type PolicyAdapter struct { + policy []string + lock sync.RWMutex + logger *zap.Logger +} + +// NewPolicyAdapter creates a new PolicyAdapter instance. +func NewPolicyAdapter(logger *zap.Logger) *PolicyAdapter { + return &PolicyAdapter{ + policy: make([]string, 0), + logger: logger, + } +} + +// LoadPolicy loads all policy rules from the storage. +func (a *PolicyAdapter) LoadPolicy(model model.Model) error { + a.lock.RLock() + defer a.lock.RUnlock() + + for _, line := range a.policy { + err := persist.LoadPolicyLine(line, model) + if err != nil { + a.logger.Fatal("Failed to load policy line", zap.Error(err)) + } + } + return nil +} + +// SavePolicy saves all policy rules to the storage. +func (a *PolicyAdapter) SavePolicy(model model.Model) error { + return nil +} + +// AddPolicy adds a policy rule to the storage. +// AddPolicy adds a policy rule to the storage. +func (a *PolicyAdapter) AddPolicy(sec string, ptype string, rule []string) error { + a.lock.Lock() + defer a.lock.Unlock() + + // Create a line representing the policy rule + line := ptype + ", " + strings.Join(rule, ", ") + + // Check if the policy rule already exists + for _, existingLine := range a.policy { + if line == existingLine { + return nil // Policy rule already exists, no need to add it again + } + } + + // Add the policy rule to the storage + a.policy = append(a.policy, line) + return nil +} + +// RemovePolicy removes a policy rule from the storage. +func (a *PolicyAdapter) RemovePolicy(sec string, ptype string, rule []string) error { + return nil +} + +// RemoveFilteredPolicy removes policy rules that match the filter from the storage. +func (a *PolicyAdapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error { + return nil +} diff --git a/cmd/portal/init.go b/cmd/portal/init.go index dfa5360..5a8eb2f 100644 --- a/cmd/portal/init.go +++ b/cmd/portal/init.go @@ -65,6 +65,11 @@ func initLogger(p interfaces.Portal) error { return nil } +func initAccess(p interfaces.Portal) error { + p.SetCasbin(api.GetCasbin(p.Logger())) + return nil +} + func initDatabase(p interfaces.Portal) error { return p.Database().Init(p) } @@ -115,6 +120,7 @@ func getInitList() []initFunc { initIdentity, initCheckRequiredConfig, initLogger, + initAccess, initDatabase, initProtocols, initStorage, diff --git a/cmd/portal/portal.go b/cmd/portal/portal.go index b56fce6..caf7f46 100644 --- a/cmd/portal/portal.go +++ b/cmd/portal/portal.go @@ -7,6 +7,7 @@ import ( "git.lumeweb.com/LumeWeb/portal/interfaces" "git.lumeweb.com/LumeWeb/portal/protocols" "git.lumeweb.com/LumeWeb/portal/storage" + "github.com/casbin/casbin/v2" "github.com/spf13/viper" "go.uber.org/zap" "gorm.io/gorm" @@ -25,6 +26,7 @@ type PortalImpl struct { identity ed25519.PrivateKey storage interfaces.StorageService database interfaces.Database + casbin *casbin.Enforcer } func (p *PortalImpl) Database() interfaces.Database { @@ -99,3 +101,10 @@ func (p *PortalImpl) SetLogger(logger *zap.Logger) { func (p *PortalImpl) ProtocolRegistry() interfaces.ProtocolRegistry { return p.protocolRegistry } +func (p *PortalImpl) Casbin() *casbin.Enforcer { + return p.casbin +} + +func (p *PortalImpl) SetCasbin(e *casbin.Enforcer) { + p.casbin = e +} diff --git a/go.mod b/go.mod index 9589b25..2e79dbf 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.20 require ( git.lumeweb.com/LumeWeb/libs5-go v0.0.0-20240116003411-13ca22d80e1c + github.com/casbin/casbin/v2 v2.81.0 github.com/go-resty/resty/v2 v2.11.0 github.com/julienschmidt/httprouter v1.3.0 github.com/spf13/viper v1.18.2 @@ -18,6 +19,7 @@ require ( require ( github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect + github.com/casbin/govaluate v1.1.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-sql-driver/mysql v1.7.0 // indirect diff --git a/go.sum b/go.sum index 49a3d1b..141a180 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,10 @@ git.lumeweb.com/LumeWeb/libs5-go v0.0.0-20240116003411-13ca22d80e1c h1:qG16pbgMd git.lumeweb.com/LumeWeb/libs5-go v0.0.0-20240116003411-13ca22d80e1c/go.mod h1:CMtoCT4WlAWzJtNer2MEW170i14jeKhSjxbYQ5DIGqw= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= +github.com/casbin/casbin/v2 v2.81.0 h1:vNwJXK7a+TJZElZ5saP+SFJvweZNtJ3MlVP6P4IuRqE= +github.com/casbin/casbin/v2 v2.81.0/go.mod h1:jX8uoN4veP85O/n2674r2qtfSXI6myvxW85f6TH50fw= +github.com/casbin/govaluate v1.1.0 h1:6xdCWIpE9CwHdZhlVQW+froUrCsjb6/ZYNcXODfLT+E= +github.com/casbin/govaluate v1.1.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -14,6 +18,7 @@ github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqx github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A= github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc= github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= @@ -96,6 +101,7 @@ golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/i golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -134,6 +140,7 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= diff --git a/interfaces/portal.go b/interfaces/portal.go index 5ea4c81..d258a88 100644 --- a/interfaces/portal.go +++ b/interfaces/portal.go @@ -2,6 +2,7 @@ package interfaces import ( "crypto/ed25519" + "github.com/casbin/casbin/v2" "github.com/spf13/viper" "go.uber.org/zap" "gorm.io/gorm" @@ -20,4 +21,6 @@ type Portal interface { SetIdentity(identity ed25519.PrivateKey) SetLogger(logger *zap.Logger) Database() Database + Casbin() *casbin.Enforcer + SetCasbin(e *casbin.Enforcer) }