wolf-rbac

Attributes

This Plugin will add the following endpoints when enabled:

  • /apisix/plugin/wolf-rbac/login
  • /apisix/plugin/wolf-rbac/change_pwd
  • /apisix/plugin/wolf-rbac/user_info
note

You may need to use the public-api Plugin to expose this endpoint.

Pre-requisites

To use this Plugin, you have to first install wolf and start it.

Once you have done that you need to add application, admin, normal user, permission, resource and user authorize to the .

You need to first configure the Plugin on a Consumer:

wolf-rbac - 图2note

You can now add the Plugin to a Route or a Service:

  1. curl http://127.0.0.1:9080/apisix/admin/routes/1  -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
  2. {
  3.     "methods": ["GET"],
  4.     "uri": "/*",
  5.     "plugins": {
  6.         "wolf-rbac": {}
  7.     },
  8.     "upstream": {
  9.         "type": "roundrobin",
  10.         "nodes": {
  11.             "www.baidu.com:80": 1
  12.         }
  13.     }
  14. }'

You can also use the APISIX Dashboard to complete the operation through a web UI.

Example usage

You can use the public-api Plugin to expose the API:

  1. curl http://127.0.0.1:9080/apisix/admin/routes/wal -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
  2. {
  3.     "uri": "/apisix/plugin/wolf-rbac/login",
  4.     "plugins": {
  5.         "public-api": {}
  6.     }
  7. }'

Similarly, you can setup the Routes for change_pwd and user_info.

You can now login and get a wolf rbac_token:

  2. -d '{"appid": "restful", "username":"test", "password":"user-password", "authType":1}'
  1. HTTP/1.1 200 OK
  2. Date: Wed, 24 Jul 2019 10:33:31 GMT
  3. Content-Type: text/plain
  4. Transfer-Encoding: chunked
  5. Connection: keep-alive
  6. Server: APISIX web server
  7. {"rbac_token":"V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts","user_info":{"nickname":"test","username":"test","id":"749"}}
note

authType is the authentication type—1 for password authentication (default) and 2 for LDAP authentication (v0.5.0+).

You can also make a post request with x-www-form-urlencoded instead of JSON:

  1. curl http://127.0.0.1:9080/apisix/plugin/wolf-rbac/login -i \
  2. -H "Content-Type: application/x-www-form-urlencoded" \
  3. -d 'appid=restful&username=test&password=user-password'

Now you can test the Route:

  • without token:
  1. curl http://127.0.0.1:9080/ -H"Host: www.baidu.com" -i
  • with token in Authorization header:
  1. curl http://127.0.0.1:9080/ -H"Host: www.baidu.com" \
  2. -H 'Authorization: V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts' -i
  1. HTTP/1.1 200 OK
  3. <!DOCTYPE html>
  • with token in x-rbac-token header:
  1. curl http://127.0.0.1:9080/ -H"Host: www.baidu.com" \
  2. -H 'x-rbac-token: V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts' -i
  1. HTTP/1.1 200 OK
  3. <!DOCTYPE html>
  • with token in request parameters:
  1. curl 'http://127.0.0.1:9080?rbac_token=V1%23restful%23eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts' -H"Host: www.baidu.com" -i
  1. HTTP/1.1 200 OK
  3. <!DOCTYPE html>
  • with token in cookie:
  1. HTTP/1.1 200 OK
  3. <!DOCTYPE html>

And to get a user information:

  1. HTTP/1.1 200 OK
  2. {
  3.     "user_info":{
  4.         "nickname":"test",
  5.         "lastLogin":1582816780,
  6.         "id":749,
  7.         "username":"test",
  8.         "appIDs":["restful"],
  9.         "manager":"none",
  10.         "permissions":{"USER_LIST":true},
  11.         "profile":null,
  12.         "roles":{},
  13.         "createTime":1578820506,
  14.         "email":""
  15.     }
  16. }

And to change a user’s password:

  1. curl http://127.0.0.1:9080/apisix/plugin/wolf-rbac/change_pwd \
  2. -H "Content-Type: application/json" \
  3. --cookie x-rbac-token=V1#restful#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NzQ5LCJ1c2VybmFtZSI6InRlc3QiLCJtYW5hZ2VyIjoiIiwiYXBwaWQiOiJyZXN0ZnVsIiwiaWF0IjoxNTc5NDQ5ODQxLCJleHAiOjE1ODAwNTQ2NDF9.n2-830zbhrEh6OAxn4K_yYtg5pqfmjpZAjoQXgtcuts -i \
  4. -X PUT -d '{"oldPassword": "old password", "newPassword": "new password"}'
  1. HTTP/1.1 200 OK
  2. {"message":"success to change password"}
  1. curl http://127.0.0.1:9080/apisix/admin/routes/1  -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
  2. {
  3.     "methods": ["GET"],
  4.     "uri": "/*",
  5.     "plugins": {
  6.     },
  7.     "upstream": {
  8.         "type": "roundrobin",
  9.         "nodes": {
  10.             "www.baidu.com:80": 1
  11.         }
  12.     }
  13. }'