From bd910c949db7f9d6e8968e2328a4306d8cfe1bae Mon Sep 17 00:00:00 2001 From: Luis Albarenga Date: Tue, 26 Dec 2023 22:22:08 -0300 Subject: [PATCH 1/3] feat: improve test readability and include README.md --- casbin/README.md | 46 +++++++++++++++++++++++++++++ casbin/casbin_test.go | 69 +++++++++++++++++++++---------------------- 2 files changed, 80 insertions(+), 35 deletions(-) create mode 100644 casbin/README.md diff --git a/casbin/README.md b/casbin/README.md new file mode 100644 index 0000000..6383389 --- /dev/null +++ b/casbin/README.md @@ -0,0 +1,46 @@ +# Usage +Simple example: +```go + package main + + import ( + "github.com/casbin/casbin/v2" + "github.com/labstack/echo/v4" + casbin_mw "github.com/labstack/echo-contrib/casbin" + ) + + func main() { + e := echo.New() + + // Mediate the access for every request + e.Use(casbin_mw.Middleware(casbin.NewEnforcer("auth_model.conf", "auth_policy.csv"))) + + e.Logger.Fatal(e.Start(":1323")) + } +``` + +Advanced example: +```go + package main + + import ( + "github.com/casbin/casbin/v2" + "github.com/labstack/echo/v4" + casbin_mw "github.com/labstack/echo-contrib/casbin" + ) + + func main() { + ce, _ := casbin.NewEnforcer("auth_model.conf", "") + ce.AddRoleForUser("alice", "admin") + ce.AddPolicy("added_user", "data1", "read") + + e := echo.New() + + e.Use(casbin_mw.Middleware(ce)) + + e.Logger.Fatal(e.Start(":1323")) + } +``` + +# API Reference +See [API Overview](https://casbin.org/docs/api-overview). \ No newline at end of file diff --git a/casbin/casbin_test.go b/casbin/casbin_test.go index 5d4c8fb..ab5a017 100644 --- a/casbin/casbin_test.go +++ b/casbin/casbin_test.go @@ -26,12 +26,11 @@ func testRequest(t *testing.T, h echo.HandlerFunc, user string, path string, met err := h(c) if err != nil { - if errObj, ok := err.(*echo.HTTPError); ok { + var errObj *echo.HTTPError + if errors.As(err, &errObj) { if errObj.Code != code { t.Errorf("%s, %s, %s: %d, supposed to be %d", user, path, method, errObj.Code, code) } - } else { - t.Error(err) } } else { if c.Response().Status != code { @@ -46,10 +45,10 @@ func TestAuth(t *testing.T) { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "alice", "/dataset1/resource1", echo.GET, 200) - testRequest(t, h, "alice", "/dataset1/resource1", echo.POST, 200) - testRequest(t, h, "alice", "/dataset1/resource2", echo.GET, 200) - testRequest(t, h, "alice", "/dataset1/resource2", echo.POST, 403) + testRequest(t, h, "alice", "/dataset1/resource1", echo.GET, http.StatusOK) + testRequest(t, h, "alice", "/dataset1/resource1", echo.POST, http.StatusOK) + testRequest(t, h, "alice", "/dataset1/resource2", echo.GET, http.StatusOK) + testRequest(t, h, "alice", "/dataset1/resource2", echo.POST, http.StatusForbidden) } func TestPathWildcard(t *testing.T) { @@ -58,19 +57,19 @@ func TestPathWildcard(t *testing.T) { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "bob", "/dataset2/resource1", "GET", 200) - testRequest(t, h, "bob", "/dataset2/resource1", "POST", 200) - testRequest(t, h, "bob", "/dataset2/resource1", "DELETE", 200) - testRequest(t, h, "bob", "/dataset2/resource2", "GET", 200) - testRequest(t, h, "bob", "/dataset2/resource2", "POST", 403) - testRequest(t, h, "bob", "/dataset2/resource2", "DELETE", 403) - - testRequest(t, h, "bob", "/dataset2/folder1/item1", "GET", 403) - testRequest(t, h, "bob", "/dataset2/folder1/item1", "POST", 200) - testRequest(t, h, "bob", "/dataset2/folder1/item1", "DELETE", 403) - testRequest(t, h, "bob", "/dataset2/folder1/item2", "GET", 403) - testRequest(t, h, "bob", "/dataset2/folder1/item2", "POST", 200) - testRequest(t, h, "bob", "/dataset2/folder1/item2", "DELETE", 403) + testRequest(t, h, "bob", "/dataset2/resource1", "GET", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource1", "POST", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource1", "DELETE", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource2", "GET", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource2", "POST", http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/resource2", "DELETE", http.StatusForbidden) + + testRequest(t, h, "bob", "/dataset2/folder1/item1", "GET", http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/folder1/item1", "POST", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/folder1/item1", "DELETE", http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/folder1/item2", "GET", http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/folder1/item2", "POST", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/folder1/item2", "DELETE", http.StatusForbidden) } func TestRBAC(t *testing.T) { @@ -80,22 +79,22 @@ func TestRBAC(t *testing.T) { }) // cathy can access all /dataset1/* resources via all methods because it has the dataset1_admin role. - testRequest(t, h, "cathy", "/dataset1/item", "GET", 200) - testRequest(t, h, "cathy", "/dataset1/item", "POST", 200) - testRequest(t, h, "cathy", "/dataset1/item", "DELETE", 200) - testRequest(t, h, "cathy", "/dataset2/item", "GET", 403) - testRequest(t, h, "cathy", "/dataset2/item", "POST", 403) - testRequest(t, h, "cathy", "/dataset2/item", "DELETE", 403) + testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusOK) + testRequest(t, h, "cathy", "/dataset1/item", "POST", http.StatusOK) + testRequest(t, h, "cathy", "/dataset1/item", "DELETE", http.StatusOK) + testRequest(t, h, "cathy", "/dataset2/item", "GET", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", "POST", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", "DELETE", http.StatusForbidden) // delete all roles on user cathy, so cathy cannot access any resources now. ce.DeleteRolesForUser("cathy") - testRequest(t, h, "cathy", "/dataset1/item", "GET", 403) - testRequest(t, h, "cathy", "/dataset1/item", "POST", 403) - testRequest(t, h, "cathy", "/dataset1/item", "DELETE", 403) - testRequest(t, h, "cathy", "/dataset2/item", "GET", 403) - testRequest(t, h, "cathy", "/dataset2/item", "POST", 403) - testRequest(t, h, "cathy", "/dataset2/item", "DELETE", 403) + testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", "POST", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", "DELETE", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", "GET", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", "POST", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", "DELETE", http.StatusForbidden) } func TestEnforceError(t *testing.T) { @@ -104,7 +103,7 @@ func TestEnforceError(t *testing.T) { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "cathy", "/dataset1/item", "GET", 500) + testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusInternalServerError) } func TestCustomUserGetter(t *testing.T) { @@ -119,7 +118,7 @@ func TestCustomUserGetter(t *testing.T) { h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "cathy", "/dataset1/item", "GET", 403) + testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusForbidden) } func TestUserGetterError(t *testing.T) { @@ -134,7 +133,7 @@ func TestUserGetterError(t *testing.T) { h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "cathy", "/dataset1/item", "GET", 403) + testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusForbidden) } func TestCustomEnforceHandler(t *testing.T) { From 91dd9cc15f3feeb59d80aa27bdedebdc8af0c19e Mon Sep 17 00:00:00 2001 From: Luis Albarenga Date: Tue, 26 Dec 2023 22:34:48 -0300 Subject: [PATCH 2/3] feat: add custom skipper test --- casbin/casbin_test.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/casbin/casbin_test.go b/casbin/casbin_test.go index ab5a017..0014d34 100644 --- a/casbin/casbin_test.go +++ b/casbin/casbin_test.go @@ -159,3 +159,18 @@ func TestCustomEnforceHandler(t *testing.T) { testRequest(t, h, "bob", "/user/alice", "PATCH", http.StatusForbidden) testRequest(t, h, "bob", "/user/bob", "PATCH", http.StatusOK) } + +func TestCustomSkipper(t *testing.T) { + ce, _ := casbin.NewEnforcer("auth_model.conf", "auth_policy.csv") + cnf := Config{ + Skipper: func(c echo.Context) bool { + return c.Request().URL.Path == "/dataset1/resource1" + }, + Enforcer: ce, + } + h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { + return c.String(http.StatusOK, "test") + }) + testRequest(t, h, "alice", "/dataset1/resource1", "GET", http.StatusOK) + testRequest(t, h, "alice", "/dataset1/resource2", echo.POST, http.StatusForbidden) +} From 5fa66a2668446afcf1a3bc03651dd7d2c18c741b Mon Sep 17 00:00:00 2001 From: Luis Albarenga Date: Tue, 26 Dec 2023 22:46:34 -0300 Subject: [PATCH 3/3] feat: improve test readability --- casbin/casbin_test.go | 64 +++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/casbin/casbin_test.go b/casbin/casbin_test.go index 0014d34..69227be 100644 --- a/casbin/casbin_test.go +++ b/casbin/casbin_test.go @@ -57,19 +57,19 @@ func TestPathWildcard(t *testing.T) { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "bob", "/dataset2/resource1", "GET", http.StatusOK) - testRequest(t, h, "bob", "/dataset2/resource1", "POST", http.StatusOK) - testRequest(t, h, "bob", "/dataset2/resource1", "DELETE", http.StatusOK) - testRequest(t, h, "bob", "/dataset2/resource2", "GET", http.StatusOK) - testRequest(t, h, "bob", "/dataset2/resource2", "POST", http.StatusForbidden) - testRequest(t, h, "bob", "/dataset2/resource2", "DELETE", http.StatusForbidden) - - testRequest(t, h, "bob", "/dataset2/folder1/item1", "GET", http.StatusForbidden) - testRequest(t, h, "bob", "/dataset2/folder1/item1", "POST", http.StatusOK) - testRequest(t, h, "bob", "/dataset2/folder1/item1", "DELETE", http.StatusForbidden) - testRequest(t, h, "bob", "/dataset2/folder1/item2", "GET", http.StatusForbidden) - testRequest(t, h, "bob", "/dataset2/folder1/item2", "POST", http.StatusOK) - testRequest(t, h, "bob", "/dataset2/folder1/item2", "DELETE", http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/resource1", echo.GET, http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource1", echo.POST, http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource1", echo.DELETE, http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource2", echo.GET, http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource2", echo.POST, http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/resource2", echo.DELETE, http.StatusForbidden) + + testRequest(t, h, "bob", "/dataset2/folder1/item1", echo.GET, http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/folder1/item1", echo.POST, http.StatusOK) + testRequest(t, h, "bob", "/dataset2/folder1/item1", echo.DELETE, http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/folder1/item2", echo.GET, http.StatusForbidden) + testRequest(t, h, "bob", "/dataset2/folder1/item2", echo.POST, http.StatusOK) + testRequest(t, h, "bob", "/dataset2/folder1/item2", echo.DELETE, http.StatusForbidden) } func TestRBAC(t *testing.T) { @@ -79,22 +79,22 @@ func TestRBAC(t *testing.T) { }) // cathy can access all /dataset1/* resources via all methods because it has the dataset1_admin role. - testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusOK) - testRequest(t, h, "cathy", "/dataset1/item", "POST", http.StatusOK) - testRequest(t, h, "cathy", "/dataset1/item", "DELETE", http.StatusOK) - testRequest(t, h, "cathy", "/dataset2/item", "GET", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset2/item", "POST", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset2/item", "DELETE", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", echo.GET, http.StatusOK) + testRequest(t, h, "cathy", "/dataset1/item", echo.POST, http.StatusOK) + testRequest(t, h, "cathy", "/dataset1/item", echo.DELETE, http.StatusOK) + testRequest(t, h, "cathy", "/dataset2/item", echo.GET, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", echo.POST, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", echo.DELETE, http.StatusForbidden) // delete all roles on user cathy, so cathy cannot access any resources now. ce.DeleteRolesForUser("cathy") - testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset1/item", "POST", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset1/item", "DELETE", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset2/item", "GET", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset2/item", "POST", http.StatusForbidden) - testRequest(t, h, "cathy", "/dataset2/item", "DELETE", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", echo.GET, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", echo.POST, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", echo.DELETE, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", echo.GET, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", echo.POST, http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset2/item", echo.DELETE, http.StatusForbidden) } func TestEnforceError(t *testing.T) { @@ -103,7 +103,7 @@ func TestEnforceError(t *testing.T) { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusInternalServerError) + testRequest(t, h, "cathy", "/dataset1/item", echo.GET, http.StatusInternalServerError) } func TestCustomUserGetter(t *testing.T) { @@ -118,7 +118,7 @@ func TestCustomUserGetter(t *testing.T) { h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", echo.GET, http.StatusForbidden) } func TestUserGetterError(t *testing.T) { @@ -133,7 +133,7 @@ func TestUserGetterError(t *testing.T) { h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "cathy", "/dataset1/item", "GET", http.StatusForbidden) + testRequest(t, h, "cathy", "/dataset1/item", echo.GET, http.StatusForbidden) } func TestCustomEnforceHandler(t *testing.T) { @@ -155,9 +155,9 @@ func TestCustomEnforceHandler(t *testing.T) { h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "bob", "/dataset2/resource1", "GET", http.StatusOK) - testRequest(t, h, "bob", "/user/alice", "PATCH", http.StatusForbidden) - testRequest(t, h, "bob", "/user/bob", "PATCH", http.StatusOK) + testRequest(t, h, "bob", "/dataset2/resource1", echo.GET, http.StatusOK) + testRequest(t, h, "bob", "/user/alice", echo.PATCH, http.StatusForbidden) + testRequest(t, h, "bob", "/user/bob", echo.PATCH, http.StatusOK) } func TestCustomSkipper(t *testing.T) { @@ -171,6 +171,6 @@ func TestCustomSkipper(t *testing.T) { h := MiddlewareWithConfig(cnf)(func(c echo.Context) error { return c.String(http.StatusOK, "test") }) - testRequest(t, h, "alice", "/dataset1/resource1", "GET", http.StatusOK) + testRequest(t, h, "alice", "/dataset1/resource1", echo.GET, http.StatusOK) testRequest(t, h, "alice", "/dataset1/resource2", echo.POST, http.StatusForbidden) }