Skip to content

README.md

Latest commit

 

History

History
114 lines (86 loc) · 3.7 KB

README.md

File metadata and controls

114 lines (86 loc) · 3.7 KB
id opa

OPA

Release Discord Test

Open Policy Agent support for Fiber.

Compatible with Fiber v3.

Go version support

We only support the latest two versions of Go. Visit https://go.dev/doc/devel/release for more information.

Install

go get -u github.com/gofiber/fiber/v3
go get -u github.com/gofiber/contrib/v3/opa

Signature

opa.New(config opa.Config) fiber.Handler

Config

Property Type Description Default
RegoQuery string Required - Rego query -
RegoPolicy io.Reader Required - Rego policy -
IncludeQueryString bool Include query string as input to rego policy false
DeniedStatusCode int Http status code to return when policy denies request 400
DeniedResponseMessage string Http response body text to return when policy denies request ""
IncludeHeaders []string Include headers as input to rego policy -
InputCreationMethod InputCreationFunc Use your own function to provide input for OPA func defaultInput(ctx fiber.Ctx) (map[string]interface{}, error)

Types

type InputCreationFunc func(c fiber.Ctx) (map[string]interface{}, error)

Usage

OPA Fiber middleware sends the following example data to the policy engine as input:

{
  "method": "GET",
  "path": "/somePath",
  "query": {
    "name": ["John Doe"]
  },
  "headers": {
    "Accept": "application/json",
    "Content-Type": "application/json"
  }
}
package main

import (
    "bytes"

    "github.com/gofiber/fiber/v3"
    "github.com/gofiber/contrib/v3/opa"
)

func main() {
    app := fiber.New()
    module := `
package example.authz

default allow := false

allow if {
    input.method == "GET"
}
`

    cfg := opa.Config{
        RegoQuery:             "data.example.authz.allow",
        RegoPolicy:            bytes.NewBufferString(module),
        IncludeQueryString:    true,
        DeniedStatusCode:      fiber.StatusForbidden,
        DeniedResponseMessage: "status forbidden",
        IncludeHeaders:        []string{"Authorization"},
        InputCreationMethod:   func(ctx fiber.Ctx) (map[string]interface{}, error) {
            return map[string]interface{}{
                "method": ctx.Method(),
                "path": ctx.Path(),
            }, nil
        },
    }
    app.Use(opa.New(cfg))

    app.Get("/", func(ctx fiber.Ctx) error {
        return ctx.SendStatus(200)
    })

    app.Listen(":8080")
}