Comprehensive Guide to Casbin for Access Control Management

Posted on by vero

Introduction to Casbin

Casbin is an open-source access control library that supports a variety of authorization models, including ACL, RBAC, ABAC, and others. It is highly efficient and is designed to control access across a wide variety of systems. This guide will walk you through various Casbin APIs and show examples of their use in a sample application.

Getting Started with Casbin

To begin using Casbin, you’ll need to install it first. You can install Casbin using npm for a Node.js application:

  
    npm install casbin

Core APIs

Creating a Model

Casbin uses models to define the structure of policies. Here’s how you can create a simple model:

  
    const { newModel } = require('casbin');

    const model = newModel();
    model.addDef('r', 'r', 'sub, obj, act');  // Request definition
    model.addDef('p', 'p', 'sub, obj, act');  // Policy definition
    model.addDef('e', 'e', 'some(where (p.eft == allow))');  // Effect definition
    model.addDef('m', 'm', 'r.sub == p.sub && r.obj == p.obj && r.act == p.act');  // Matchers definition

Adding Policies

You can add policies to your defined model like so:

  
    const policies = [
        ['alice', 'data1', 'read'],
        ['bob', 'data2', 'write'],
    ];

    policies.forEach(async (policy) => {
      await casbin.addPolicy(...policy);
    });

Enforcing Policies

Check if a request is authorized based on these policies:

  
    const { newEnforcer } = require('casbin');

    async function enforcePolicy(sub, obj, act) {
      const enforcer = await newEnforcer(model, policies);
      const authorized = await enforcer.enforce(sub, obj, act);
      return authorized;
    }

    enforcePolicy('alice', 'data1', 'read').then(auth => {
      console.log(auth);  // true
    });

Loading Policies from Storage

Policies can be stored in and loaded from a database:

  
    const { newAdapter } = require('casbin');
    const adapter = newAdapter('mysql', 'username:password@tcp(127.0.0.1:3306)/casbin');
    
    const enforcer = await newEnforcer(model, adapter);
    await enforcer.loadPolicy();

Sample Application

Below is an example of a basic application using Casbin:

  
    const express = require('express');
    const { newEnforcer } = require('casbin');

    const app = express();

    app.use(async (req, res, next) => {
      const enforcer = await newEnforcer(model, policies);
      const { user, path, method } = req;
      const granted = await enforcer.enforce(user, path, method);

      if (granted) {
        next();
      } else {
        res.status(403).send('Forbidden');
      }
    });

    app.get('/data1', (req, res) => {
      res.send('Data 1');
    });

    app.get('/data2', (req, res) => {
      res.send('Data 2');
    });

    app.listen(3000, () => {
      console.log('Server is running on port 3000');
    });

In this app, requests are authorized before they reach the route handlers. If the policy allows access, the request proceeds; otherwise, a 403 Forbidden status is returned.

Conclusion

Casbin is a powerful and flexible library for handling access control across a range of applications. By setting up models and policies, and enforcing them, you can manage access with ease. Whether you’re building a small application or a large-scale enterprise system, Casbin provides the tools you need.

Hash: b14a6bb205e7b7ac7ea0b175cce38d60498112a51b4995046194dea144b8ab07

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts