An authorization middleware for sanic based on PyCasbin
Project description
sanic-authz
sanic-authz is an authorization middleware for Sanic. It is based on PyCasbin.
Installation
pip install sanic-authz
Module Usage:
import casbin
from sanic import Sanic, response
from sanic.request import Request
from sanic_authz.middleware import CasbinAuthMiddleware
app = Sanic("SanicAuthzExample")
enforcer = casbin.Enforcer("rbac_model.conf", "policy.csv")
# Registration middleware
CasbinAuthMiddleware(sanic_app, enforcer)
# CasbinAuthMiddleware is a global middleware.
# The authorization check will be performed automatically on each request.
# You don't need to manually invoke the middleware in your route handlers.
@app.route("/")
async def homepage(request):
return response.text("Hello, world!")
Custom subject_getter:
By default, the middleware extracts user identity from the X-User header field. Client requests need to include the X-User header:
curl -H "X-User: alice" http://localhost:8000/data
You can customize the subject_getter to adapt to different authentication mechanisms. For example, JWT authentication:
def jwt_subject_getter(request: Request) -> str:
token = request.headers.get("Authorization", "").replace("Bearer ", "")
payload = decode_jwt(token)
return payload.get("user_id", "anonymous")
CasbinAuthMiddleware(app, enforcer, subject_getter=jwt_subject_getter)
session authentication:
def session_subject_getter(request: Request) -> str:
return request.ctx.session.get("user_id", "anonymous")
CasbinAuthMiddleware(app, enforcer, subject_getter=session_subject_getter)
Documentation
The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:
subject: the logged-in user nameobject: the URL path for the web resource like "dataset1/item1"action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the PyCasbin's documentation.
Getting Help
License
This project is licensed under the Apache 2.0 license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sanic_authz-1.0.0.tar.gz.
File metadata
- Download URL: sanic_authz-1.0.0.tar.gz
- Upload date:
- Size: 368.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d4360c8294618198669c5a448b183a13efe8f8a928d32a3be74bbd288b5915f2
|
|
| MD5 |
12dc4ee1903f58be649d43f0f9dc4376
|
|
| BLAKE2b-256 |
97135e2763c90ab2e361da4b3d605cf1d59073eb3b27ece42c91e61360b36de2
|
File details
Details for the file sanic_authz-1.0.0-py3-none-any.whl.
File metadata
- Download URL: sanic_authz-1.0.0-py3-none-any.whl
- Upload date:
- Size: 401.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1834e62133182d748d559cf2c76f57dc7bcbdceaab31bdbaabc5bfa65cce3b8c
|
|
| MD5 |
1bbdee84db23d0b44c02cf97d542b342
|
|
| BLAKE2b-256 |
e9dd3520a5ae4d895ce5fedd858050a2e5aca434540c3bba6f6e916adb21b1f7
|
