Composer
首页 包列表 提交包 常见问题 关于

定制 segrax/open-policy-agent 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

segrax/open-policy-agent

最新稳定版本:0.5.0

Composer 安装命令:

composer require segrax/open-policy-agent

包简介

Open Policy Agent client and PSR-7, PSR-15 Authorization Middleware

关键字:

# middleware # psr-7 # psr-15 # psr-18 # authz # opa

README 文档

README

This library provides a client for the Open Policy Agent (OPA), a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware.

Latest Version Packagist Software License Build Status codecov

For working examples, please see segrax/opa-php-examples and a walkthrough is available to guide you through the examples.

Install

Install the latest using composer.

composer require segrax/open-policy-agent

Usage Examples

Client Usage

use Segrax\OpenPolicyAgent\Client;
use GuzzleHttp\Client as GuzzleHttpClient;

$apiPolicy = "package my.api
              default allow=false
              allow {
                  input.path = [\"abc\"]
                  input.user == \"a random user\"
              }";

$client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken');

// Push a policy to the agent
$client->policyUpdate('my/api', $apiPolicy, false);

// Execute the policy
$inputs = [ 'path' => ['abc'],
            'user' => 'a random user'];

$res = $client->policy('my/api', $inputs, false, false, false, false );
if ($res->getByName('allow') === true ) {
    // Do stuff
}

Authorization Middleware

Create the client, and add the Authorization object onto the middleware stack

use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Authorization;

$app = AppFactory::create();

$client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken');
$app->add(new Authorization(
                [Authorization::OPT_POLICY => 'auth/api'],
                $client,
                $app->getResponseFactory()));

Distributor Middleware

Insert the middleware, it will respond to bundle requests at /opa/bundles/{service_name} for users with a valid JWT with the subfield 'opa'

use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Distributor;

$app = AppFactory::create();

$app->add(new Distributor(
                        '/opa/bundles/',        // Route
                        __DIR__ . '/opa',       // Policy Path
                        [Distributor::OPT_AGENT_USER => 'opa'], // Token Sub Field
                        $app->getResponseFactory(),
                        new StreamFactory(),
                        $app->getLogger()));

// Add a GET route for the opa bundle route
$app->get('/opa/bundles/{name}', function (Request $request, Response $response, array $args) {
    return $response->withStatus(404);
});

Code Testing

make tests

Security

If you discover any security related issues, please email robcrossfield@gmail.com.

License

The MIT License (MIT). Please see License File for more information.

统计信息

  • 总下载量: 1.87k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 20
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 20
  • Watchers: 1
  • Forks: 2
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2019-12-07