dongsong8932 2017-01-30 13:18
浏览 95
已采纳

Go REST Api中的角色和权限

I'm developing an REST API in go, it's implementing jwt following this schema : Jwt schema

I've a middleware that verify tokens and my problem is that I want another one to add roles and permissions on some path in my API

Could you guys give some tips pls ? My project is on github as you can see all the code : repository

Thanks

  • 写回答

1条回答 默认 最新

  • douliedu335997 2017-01-31 05:40
    关注

    If I am not wrong, what you are asking is for access control list (ACL) https://en.wikipedia.org/wiki/Access_control_list

    You will need to separate controllers for each type of permission and have a module that checks the session variable set when the user logs in with the type of permission allowed for that particular controller.

    After the login check is completed, you can carry out an authorization check whether the user can access the resource and action, the controller can be tied to a single resource (but this behavior can be overridden) and the controller action can be mapped to a resource action.

    For Go, you can get a lot of ACL samples:

    [1] https://github.com/hectane/go-acl

    [2] https://github.com/mikespook/gorbac

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 MATLAB卫星二体模型仿真
  • ¥15 怎么让数码管亮的同时让led执行流水灯代码
  • ¥20 SAP HANA SQL Script 。如何判断字段值包含某个字符串
  • ¥85 cmd批处理参数如果含有双引号,该如何传入?
  • ¥15 fx2n系列plc的自控成型机模拟
  • ¥15 时间序列LSTM模型归回预测代码问题
  • ¥50 使用CUDA如何高效的做并行化处理,是否可以多个分段同时进行匹配计算处理?目前数据传输速度有些慢,如何提高速度,使用gdrcopy是否可行?请给出具体意见。
  • ¥15 基于STM32,电机驱动模块为L298N,四路运放电磁传感器,三轮智能小车电磁组电磁循迹(两个电机,一个万向轮),如何通过环岛的原理及完整代码
  • ¥20 机器学习或深度学习问题?困扰了我一个世纪,晚来天欲雪,能饮一杯无?
  • ¥15 c语言数据结构高铁订票系统