Expand description
Resource-based authorization module for the rust-webx framework.
Provides:
ResourceAuthorization—anIAuthorizationPolicythat checks whether a user’s roles or permissions grant access to a specific resource (identified by the matched route pattern).AuthorizerSet—collects allIDynamicAuthorizerinstances from DI and runs them in sequence on protected routes.
§Example
ⓘ
use rust_webx_host::authz::{ResourceAuthorization, resource_auth_middleware};
let policy = ResourceAuthorization::new()
.allow_role("/api/users", "admin")
.allow_role("/api/users/{id}", "user")
.allow_permission("/api/admin/**", "admin:access");
let middleware = resource_auth_middleware(Arc::new(policy));§Dynamic authorizer (preferred)
ⓘ
use rust_webx_core::auth::{IClaims, IDynamicAuthorizer};
#[derive(Default)]
struct RoleAuthorizer;
#[async_trait::async_trait]
impl IDynamicAuthorizer for RoleAuthorizer {
async fn authorize(&self, claims: &dyn IClaims, pattern: &str, method: &str) -> Result<()> {
// your custom logic
Ok(())
}
}Then register in DI:
ⓘ
svc.singleton::<dyn IDynamicAuthorizer>(|_| Arc::new(RoleAuthorizer::default()))Structs§
- Authorizer
Set - A set of
IDynamicAuthorizerinstances collected from the DI container. - Resource
Authorization - Authorization policy that maps route patterns to allowed roles and permissions.
Functions§
- collect_
authorizers - Result from collecting
IDynamicAuthorizerinstances from DI.Nonemeans no authorizers are registered (pass-through mode). - resource_
auth_ middleware - Create a resource-based authorization middleware.