Skip to main content

Module authz

Module authz 

Source
Expand description

Resource-based authorization module for the rust-webx framework.

Provides:

  • ResourceAuthorization —an IAuthorizationPolicy that checks whether a user’s roles or permissions grant access to a specific resource (identified by the matched route pattern).
  • AuthorizerSet —collects all IDynamicAuthorizer instances from DI and runs them in sequence on protected routes.

§Example

use rust_webx_host::authz::{ResourceAuthorization, resource_auth_middleware};

let policy = ResourceAuthorization::new()
    .allow_role("/api/users", "admin")
    .allow_role("/api/users/{id}", "user")
    .allow_permission("/api/admin/**", "admin:access");

let middleware = resource_auth_middleware(Arc::new(policy));

§Dynamic authorizer (preferred)

use rust_webx_core::auth::{IClaims, IDynamicAuthorizer};

#[derive(Default)]
struct RoleAuthorizer;

#[async_trait::async_trait]
impl IDynamicAuthorizer for RoleAuthorizer {
    async fn authorize(&self, claims: &dyn IClaims, pattern: &str, method: &str) -> Result<()> {
        // your custom logic
        Ok(())
    }
}

Then register in DI:

svc.singleton::<dyn IDynamicAuthorizer>(|_| Arc::new(RoleAuthorizer::default()))

Structs§

AuthorizerSet
A set of IDynamicAuthorizer instances collected from the DI container.
ResourceAuthorization
Authorization policy that maps route patterns to allowed roles and permissions.

Functions§

collect_authorizers
Result from collecting IDynamicAuthorizer instances from DI. None means no authorizers are registered (pass-through mode).
resource_auth_middleware
Create a resource-based authorization middleware.