GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → falconry → falcon-policy

falconry / falcon-policy

Licence: other
Policy Middleware for Falcon APIs

Programming Languages

python
139335 projects - #7 most used programming language

Labels

middlewarepolicyfalcon

Projects that are alternatives of or similar to falcon-policy

old nesta daps
[archived]
Stars: ✭ 16 (-46.67%)
Mutual labels:  policy
open-source-logiciel-libre
Open Source Software Requirements and Guidance (Draft) - Exigences et guides liés aux logiciels libres (Ébauche)
Stars: ✭ 31 (+3.33%)
Mutual labels:  policy
request-context
Simple connect middleware for accessing data in a request context.
Stars: ✭ 55 (+83.33%)
Mutual labels:  middleware
falcon-apispec
apispec plugin that generates OpenAPI specification (aka Swagger Docs) for Falcon web applications.
Stars: ✭ 44 (+46.67%)
Mutual labels:  falcon
spectree
API spec validator and OpenAPI document generator for Python web frameworks.
Stars: ✭ 190 (+533.33%)
Mutual labels:  falcon
virgil-crypto-c
This library is designed to be small, flexible and convenient wrapper for a variety crypto algorithms. So it can be used in a small micro controller as well as in a high load server application.
Stars: ✭ 24 (-20%)
Mutual labels:  falcon
gamechanger
GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
Stars: ✭ 27 (-10%)
Mutual labels:  policy
oak-middleware-jwt
Oak middleware for JWT
Stars: ✭ 24 (-20%)
Mutual labels:  middleware
speedle-plus
Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.
Stars: ✭ 45 (+50%)
Mutual labels:  policy
conference-diversity-and-inclusion
Diversity and Inclusion Guidelines for Conferences
Stars: ✭ 14 (-53.33%)
Mutual labels:  policy
KubeArmor
Cloud-native Runtime Security Enforcement System
Stars: ✭ 434 (+1346.67%)
Mutual labels:  policy
HeimGuard
🛡 A simple library that allows you to easily manage permissions in your .NET projects.
Stars: ✭ 77 (+156.67%)
Mutual labels:  policy
Accessibility-Statement
A template & resources for creating good accessibility templates for your website & apps.
Stars: ✭ 35 (+16.67%)
Mutual labels:  policy
git-falcon9
No description or website provided.
Stars: ✭ 16 (-46.67%)
Mutual labels:  falcon
dictator
Dictates what your users see. Plug-based authorization.
Stars: ✭ 77 (+156.67%)
Mutual labels:  middleware
faucon
NVIDIA Falcon Microprocessor Suite
Stars: ✭ 28 (-6.67%)
Mutual labels:  falcon
COVID-19-US-State-Policy-Database
No description or website provided.
Stars: ✭ 60 (+100%)
Mutual labels:  policy
fjage
Framework for Java and Groovy Agents
Stars: ✭ 19 (-36.67%)
Mutual labels:  middleware
use
Easily add plugin support to your node.js application.
Stars: ✭ 25 (-16.67%)
Mutual labels:  middleware
falcon
Mirror of Apache Falcon
Stars: ✭ 95 (+216.67%)
Mutual labels:  falcon
View All Similar Projects ➔

Falcon Middleware: Policy Middleware Build Status codecov.io

The falcon-policy package provides a middleware component that enables simple policy controls such as role-based access on routes via configuration.

The configuration approach to policy rules enables dynamic authorization use-cases where the policy needs to be adjusted on-demand without a new service deployment.

Installation

$ pip install falcon-policy

Usage

The RoleBasedPolicy middleware class examines each incoming request and verifies the roles list from the request context; which should be populated by an authentication middleware. If the request context isn't populated with a roles list, then the middleware will fall back on the X-Roles header for the appropriate role given the request being made. Usage of the X-Roles header, is primarily used when handling authentication outside of the middleware stack or for development with authentication disabled.

Implementation Note:

If the request context type isn't a dictionary, the middleware will assume that req.context is an Object with a roles attribute.

Getting Started:

  • Create a policy configuration
  • Create an instance of RoleBasedPolicy using the configuration
  • Pass the instance to the falcon.API() initializer:
from falcon_policy import RoleBasedPolicy

policy_config = {
    'roles': [
        'admin',
        'creator',
        'observer',
    ],
    'groups': {
        'create': ['admin', 'creator'],
        'update': ['admin', 'creator'],
        'read': ['admin', 'creator', 'observer'],
        'delete': ['admin'],
    },
    'routes': {
        '/quote': {
            'GET': ['read'],
            'POST': ['create'],
            'PUT': ['update'],
            'DELETE': ['delete'],
        },
        '/quote/{id}': {
            'GET': ['read'],
            'POST': ['create'],
            'PUT': ['update'],
            'DELETE': ['delete'],
        },
        '/status': {
            'GET': ['@any-role'],
            'HEAD': ['@passthrough'],
        },
    },
}

app = falcon.API(
    middleware=[
        RoleBasedPolicy(policy_config)
    ]
)

If validation fails an instance of falcon.HTTPForbidden is raised.

Configuration

The policy configuration is separated into three sections:

  • Roles: Is a list of names that correspond with Role values provided by your authentication system.
  • Groups: Is an alias/grouping of multiple role names for convenience.
  • Routes: A structure containing role and/or group permissions for a given Falcon route and method.

Specialty Roles:

falcon-policy offers two specialty roles types that should be used with care:

  • @any-role: Allows any defined role
  • @passthrough: Allows all users (authenticated and unauthenticated)

About Falcon

Falcon is a bare-metal Python web framework for building lean and mean cloud APIs and app backends. It encourages the REST architectural style, and tries to do as little as possible while remaining highly effective.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].