-
Install casbin lib in casbin-cpp.
-
Then you will get the
libcasbin.aandcasbinhead file in your path, check the path that your compiler can find it. For example. -
Then you can download nginx source code, I used
ngix-release-1.19. -
tar -zxvf nginx-release-1.19.0.tar.gz && cd nginx-release-1.19.0. -
Nignx is written by c, but
libcasbinis a cpp lib. So we must change the compile shell to ensure the cpp environment. You can ref this repository, but you must use cpp std17. -
After your change you can compile this module with
casbinby./config --add-module=module_path. -
Finally
makeyou will getnginxwithcasbinmodel.
- If you want generate dynamic modules, you can generate makefile by
./conifg --add-dynamic-module=module_path. - And you will get
ngx_http_casbin_module.soinnignx/objs/. - Then you can choose whether load this dynamic module by
load_module ./objs/ngx_http_casbin_module.so;.
- This module is base in
NGX_HTTP_ACCESS_PHASEphase. - Only support
getmethod. - Only support
locationarea. - You can use by pass
request policyin url. - Only support
file adoptercurrent.
casbin [on/off]:Open or close cabin module.casbin [adopter] [model_path] [policy_path].
master_process off;
daemon off;
#user nobody;
worker_processes 1;
error_log stderr debug;
# load dynamic library
# load_module ./objs/ngx_http_casbin_module.so;
events {
worker_connections 1024;
}
http {
# include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 60;
#main server
server {
listen 9999;
server_name localhost;
set $var1 "xyz-abc";
location /test {
casbin on;
casbin_adopter File ../config/rbac_with_domains_model.conf ../config/rbac_with_domains_policy.csv;
# return 200 "in test\n";
}
}
}- url1:
http://ip:port/test/?sub=alice&obj=data1&act=read->Allow policy - url2:
http://up:port/test/?sub=alice&obj=data1&act=write->Deny policy
