baa middleware for authorization, it's based on https://github.com/casbin/casbin.
// Init
e := casbin.NewEnforcer("conf/rbac_model.conf", "conf/rbac_policy.csv")
ini := authz.Config{
ExcludeURL: excludeURL,
ExcludePrefix: excludePrefix,
Extractor: func(c *baa.Context) (string, error) {
customs, err := base.GetStandClaims(c)
if err != nil {
return "get user Info failure", err
}
return strconv.Itoa(customs.Auth.ID), nil
},
}
b.Use(authz.Authorizer(e, ini))
skip authz for these url,for example login or register, /login,/register
skip authz for these url prefix,for example login or register, /login,/register
Custom methods to obtain user information, such as from JWT or session