gin-rbac is a role-based access control (RBAC) middleware for Gin framework to filter out unauthorized REST API access.
Each resource is an API endpoint. (for example: /api/products/:id)
GET/PUT/DELETE/POST
Allow an operation on a specific resource.
Represents identity of a request to protected resources.
Dynamic role: $everyone (for all users), $authenticated (authenticated users).
Static role: e.g. admin (a defined role for administrators), manager, etc.
Users is connected with roles and roles are connected with permission (operation-resource) tuples with a n-to-n mapping.
policy.json:
{
"/api/products": {
"GET" : ["$authenticated"]
},
"/api/products/:id": {
"GET" : ["$authenticated"],
"PUT" : ["manager", "editor"],
"DELETE" : ["admin"]
}
}Install the package
go get github.com/aiyi/gin-rbacUse the middleware
import (
"github.com/gin-gonic/gin"
"github.com/aiyi/gin-rbac"
)
func main() {
g := gin.New()
g.Use(rbac.Middleware("policy.json", func(c *gin.Context) *rbac.Roles {
// write your custom code to return roles of current user
}))
g.GET("/api/products", func(c *gin.Context) {
// handle GET products
})
g.DELETE("/api/products/:id", func(c *gin.Context) {
// handle DELETE by product id
})
}