Macaron-authz is an authorization middleware for Macaron, it's based on https://github.com/casbin/casbin.

go get github.com/go-macaron/authz

package main

import (
	"net/http"

	"github.com/casbin/casbin"
	"github.com/go-macaron/authz"
	"gopkg.in/macaron.v1"
)

func main() {
	m := macaron.New()

	// load the casbin model and policy from files, database is also supported.
	e := casbin.NewEnforcer("authz_model.conf", "authz_policy.csv")
	m.Use(authz.Authorizer(e))

	// define your handler, this is just an example to return HTTP 200 for any requests.
	// the access that is denied by authz will return HTTP 403 error.
	m.Use(func(res http.ResponseWriter, req *http.Request) {
    	res.Write([]byte("Access allowed. "))
    })
}

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

1. subject: the logged-on user name
2. object: the URL path for the web resource like "dataset1/item1"
3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

• Casbin

This project is under Apache 2.0 License. See the LICENSE file for the full license text.