Authorization middleware for GraphQL.
Project description
graphql-authz
GraphQL-Authz is a Python3.6+ port of GraphQL-Authz, the node.js implementation for the Casbin authorization middleware.
[][https://pypi.python.org/pypi/graphql_authz]
[][https://travis-ci.com/Checho3388/graphql_authz]
This package should use with GraphQL-core 3, allowing to limit access to each endpoint using casbin policy.
Installation
Install the package using pip.
pip install graphql-authz
Get Started
This package should use with graphql and graphql-middleware. To limit access to each graphql resource you can use a casbin policy. For example, given this policy for an RBAC model:
p, authorized_user, hello, query
Validation can be enforced using:
import casbin
from authz.middleware import enforcer_middleware
from graphql import graphql_sync, GraphQLSchema, GraphQLObjectType, GraphQLField, GraphQLString
schema = GraphQLSchema(
query=GraphQLObjectType(
name="RootQueryType",
fields={
"hello": GraphQLField(
GraphQLString,
resolve=lambda obj, info: "world")
}))
enforcer = casbin.Enforcer("model_file.conf", "policy_file.csv")
casbin_middleware = enforcer_middleware(enforcer)
query = """{ hello }"""
# Authorized user ("authorized_user") has access to data
response = graphql_sync(schema, query, middleware=[casbin_middleware], context_value={"role": "authorized_user"})
assert response.data == {"hello": "world"}
# Unauthorized users ("unauthorized_user") are rejected
response = graphql_sync(schema, query, middleware=[casbin_middleware], context_value={"role": "unauthorized_user"})
assert response.errors[0].message == "unauthorized_user can not query hello"
For more interesting scenarios see tests
folder.
Credits
This package was created with Cookiecutter_ and the audreyr/cookiecutter-pypackage
_ project template.
.. _Cookiecutter: https://github.com/audreyr/cookiecutter
.. _audreyr/cookiecutter-pypackage
: https://github.com/audreyr/cookiecutter-pypackage
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for graphql_authz-0.1.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a921ce1f7c4163e8067fab2a16c120432c729dc614d9c231a64ed1ba9654b9da |
|
MD5 | a72eb93ffb0c562f69c3b74ae4a65069 |
|
BLAKE2b-256 | 33ad30ee0304a7bdb1fadc070b0b5d5b85dbe783c2204321319bc1fb5bb5035b |