Actix Middleware for Oso Authorization

actix-web middleware for the Oso authorization framework.

Apache 2.0 or MIT licensed

Installation

Add actix-web-middleware-oso as a dependency:

toml [dependencies] actix-web-middleware-oso = "0.1.0" actix-web = "4" oso = "0.26.0"

Usage

Create a function to run your Oso authorization logic.

```rust async fn authorize(req: ServiceRequest, oso: Oso) -> Result { let action = req.method().tostring().touppercase(); let resource = req.path();

match oso.is_allowed("_actor", action, resource) {
    Ok(true) => Ok(req),
    _ => Err(ErrorUnauthorized("not allowed")),
}

} ```

Initialize Oso and the middleware, and add it to your actix App with wrap.

```rust

[actix_web::main]

async fn main() -> std::io::Result<()> { HttpServer::new(|| { let mut oso = Oso::new(); oso.loadstr(r#"allow(actor, action, resource) if action = "GET" and resource.startswith("/ok/");"#) .unwrap(); let authz = OsoMiddleware::new(oso, authorize); App::new() .wrap(middleware::Logger::default()) .wrap(authz) .defaultservice(web::to(|| HttpResponse::Ok())) }) .bind("127.0.0.1:8080")? .run() .await } ```

In addition, your initialized Oso is available to handlers via the extractor:

```rust

[get("/hello")]

async fn hello(oso: ExtractedOso) -> impl Responder { let user = User { name: "alice".to_string(), };

if oso.is_allowed(user, "action", "resource").unwrap() {
    HttpResponse::Ok().body("cool cool")
} else {
    HttpResponse::Unauthorized().body("nope, sorry")
}

} ```

License

This project is licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.