Authorization middleware for GraphQL.
Project description
graphql-authz
GraphQL-Authz is a Python3.6+ port of GraphQL-Authz, the node.js implementation for the Casbin authorization middleware.
This package should use with GraphQL-core 3, allowing to limit access to each endpoint using casbin policy.
Installation
Install the package using pip.
pip install graphql-authz
Get Started
This package should use with graphql and graphql-middleware. To limit access to each graphql resource you can use a casbin policy. For example, given this policy for an RBAC model:
p, authorized_user, hello, query
Validation can be enforced using:
import casbin
from authz.middleware import enforcer_middleware
from graphql import (
graphql_sync,
GraphQLSchema,
GraphQLObjectType,
GraphQLField,
GraphQLString,
)
schema = GraphQLSchema(
query=GraphQLObjectType(
name="RootQueryType",
fields={
"hello": GraphQLField(
GraphQLString,
resolve=lambda obj, info: "world")
}))
enforcer = casbin.Enforcer("model_file.conf", "policy_file.csv")
casbin_middleware = enforcer_middleware(enforcer)
query = """{ hello }"""
# Authorized user ("authorized_user") has access to data
response = graphql_sync(
schema,
query,
middleware=[casbin_middleware],
context_value={"role": "authorized_user"}
)
assert response.data == {"hello": "world"}
# Unauthorized users ("unauthorized_user") are rejected
response = graphql_sync(
schema,
query,
middleware=[casbin_middleware],
context_value={"role": "unauthorized_user"}
)
assert response.errors[0].message == "unauthorized_user can not query hello"
For more interesting scenarios see tests
folder.
Credits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage
project template.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for graphql_authz-0.1.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 88c07c3eace18e41fc9cd5f0830835ab3a1ebcf6bbb03a6858c2f1d440303344 |
|
MD5 | bd6b137cea940b80ef1cfc8813f8a021 |
|
BLAKE2b-256 | 88cb8c38ab2d4110cc3bbc9e8a7dfcfcf8e1cbe0e72fe410fe70a94e8d6703ca |