Update go modules for Iris v12.2.0-alpha2

Author: kataras

casbin/_examples/middleware/main.go

@@ -4,33 +4,33 @@ import (
 	"github.com/kataras/iris/v12"
 	"github.com/kataras/iris/v12/middleware/basicauth"
 
-	"github.com/casbin/casbin/v2"
-	cm "github.com/iris-contrib/middleware/casbin"
+	"github.com/iris-contrib/middleware/casbin"
 )
 
-// $ go get github.com/casbin/casbin/v2@v2.13.1
+// $ go get github.com/casbin/casbin/v2@v2.17.0
 // $ go run main.go
 
-// Enforcer maps the model and the policy for the casbin service, we use this variable on the main_test too.
-var Enforcer, _ = casbin.NewEnforcer("casbinmodel.conf", "casbinpolicy.csv")
-
 func newApp() *iris.Application {
 	app := iris.New()
 
-	casbinMiddleware := cm.New(Enforcer)
-	/* Casbin requires an authenticated user name,
-	   You have three ways to set that username:
-	1. casbinMiddleware.UsernameExtractor = func(ctx iris.Context) string {
-		// [...custom logic]
-		return "bob"
+	casbinMiddleware, err := casbin.NewEnforcer("casbinmodel.conf", "casbinpolicy.csv")
+	if err != nil {
+		panic(err)
 	}
-	2. by SetUsername package-level function:
-		func auth(ctx iris.Context) {
-			cm.SetUsername(ctx, "bob")
-			ctx.Next()
+	/* The Casbin authorization determines a request based on `{subject, object, action}`.
+	Please refer to: https://github.com/casbin/casbin to understand how it works first.
+	The object is the current request's path and the action is the current request's method.
+	The subject is extracted by the current request's ctx.User().GetUsername(),
+	you can customize it by:
+		1. casbinMiddleware.SubjectExtractor = func(ctx iris.Context) string {
+			// [...custom logic]
+			return "bob"
 		}
-	3. By registering an auth middleware that fills the Context.User()
-	   ^ recommended way, and that's what it's used on that example.
+		2. by SetSubject package-level function:
+			func auth(ctx iris.Context) {
+				casbin.SetSubject(ctx, "bob")
+				ctx.Next()
+			}
 	*/
 	app.Use(basicauth.Default(map[string]string{
 		"bob":   "bobpass",
@@ -58,9 +58,9 @@ func main() {
 }
 
 func hi(ctx iris.Context) {
-	// Note that, by default, the username is extracted by ctx.Request().BasicAuth
-	// to change that, use the `cm.SetUsername` before the casbin middleware's execution.
-	ctx.Writef("Hello %s", cm.Username(ctx))
+	ctx.Writef("Hello %s", casbin.Subject(ctx))
+	// Note that, by default, the username is extracted by ctx.User().GetUsername()
+	// to change that behavior modify the `casbin.SubjectExtractor` or
+	// use the `casbin.SetSubject` to set a custom subject for the current request
+	// before the casbin middleware's execution.
 }
-
-// You can modify the username that casbin uses by:

casbin/_examples/router/main.go

@@ -4,40 +4,41 @@ import (
 	"github.com/kataras/iris/v12"
 	"github.com/kataras/iris/v12/middleware/basicauth"
 
-	"github.com/casbin/casbin/v2"
-	cm "github.com/iris-contrib/middleware/casbin"
+	"github.com/iris-contrib/middleware/casbin"
 )
 
-// $ go get github.com/casbin/casbin/v2@v2.13.1
+// $ go get github.com/casbin/casbin/v2@v2.17.0
 // $ go run main.go
 
-// Enforcer maps the model and the policy for the casbin service, we use this variable on the main_test too.
-var Enforcer, _ = casbin.NewEnforcer("casbinmodel.conf", "casbinpolicy.csv")
-
 func newApp() *iris.Application {
 	app := iris.New()
 
-	casbinMiddleware := cm.New(Enforcer)
-	/* Casbin requires an authenticated user name,
-	   You have three ways to set that username:
-	1. casbinMiddleware.UsernameExtractor = func(ctx iris.Context) string {
-		// [...custom logic]
-		return "bob"
+	casbinMiddleware, err := casbin.NewEnforcer("casbinmodel.conf", "casbinpolicy.csv")
+	if err != nil {
+		panic(err)
 	}
-	2. by SetUsername package-level function:
-		func auth(ctx iris.Context) {
-			cm.SetUsername(ctx, "bob")
-			ctx.Next()
+	/* The Casbin authorization determines a request based on `{subject, object, action}`.
+	Please refer to: https://github.com/casbin/casbin to understand how it works first.
+	The object is the current request's path and the action is the current request's method.
+	The subject is extracted by the current request's ctx.User().GetUsername(),
+	you can customize it by:
+		1. casbinMiddleware.SubjectExtractor = func(ctx iris.Context) string {
+			// [...custom logic]
+			return "bob"
 		}
-	3. By registering an auth middleware that fills the Context.User()
-	   ^ recommended way, and that's what it's used on that example.
+		2. by SetSubject package-level function:
+			func auth(ctx iris.Context) {
+				casbin.SetSubject(ctx, "bob")
+				ctx.Next()
+			}
 	*/
 	app.UseRouter(basicauth.Default(map[string]string{
 		"bob":   "bobpass",
 		"alice": "alicepass",
 	}))
-	// Note that by registering with UseRouter,
-	// and becauese the middleware stops the execution with 403 (Forbidden)
+
+	// Note that by registering with UseRouter instead of Use,
+	// and becauese the middleware stops the execution with 403 (Forbidden) by default,
 	// if the authentication and roles match failed,
 	// unregistered route paths will fire 403 instead of 404 (Not Found).
 	app.UseRouter(casbinMiddleware.ServeHTTP)
@@ -62,7 +63,9 @@ func main() {
 }
 
 func hi(ctx iris.Context) {
-	ctx.Writef("Hello %s", cm.Username(ctx))
-	// Note that, by default, the username is extracted by ctx.Request().BasicAuth
-	// to change that, use the `cm.SetUsername` before the casbin middleware's execution.
+	ctx.Writef("Hello %s", casbin.Subject(ctx))
+	// Note that, by default, the username is extracted by ctx.User().GetUsername()
+	// to change that behavior modify the `casbin.SubjectExtractor` or
+	// use the `casbin.SetSubject` to set a custom subject for the current request
+	// before the casbin middleware's execution.
 }

casbin/casbin.go

@@ -11,32 +11,67 @@ func init() {
 	context.SetHandlerName("github.com/iris-contrib/middleware/casbin.*", "iris-contrib.casbin")
 }
 
-// Casbin is the auth services which contains the casbin enforcer.
+// Casbin is the auth service which contains the casbin enforcer.
 type Casbin struct {
 	enforcer *casbin.Enforcer
-	// Can be used to customize the username passed to the casbin enforcer.
-	UsernameExtractor func(iris.Context) string
+	// SubjectExtractor is used to extract the
+	// current request's subject for the casbin role enforcer.
+	// Defaults to the `Subject` package-level function which
+	// extracts the subject from a prior registered authorization middleware's
+	// username (e.g. basicauth or JWT).
+	SubjectExtractor func(iris.Context) string
+
+	// UnauthorizedHandler sets a custom handler to be executed
+	// when the role checks fail.
+	// Defaults to a handler which sends a status forbidden (403) status code.
+	UnauthorizedHandler iris.Handler
 }
 
-// New returns the auth service which receives a casbin enforcer.
-// The username that casbin requires is extracted by:
-// - UsernameExtractor
-// - casbin.Username
-//  | set with casbin.SetUsername
+// New returns the Casbin middleware based on the given casbin.Enforcer instance.
+// The authorization determines a request based on `{subject, object, action}`.
+// Please refer to: https://github.com/casbin/casbin to understand how it works first.
+//
+// The object is the current request's path and the action is the current request's method.
+// The subject that casbin requires is extracted by:
+// - SubjectExtractor
+// - casbin.Subject
+//  | set with casbin.SetSubject
 // - Context.User().GetUsername()
-//  | by a prior auth middleware through Context.SetUser
+//  | by a prior auth middleware through Context.SetUser.
 func New(e *casbin.Enforcer) *Casbin {
-	return &Casbin{enforcer: e}
+	return &Casbin{
+		enforcer: e,
+		SubjectExtractor: func(ctx iris.Context) string {
+			return Subject(ctx)
+		},
+		UnauthorizedHandler: func(ctx iris.Context) {
+			ctx.StopWithStatus(iris.StatusForbidden)
+		},
+	}
+}
+
+// NewEnforcer returns the Casbin middleware based on the given model and policy file paths.
+//
+// Read `New` package-level function for more information.
+func NewEnforcer(modelFile, policyFile string) (*Casbin, error) {
+	e, err := casbin.NewEnforcer(modelFile, policyFile)
+	if err != nil {
+		return nil, err
+	}
+
+	return New(e), nil
 }
 
 // ServeHTTP is the iris compatible casbin handler which should be passed to specific routes or parties.
+// Responds with Status Forbidden on unauthorized clients.
 // Usage:
+// - app.Use(authMiddleware)
+// - app.Use(casbinMiddleware.ServeHTTP) OR
+// - app.UseRouter(casbinMiddleware.ServeHTTP) OR per route:
 // - app.Get("/dataset1/resource1", casbinMiddleware.ServeHTTP, myHandler)
-// - app.Use(casbinMiddleware.ServeHTTP)
-// - app.UseRouter(casbinMiddleware.ServeHTTP)
 func (c *Casbin) ServeHTTP(ctx iris.Context) {
 	if !c.Check(ctx) {
-		ctx.StopWithStatus(iris.StatusForbidden)
+		c.UnauthorizedHandler(ctx)
 		return
 	}
 
@@ -51,35 +86,33 @@ func (c *Casbin) ServeHTTP(ctx iris.Context) {
 // - inside a handler
 // - using the iris.NewConditionalHandler
 func (c *Casbin) Check(ctx iris.Context) bool {
-	var username string
-	if c.UsernameExtractor != nil {
-		username = c.UsernameExtractor(ctx)
-	} else {
-		username = Username(ctx)
-	}
-
-	ok, _ := c.enforcer.Enforce(username, ctx.Path(), ctx.Method())
+	ok, _ := c.Enforce(ctx, c.SubjectExtractor(ctx))
 	return ok
 }
 
-const usernameContextKey = "iris.contrib.casbin.username"
+// Enforce accepts the Context's path and method and a subject/role/username
+// and reports whether the specific "subject" has access to the current request.
+func (c *Casbin) Enforce(ctx iris.Context, subject string) (bool, error) {
+	return c.enforcer.Enforce(subject, ctx.Path(), ctx.Method())
+}
 
-// Username gets the username from the basicauth
-// or the given (by a prior middleware) username.
-// See `SetUsername` package-level function too.
-func Username(ctx iris.Context) string {
-	username := ctx.Values().GetString(usernameContextKey)
-	if username == "" {
-		if u := ctx.User(); u != nil {
-			username, _ = u.GetUsername()
-		}
+const subjectContextKey = "iris.contrib.casbin.subject"
 
-	}
-	return username
+// SetSubject sets a custom subject for the current request for the casbin middleware.
+// See `Subject` package-level function too.
+func SetSubject(ctx iris.Context, subject string) {
+	ctx.Values().Set(subjectContextKey, subject)
 }
 
-// SetUsername sets a custom username for the casbin middleware.
-// See `Username` package-level function too.
-func SetUsername(ctx iris.Context, username string) {
-	ctx.Values().Set(usernameContextKey, username)
+// Subject gets the subject from an authorization middleware's username, e.g. basicauth or JWT.
+// If there is no registered middleware to fetch the subject then
+// it tries to extract it from the context's values (see SetSubject package-level function to set it).
+func Subject(ctx iris.Context) string {
+	subject := ctx.Values().GetString(subjectContextKey)
+	if subject == "" {
+		if u := ctx.User(); u != nil {
+			subject, _ = u.GetUsername()
+		}
+	}
+	return subject
 }

casbin/go.mod

@@ -4,5 +4,5 @@ go 1.14
 
 require (
 	github.com/casbin/casbin/v2 v2.17.0
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 )

cloudwatch/go.mod

@@ -2,4 +2,4 @@ module github.com/iris-contrib/middleware/cloudwatch
 
 go 1.14
 
-require github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+require github.com/kataras/iris/v12 v12.2.0-alpha2

cors/go.mod

@@ -2,4 +2,4 @@ module github.com/iris-contrib/middleware/cors
 
 go 1.14
 
-require github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+require github.com/kataras/iris/v12 v12.2.0-alpha2

csrf/go.mod

@@ -4,5 +4,5 @@ go 1.15
 
 require (
 	github.com/gorilla/securecookie v1.1.1
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 )

jwt/go.mod

@@ -4,5 +4,5 @@ go 1.14
 
 require (
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 )

newrelic/go.mod

@@ -3,6 +3,6 @@ module github.com/iris-contrib/middleware/newrelic
 go 1.14
 
 require (
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 	github.com/newrelic/go-agent/v3 v3.8.1
 )

prometheus/go.mod

@@ -3,6 +3,6 @@ module github.com/iris-contrib/middleware/prometheus
 go 1.14
 
 require (
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 	github.com/prometheus/client_golang v1.2.1 // indirect
 )

secure/go.mod

@@ -3,5 +3,5 @@ module github.com/iris-contrib/middleware/secure
 go 1.14
 
 require (
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 )

throttler/go.mod

@@ -3,6 +3,6 @@ module github.com/iris-contrib/middleware/throttler
 go 1.14
 
 require (
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 	github.com/throttled/throttled/v2 v2.6.0
 )

tollboothic/go.mod

@@ -4,5 +4,5 @@ go 1.14
 
 require (
 	github.com/didip/tollbooth/v6 v6.0.1
-	github.com/kataras/iris/v12 v12.2.0-alpha.0.20201113181155-4d09475c290d
+	github.com/kataras/iris/v12 v12.2.0-alpha2
 )