ASP.NET Core + Angular JWT auth demo; integration tests; login, logout, refresh token, impersonation, authentication, authorization; run on Docker Compose.

Stars: ✭ 278 (+414.81%)

Mutual labels: authorization

mongo orm

Mongo ORM: A simple ORM for using MongoDB with the crystal programming language, designed for use with Amber. Based loosely on Granite ORM. Supports Rails-esque models, associations and embedded documents.

Stars: ✭ 32 (-40.74%)

Mutual labels: crystal-language

azure-functions-auth

Authentication and Authorization for Azure Functions (with OAuth 2.0 and JWT)

Stars: ✭ 20 (-62.96%)

Mutual labels: authorization

angular-authentication

An Angular application that demonstrates best practices for user authentication & authorization flows.

Stars: ✭ 122 (+125.93%)

Mutual labels: authorization

django-keeper

Authorization library for Django, with ACL, not depends on models.

Stars: ✭ 47 (-12.96%)

Mutual labels: authorization

rust-authz

Permission-based authorization library

Stars: ✭ 14 (-74.07%)

Mutual labels: authorization

deadbolt

Dead simple permissions for Laravel

Stars: ✭ 13 (-75.93%)

Mutual labels: authorization

form builder.cr

Dead simple HTML form builder for Crystal with built-in support for many popular UI libraries such as Bootstrap

Stars: ✭ 29 (-46.3%)

Mutual labels: crystal-lang

spring-boot-security-postgresql

Spring Boot, Spring Security, PostgreSQL: JWT Authentication & Authorization example

Stars: ✭ 65 (+20.37%)

Mutual labels: authorization

HerokuContainer

Dockerized ASP.NET Core Web API app in Heroku

Stars: ✭ 26 (-51.85%)

Mutual labels: authorization

security-wrapper

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

Stars: ✭ 21 (-61.11%)

Mutual labels: authorization

Events-based-organizational-website

The official codebase for college-based (event managing) organizations. FOUR-LEVEL Authorization system and scalable.

Stars: ✭ 14 (-74.07%)

Mutual labels: authorization

await async

Provide await and async methods to Crystal Lang

Stars: ✭ 71 (+31.48%)

Mutual labels: crystal-language

View All Similar Projects ➔

Praetorian

Praetorian is a minimalist Crystal authorization system inspired by Pundit. It aims to be both lightweight and dependency-less.

Installation

dependencies:
  praetorian:
    github: ilanusse/praetorian

How to use

Praetorian, inspired by Pundit, works with policy classes. This shard is not designed to be extra compatible with any framework but rather with flexibility in mind. This is a simple example that allows updating a post if the user is an admin, or if the post is unpublished:

class Post
  def policy_class
    PostPolicy
  end
end


class PostPolicy
  include Praetorian::Policy

  property user, post

  def initialize(user, post)
    @user = user
    @post = post
  end

  def update?
    user.admin? || !post.published?
  end
end


# Somewhere in your code
def update
  @post = Post.find(params[:id])
  Praetorian.authorize(current_user, @post, :update?) # You can also use .authorise if you're a Brit
  # Rest of code flow
end

There are two things to notice here:

The Post is a class that should obey a certain Policy. We can either write a policy_class method to return the policy class name, or Praetorian will assume the policy classname to be #{variable_name}Policy.
The Policy class includes Praetorian::Policy. This adds default query methods to our policy as defaults that should be overwritten as necessary.

The default query methods defined in Praetorian::Policy are: index?, show?, create?, new?, update?, edit?, destroy?.

A Praetorian::NotAuthorizedException will be raised if the user is not authorized to perform said query on the record.

Ok. So far, pretty simple.

You can set up a simple base class to inherit from:

class ApplicationPolicy
  include Praetorian::Policy

  property user, object

  def initialize(user, object)
    @user = user
    @object = object
  end
end

Including the shard as a module

You can include the shard as a module in your controller base class to avoid the prefix:

class ApplicationController
  include Praetorian
end

class PostController < ApplicationController
  @post = Post.find(params[:id])
  authorize(current_user, @post, :update?) # yay no prefix
end

Using a specific policy class

You can pass an argument to override the policy class if necessary. For example:

def create
  @publication = find_publication # assume this method returns any model that behaves like a publication
  # @publication.class => Post
  Praetorian.authorize(current_user, @publication, :create?, PublicationPolicy)
  # Rest of code flow
end

License

Licensed under the MIT license, see the separate LICENSE.txt file.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

ilanusse / praetorian

Programming Languages

Labels

Projects that are alternatives of or similar to praetorian

Praetorian

Installation

How to use

Including the shard as a module

Using a specific policy class

License