Skip to content

Latest commit

 

History

History
109 lines (85 loc) · 3.64 KB

README.md

File metadata and controls

109 lines (85 loc) · 3.64 KB
id
opafiber

Opafiber

Release Discord Test Security Linter

Open Policy Agent support for Fiber.

Note: Requires Go 1.19 and above

Install

go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/contrib/opafiber/v2

Signature

opafiber.New(config opafiber.Config) fiber.Handler

Config

Property Type Description Default
RegoQuery string Required - Rego query -
RegoPolicy io.Reader Required - Rego policy -
IncludeQueryString bool Include query string as input to rego policy false
DeniedStatusCode int Http status code to return when policy denies request 400
DeniedResponseMessage string Http response body text to return when policy denies request ""
IncludeHeaders []string Include headers as input to rego policy -
InputCreationMethod InputCreationFunc Use your own function to provide input for OPA func defaultInput(ctx *fiber.Ctx) (map[string]interface{}, error)

Types

type InputCreationFunc func(c *fiber.Ctx) (map[string]interface{}, error)

Usage

OPA Fiber middleware sends the following example data to the policy engine as input:

{
  "method": "GET",
  "path": "/somePath",
  "query": {
    "name": ["John Doe"]
  },
  "headers": {
    "Accept": "application/json",
    "Content-Type": "application/json"
  }
}
package main

import (
	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/contrib/opafiber/v2"
)

func main() {
	app := fiber.New()
	module := `
package example.authz

default allow := false

allow {
	input.method == "GET"
}
`

	cfg := opafiber.Config{
		RegoQuery:             "data.example.authz.allow",
		RegoPolicy:            bytes.NewBufferString(module),
		IncludeQueryString:    true,
		DeniedStatusCode:      fiber.StatusForbidden,
		DeniedResponseMessage: "status forbidden",
		IncludeHeaders:        []string{"Authorization"},
		InputCreationMethod:   func (ctx *fiber.Ctx) (map[string]interface{}, error) {
            return map[string]interface{}{
                "method": ctx.Method(),
                "path": ctx.Path(),
            }, nil
        },
	}
	app.Use(opafiber.New(cfg))

	app.Get("/", func(ctx *fiber.Ctx) error {
		return ctx.SendStatus(200)
	})

	app.Listen(":8080")
}