feat: initial casbin support

api/casbin.go

@@ -0,0 +1,95 @@
+package api
+
+import (
+	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/model"
+	"github.com/casbin/casbin/v2/persist"
+	"go.uber.org/zap"
+	"strings"
+	"sync"
+)
+
+func GetCasbin(logger *zap.Logger) *casbin.Enforcer {
+	m := model.NewModel()
+	m.AddDef("r", "r", "sub, obj, act")
+	m.AddDef("p", "p", "sub, obj, act")
+	m.AddDef("e", "e", "some(where (p.eft == allow))")
+	m.AddDef("m", "m", "r.sub == p.sub && keyMatch2(r.obj, p.obj) && r.act == p.act")
+
+	a := NewPolicyAdapter(logger)
+
+	_ = a.AddPolicy("admin", "/admin", []string{"GET"})
+	_ = a.AddPolicy("admin", "/admin", []string{"POST"})
+	_ = a.AddPolicy("admin", "/admin", []string{"DELETE"})
+
+	e, err := casbin.NewEnforcer(m, a)
+	if err != nil {
+		logger.Fatal("Failed to create casbin enforcer", zap.Error(err))
+	}
+
+	return e
+}
+
+type PolicyAdapter struct {
+	policy []string
+	lock   sync.RWMutex
+	logger *zap.Logger
+}
+
+// NewPolicyAdapter creates a new PolicyAdapter instance.
+func NewPolicyAdapter(logger *zap.Logger) *PolicyAdapter {
+	return &PolicyAdapter{
+		policy: make([]string, 0),
+		logger: logger,
+	}
+}
+
+// LoadPolicy loads all policy rules from the storage.
+func (a *PolicyAdapter) LoadPolicy(model model.Model) error {
+	a.lock.RLock()
+	defer a.lock.RUnlock()
+
+	for _, line := range a.policy {
+		err := persist.LoadPolicyLine(line, model)
+		if err != nil {
+			a.logger.Fatal("Failed to load policy line", zap.Error(err))
+		}
+	}
+	return nil
+}
+
+// SavePolicy saves all policy rules to the storage.
+func (a *PolicyAdapter) SavePolicy(model model.Model) error {
+	return nil
+}
+
+// AddPolicy adds a policy rule to the storage.
+// AddPolicy adds a policy rule to the storage.
+func (a *PolicyAdapter) AddPolicy(sec string, ptype string, rule []string) error {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	// Create a line representing the policy rule
+	line := ptype + ", " + strings.Join(rule, ", ")
+
+	// Check if the policy rule already exists
+	for _, existingLine := range a.policy {
+		if line == existingLine {
+			return nil // Policy rule already exists, no need to add it again
+		}
+	}
+
+	// Add the policy rule to the storage
+	a.policy = append(a.policy, line)
+	return nil
+}
+
+// RemovePolicy removes a policy rule from the storage.
+func (a *PolicyAdapter) RemovePolicy(sec string, ptype string, rule []string) error {
+	return nil
+}
+
+// RemoveFilteredPolicy removes policy rules that match the filter from the storage.
+func (a *PolicyAdapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error {
+	return nil
+}

cmd/portal/init.go

@@ -65,6 +65,11 @@ func initLogger(p interfaces.Portal) error {
 	return nil
 }
 
+func initAccess(p interfaces.Portal) error {
+	p.SetCasbin(api.GetCasbin(p.Logger()))
+	return nil
+}
+
 func initDatabase(p interfaces.Portal) error {
 	return p.Database().Init(p)
 }
@@ -115,6 +120,7 @@ func getInitList() []initFunc {
 		initIdentity,
 		initCheckRequiredConfig,
 		initLogger,
+		initAccess,
 		initDatabase,
 		initProtocols,
 		initStorage,

cmd/portal/portal.go

@@ -7,6 +7,7 @@ import (
 	"git.lumeweb.com/LumeWeb/portal/interfaces"
 	"git.lumeweb.com/LumeWeb/portal/protocols"
 	"git.lumeweb.com/LumeWeb/portal/storage"
+	"github.com/casbin/casbin/v2"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 	"gorm.io/gorm"
@@ -25,6 +26,7 @@ type PortalImpl struct {
 	identity         ed25519.PrivateKey
 	storage          interfaces.StorageService
 	database         interfaces.Database
+	casbin           *casbin.Enforcer
 }
 
 func (p *PortalImpl) Database() interfaces.Database {
@@ -99,3 +101,10 @@ func (p *PortalImpl) SetLogger(logger *zap.Logger) {
 func (p *PortalImpl) ProtocolRegistry() interfaces.ProtocolRegistry {
 	return p.protocolRegistry
 }
+func (p *PortalImpl) Casbin() *casbin.Enforcer {
+	return p.casbin
+}
+
+func (p *PortalImpl) SetCasbin(e *casbin.Enforcer) {
+	p.casbin = e
+}

go.mod

@@ -4,6 +4,7 @@ go 1.20
 
 require (
 	git.lumeweb.com/LumeWeb/libs5-go v0.0.0-20240116003411-13ca22d80e1c
+	github.com/casbin/casbin/v2 v2.81.0
 	github.com/go-resty/resty/v2 v2.11.0
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/spf13/viper v1.18.2
@@ -18,6 +19,7 @@ require (
 
 require (
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
+	github.com/casbin/govaluate v1.1.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-sql-driver/mysql v1.7.0 // indirect

go.sum

@@ -2,6 +2,10 @@ git.lumeweb.com/LumeWeb/libs5-go v0.0.0-20240116003411-13ca22d80e1c h1:qG16pbgMd
 git.lumeweb.com/LumeWeb/libs5-go v0.0.0-20240116003411-13ca22d80e1c/go.mod h1:CMtoCT4WlAWzJtNer2MEW170i14jeKhSjxbYQ5DIGqw=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
+github.com/casbin/casbin/v2 v2.81.0 h1:vNwJXK7a+TJZElZ5saP+SFJvweZNtJ3MlVP6P4IuRqE=
+github.com/casbin/casbin/v2 v2.81.0/go.mod h1:jX8uoN4veP85O/n2674r2qtfSXI6myvxW85f6TH50fw=
+github.com/casbin/govaluate v1.1.0 h1:6xdCWIpE9CwHdZhlVQW+froUrCsjb6/ZYNcXODfLT+E=
+github.com/casbin/govaluate v1.1.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -14,6 +18,7 @@ github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqx
 github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -96,6 +101,7 @@ golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/i
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@@ -134,6 +140,7 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=

interfaces/portal.go

@@ -2,6 +2,7 @@ package interfaces
 
 import (
 	"crypto/ed25519"
+	"github.com/casbin/casbin/v2"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 	"gorm.io/gorm"
@@ -20,4 +21,6 @@ type Portal interface {
 	SetIdentity(identity ed25519.PrivateKey)
 	SetLogger(logger *zap.Logger)
 	Database() Database
+	Casbin() *casbin.Enforcer
+	SetCasbin(e *casbin.Enforcer)
 }