英文:
Roles and permissions in Go REST Api
问题
我正在使用Go语言开发一个REST API,它正在实现JWT,遵循这个模式:
我有一个中间件来验证令牌,但我的问题是我想要另一个中间件在我的API中的某些路径上添加角色和权限。
你们能给一些建议吗?你可以在我的GitHub项目中看到所有的代码:repository
谢谢
英文:
I'm developing an REST API in go, it's implementing jwt following this schema :
I've a middleware that verify tokens and my problem is that I want another one to add roles and permissions on some path in my API
Could you guys give some tips pls ? My project is on github as you can see all the code : repository
Thanks
答案1
得分: 8
如果我没错的话,你正在询问的是访问控制列表(ACL)https://en.wikipedia.org/wiki/Access_control_list
你需要为每种权限类型分别设置控制器,并拥有一个模块,在用户登录时检查会话变量的设置,以确定该特定控制器允许的权限类型。
完成登录检查后,你可以进行授权检查,确定用户是否可以访问资源和操作,控制器可以与单个资源绑定(但此行为可以被覆盖),控制器操作可以映射到资源操作。
对于Go语言,你可以找到很多ACL示例:
1 https://github.com/hectane/go-acl
2 https://github.com/mikespook/gorbac
英文:
If I am not wrong, what you are asking is for access control list (ACL) https://en.wikipedia.org/wiki/Access_control_list
You will need to separate controllers for each type of permission and have a module that checks the session variable set when the user logs in with the type of permission allowed for that particular controller.
After the login check is completed, you can carry out an authorization check whether the user can access the resource and action, the controller can be tied to a single resource (but this behavior can be overridden) and the controller action can be mapped to a resource action.
For Go, you can get a lot of ACL samples:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论