Add a basic casbin example for actix-web. (#264)

* Add the casbin example for actix-web.

* Update for clear description.

Cargo.toml

@@ -6,6 +6,7 @@ members = [
    "async_pg",
    "awc_https",
    "basics",
+   "casbin",
    "cookie-auth",
    "cookie-session",
    "diesel",

casbin/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "actix-casbin-example"
+version = "0.1.0"
+authors = ["Chojan Shang <psiace@outlook.com>"]
+edition = "2018"
+workspace = ".."
+
+[dependencies]
+actix-web = "2.0"
+actix-rt = "1.0"
+casbin = "0.3"
+loge = {version = "0.4", default-features = false, features = ["colored", "chrono"]}

casbin/README.md

@@ -0,0 +1,27 @@
+# Casbin
+
+Basic integration of [Casbin-RS](https://github.com/casbin/casbin-rs) with [RBAC](https://en.wikipedia.org/wiki/Role-based_access_control) for Actix web.
+
+## Usage
+
+```sh
+cd examples/casbin
+```
+
+Modify the files in the `rbac` directory and the code in the `src` directory as required.
+
+## Running Server
+
+```sh
+cd examples/casbin
+cargo run (or ``cargo watch -x run``)
+
+# Started http server: 127.0.0.1:8080
+```
+
+In this example, you can get the the successful result at `http://localhost:8080/success` (accessible) and the failed result at `http://localhost:8080/fail` (inaccessible, `ERR_EMPTY_RESPONSE`).
+
+## Others
+
+- Original location of this demo: <https://github.com/PsiACE/actix-casbin-example>
+- For more related examples of [Casbin-RS](https://github.com/casbin/casbin-rs): <https://github.com/casbin-rs/examples>

casbin/rbac/rbac_model.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

casbin/rbac/rbac_policy.csv

@@ -0,0 +1,5 @@
+p, alice, data1, read
+p, bob, data2, write
+p, data2_admin, data2, read
+p, data2_admin, data2, write
+g, alice, data2_admin

casbin/src/main.rs

@@ -0,0 +1,58 @@
+use casbin::{DefaultModel, Enforcer, FileAdapter, RbacApi};
+use std::boxed::Box;
+use std::io;
+use std::sync::RwLock;
+
+use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer};
+
+/// simple handle
+async fn success(
+    enforcer: web::Data<RwLock<Enforcer>>,
+    req: HttpRequest,
+) -> HttpResponse {
+    let mut e = enforcer.write().unwrap();
+    println!("{:?}", req);
+    assert_eq!(vec!["data2_admin"], e.get_roles_for_user("alice", None));
+
+    HttpResponse::Ok().body("Success: alice is data2_admin.")
+}
+
+async fn fail(enforcer: web::Data<RwLock<Enforcer>>, req: HttpRequest) -> HttpResponse {
+    let mut e = enforcer.write().unwrap();
+    println!("{:?}", req);
+    assert_eq!(vec!["data1_admin"], e.get_roles_for_user("alice", None));
+
+    HttpResponse::Ok().body("Fail: alice is not data1_admin.") // In fact, it can't be displayed.
+}
+
+#[actix_rt::main]
+async fn main() -> io::Result<()> {
+    std::env::set_var("RUST_LOG", "info");
+    std::env::set_var("LOGE_FORMAT", "target");
+
+    loge::init();
+
+    let model = DefaultModel::from_file("rbac/rbac_model.conf")
+        .await
+        .unwrap();
+    let adapter = FileAdapter::new("rbac/rbac_policy.csv");
+
+    let e = Enforcer::new(Box::new(model), Box::new(adapter))
+        .await
+        .unwrap();
+    let e = web::Data::new(RwLock::new(e)); // wrap enforcer into actix-state
+
+    //move is necessary to give closure below ownership of counter
+    HttpServer::new(move || {
+        App::new()
+            .app_data(e.clone()) // <- create app with shared state
+            // enable logger
+            .wrap(middleware::Logger::default())
+            // register simple handler, handle all methods
+            .service(web::resource("/success").to(success))
+            .service(web::resource("/fail").to(fail))
+    })
+    .bind("127.0.0.1:8080")?
+    .run()
+    .await
+}