segrax / open-policy-agent
Open Policy Agent client and PSR-7, PSR-15 Authorization Middleware
Installs: 1 212
Dependents: 0
Suggesters: 0
Security: 0
Stars: 18
Watchers: 2
Forks: 2
Open Issues: 0
Requires
- php: ^8.3
- psr/http-client: ^1.0
- psr/http-factory: ^1.0
- psr/http-message: ^1.0 | ^2.0
- psr/http-server-handler: ^1.0
- psr/http-server-middleware: ^1.0
- psr/log: ^1.0|^2.0|^3.0
- splitbrain/php-archive: ^1.2
Requires (Dev)
- equip/dispatch: ^2.0
- friendsofphp/php-cs-fixer: ^3.8
- guzzlehttp/guzzle: ^7.4
- phpunit/phpunit: ^10
- rector/rector: ^1
- slim/psr7: ^1.5
- vimeo/psalm: ^5
Suggests
- guzzlehttp/guzzle: Can be used as the HTTP Client
- monolog/monolog: Can be used to support logging
- tuupola/slim-jwt-auth: Can be used to validate JWTs and insert them into the request
README
This library provides a client for the Open Policy Agent (OPA), a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware.
For working examples, please see segrax/opa-php-examples and a walkthrough is available to guide you through the examples.
Install
Install the latest using composer.
composer require segrax/open-policy-agent
Usage Examples
Client Usage
use Segrax\OpenPolicyAgent\Client; use GuzzleHttp\Client as GuzzleHttpClient; $apiPolicy = "package my.api default allow=false allow { input.path = [\"abc\"] input.user == \"a random user\" }"; $client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken'); // Push a policy to the agent $client->policyUpdate('my/api', $apiPolicy, false); // Execute the policy $inputs = [ 'path' => ['abc'], 'user' => 'a random user']; $res = $client->policy('my/api', $inputs, false, false, false, false ); if ($res->getByName('allow') === true ) { // Do stuff }
Authorization Middleware
Create the client, and add the Authorization object onto the middleware stack
use Segrax\OpenPolicyAgent\Client; use Segrax\OpenPolicyAgent\Middleware\Authorization; $app = AppFactory::create(); $client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken'); $app->add(new Authorization( [Authorization::OPT_POLICY => 'auth/api'], $client, $app->getResponseFactory()));
Distributor Middleware
Insert the middleware, it will respond to bundle requests at /opa/bundles/{service_name} for users with a valid JWT with the subfield 'opa'
use Segrax\OpenPolicyAgent\Client; use Segrax\OpenPolicyAgent\Middleware\Distributor; $app = AppFactory::create(); $app->add(new Distributor( '/opa/bundles/', // Route __DIR__ . '/opa', // Policy Path [Distributor::OPT_AGENT_USER => 'opa'], // Token Sub Field $app->getResponseFactory(), new StreamFactory(), $app->getLogger())); // Add a GET route for the opa bundle route $app->get('/opa/bundles/{name}', function (Request $request, Response $response, array $args) { return $response->withStatus(404); });
Code Testing
make tests
Security
If you discover any security related issues, please email robcrossfield@gmail.com.
License
The MIT License (MIT). Please see License File for more information.