actix-web-middleware-opa
| Crates.io | actix-web-middleware-opa |
| lib.rs | actix-web-middleware-opa |
| version | 0.1.1 |
| source | src |
| created_at | 2018-12-11 07:10:34.529813 |
| updated_at | 2018-12-18 02:37:29.70078 |
| description | actix-web middleware for Open Policy Agent (OPA) verification |
| homepage | https://github.com/michiel/actix-web-middleware-opa |
| repository | |
| max_upload_size | |
| id | 101403 |
| size | 27,442 |
Michiel Kalkman (michiel)
documentation
https://docs.rs/actix-web-middleware-opa
README
actix-web-middleware-opa
Open Policy Agent (openpolicyagent/OPA) middleware for actix-web applications.
This middleware performs a policy check against an Open Policy Agent instance for incoming HTTP requests.
Both the policy check request and response are generic.
Flow
Example
Take the following request :
curl -XGET -H 'Authorization: Bearer 123123123' http://localhost:8080/order/item/1
This will need to be translated to a JSON call to OPA :
{
"input" : {
"token" : "123123123",
"method" : "GET",
"path" : ["order", "item", "1"]
}
}
We represent this as two Rust structs which implement Serialize,
#[derive(Serialize)]
struct PolicyRequest {
input: PolicyRequestInput,
}
#[derive(Serialize)]
struct PolicyRequestInput {
token: String,
method: String,
path: Vec<String>,
}
The expected response is a JSON object :
{
"result" : {
"allow" : true
}
}
We represent this as two Rust structs which implement Deserialize,
#[derive(Deserialize)]
struct PolicyResponse {
input: PolicyResponseResult,
}
#[derive(Deserialize)]
struct PolicyResponseResult {
allow: bool,
}
Lastly we have to implement the OPARequest<S> trait so that
impl<S> OPARequest<S> for PolicyRequest {
fn from_http_request(_req: &HttpRequest<S>) -> Result<Self, String> {
// This needs to be constructured from _req
Ok(PolicyRequest {
input: PolicyRequestInput {
token: "123".into(),
method: "GET",
path: vec!["order", "item", "1"],
}
})
}
}
type VerifierMiddleware = PolicyVerifier<PolicyRequest, PolicyResponse>;