Authorization middleware for GraphQL.
Project description
graphql-authz
GraphQL-Authz is a Python3.6+ port of GraphQL-Authz, the node.js implementation for the Casbin authorization middleware.
[
[
This package should use with GraphQL-core 3, allowing to limit access to each endpoint using casbin policy.
Installation
Install the package using pip.
pip install graphql-authz
Get Started
This package should use with graphql and graphql-middleware. To limit access to each graphql resource you can use a casbin policy. For example, given this policy for an RBAC model:
p, authorized_user, hello, query
Validation can be enforced using:
import casbin
from authz.middleware import enforcer_middleware
from graphql import graphql_sync, GraphQLSchema, GraphQLObjectType, GraphQLField, GraphQLString
schema = GraphQLSchema(
query=GraphQLObjectType(
name="RootQueryType",
fields={
"hello": GraphQLField(
GraphQLString,
resolve=lambda obj, info: "world")
}))
enforcer = casbin.Enforcer("model_file.conf", "policy_file.csv")
casbin_middleware = enforcer_middleware(enforcer)
query = """{ hello }"""
# Authorized user ("authorized_user") has access to data
response = graphql_sync(schema, query, middleware=[casbin_middleware], context_value={"role": "authorized_user"})
assert response.data == {"hello": "world"}
# Unauthorized users ("unauthorized_user") are rejected
response = graphql_sync(schema, query, middleware=[casbin_middleware], context_value={"role": "unauthorized_user"})
assert response.errors[0].message == "unauthorized_user can not query hello"
For more interesting scenarios see tests folder.
Credits
This package was created with Cookiecutter_ and the audreyr/cookiecutter-pypackage_ project template.
.. _Cookiecutter: https://github.com/audreyr/cookiecutter
.. _audreyr/cookiecutter-pypackage: https://github.com/audreyr/cookiecutter-pypackage
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file graphql-authz-0.1.0.tar.gz.
File metadata
- Download URL: graphql-authz-0.1.0.tar.gz
- Upload date:
- Size: 7.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.14.0 pkginfo/1.7.1 requests/2.26.0 setuptools/58.1.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c73ef8cd91dac38a529fcb0807d1037595ceeb0247109e4d049d4834678d10ac
|
|
| MD5 |
7954d36509e35cc63003485e7129475c
|
|
| BLAKE2b-256 |
4561e54cf6856d3f2afa6aef7afe5a07eb7a9feab0475f6b979c05eef86386c9
|
File details
Details for the file graphql_authz-0.1.0-py2.py3-none-any.whl.
File metadata
- Download URL: graphql_authz-0.1.0-py2.py3-none-any.whl
- Upload date:
- Size: 4.9 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.14.0 pkginfo/1.7.1 requests/2.26.0 setuptools/58.1.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a921ce1f7c4163e8067fab2a16c120432c729dc614d9c231a64ed1ba9654b9da
|
|
| MD5 |
a72eb93ffb0c562f69c3b74ae4a65069
|
|
| BLAKE2b-256 |
33ad30ee0304a7bdb1fadc070b0b5d5b85dbe783c2204321319bc1fb5bb5035b
|
