Skip to content
/ chakra Public

Lightweight but powerful access control for golang chi router

License

Notifications You must be signed in to change notification settings

c2h5oh/chakra

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

chakra

GoDoc Widget

chakra allows you to easily add resource/operation based access control to https://github.com/pressly/chi

You can define any access control rules you want as a middleware - chakra will make sure they are checked.

Forcing security as you code with minimum overhead

chakra will:

  • build resource routes (identifiers) for your access checks
  • inject access control right before the last handlers in chain - not optional
  • not let you run your code without providing access control function - it will panic
  • not let you create new router without providing the next part of resource route or explicitly telling it to use parent one - it will panic

It's not airtight - you can still escape the added security, but it requires more effort than being secure. You can write a buggy access control function too - it can't help with that - but at least you won't forget to use it.

How to use it?

Almost exactly the same way you'd use chi

chi without access control

r := chi.NewRouter()
r.Mount("/api", func(r chi.Router){
    r = chi.NewRouter()
    r.Post("/endpoint1", handler1)
    ...
})

chakra - chi with access control

chakra.SetAC(myAccessControlRules) // you only do this once

r := chakra.NewRouter(chakra.UseParentRoute)
r.Mount("/api", func(r chi.Router){
    r = chakra.NewRouter("secure_api")
    r.Post("/endpoint1", handler1)
    ...
})

And you are DONE! - myAccessControlRules will be called right before handler1 to check permissions to POST to {"secure_api", "endpoint1"} resource

Examples

Example access control function

Credits

TODO

  • More examples
  • A lot of unit tests (and then some!)

Contributions are always welcome - fork it, do your thing, open a pull request!

License

Copyright (c) 2015 Maciej Lisiewski

Licensed under MIT License

About

Lightweight but powerful access control for golang chi router

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages