restructure folders

auth/casbin/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "actix-casbin-example"
+version = "1.0.0"
+edition = "2021"
+
+[dependencies]
+actix-web = "4.0.0-beta.21"
+casbin = "2.0.9"
+loge = {version = "0.4", default-features = false, features = ["colored", "chrono"]}
+tokio = { version = "1.16.1", features = ["sync"] }

auth/casbin/README.md

@@ -0,0 +1,26 @@
+# Casbin
+
+Basic integration of [Casbin-RS](https://github.com/casbin/casbin-rs) with [RBAC](https://en.wikipedia.org/wiki/Role-based_access_control) for Actix Web.
+
+## Usage
+
+```sh
+cd security/casbin
+```
+
+Modify the files in the `rbac` directory and the code in the `src` directory as required.
+
+## Running Server
+
+```sh
+cd security/casbin
+cargo run (or ``cargo watch -x run``)
+
+# Started http server: 127.0.0.1:8080
+```
+
+In this example, you can get the successful result at `http://localhost:8080/success` (accessible) and the failed result at `http://localhost:8080/fail` (inaccessible, `ERR_EMPTY_RESPONSE`).
+
+## Others
+
+- For more related examples of [Casbin-RS](https://github.com/casbin/casbin-rs): <https://github.com/casbin-rs/examples>

auth/casbin/rbac/rbac_model.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

auth/casbin/rbac/rbac_policy.csv

@@ -0,0 +1,5 @@
+p, alice, data1, read
+p, bob, data2, write
+p, data2_admin, data2, read
+p, data2_admin, data2, write
+g, alice, data2_admin

auth/casbin/src/main.rs

@@ -0,0 +1,55 @@
+use casbin::{CoreApi, DefaultModel, Enforcer, FileAdapter, RbacApi};
+use std::io;
+use tokio::sync::RwLock;
+
+use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer};
+
+/// simple handle
+async fn success(
+    enforcer: web::Data<RwLock<Enforcer>>,
+    req: HttpRequest,
+) -> HttpResponse {
+    let mut e = enforcer.write().await;
+    println!("{:?}", req);
+    assert_eq!(vec!["data2_admin"], e.get_roles_for_user("alice", None));
+
+    HttpResponse::Ok().body("Success: alice is data2_admin.")
+}
+
+async fn fail(enforcer: web::Data<RwLock<Enforcer>>, req: HttpRequest) -> HttpResponse {
+    let mut e = enforcer.write().await;
+    println!("{:?}", req);
+    assert_eq!(vec!["data1_admin"], e.get_roles_for_user("alice", None));
+
+    HttpResponse::Ok().body("Fail: alice is not data1_admin.") // In fact, it can't be displayed.
+}
+
+#[actix_web::main]
+async fn main() -> io::Result<()> {
+    std::env::set_var("RUST_LOG", "info");
+    std::env::set_var("LOGE_FORMAT", "target");
+
+    loge::init();
+
+    let model = DefaultModel::from_file("rbac/rbac_model.conf")
+        .await
+        .unwrap();
+    let adapter = FileAdapter::new("rbac/rbac_policy.csv");
+
+    let e = Enforcer::new(model, adapter).await.unwrap();
+    let e = web::Data::new(RwLock::new(e)); // wrap enforcer into actix-state
+
+    //move is necessary to give closure below ownership of counter
+    HttpServer::new(move || {
+        App::new()
+            .app_data(e.clone()) // <- create app with shared state
+            // enable logger
+            .wrap(middleware::Logger::default())
+            // register simple handler, handle all methods
+            .service(web::resource("/success").to(success))
+            .service(web::resource("/fail").to(fail))
+    })
+    .bind(("127.0.0.1", 8080))?
+    .run()
+    .await
+}