authentication use cashbin, https://github.com/casbin/casbin

[hoogw]

can you make module to support cashbin, https://github.com/casbin/casbin

It is a good authentication library for golang

user management is a MUST have feature, open-id is NOT enough, must improve

[hsluoyz]

Glad to see gohttpserver starts to support Casbin! Here are some materials for implementing a middleware/plugin/module based on Casbin: https://github.com/casbin/casbin#web-frameworks

[codeskyblue]

Actually, support casbin is still in conversion. Because gohttpserver has its owner ACL. https://github.com/codeskyblue/gohttpserver#advanced-usage

[hsluoyz]

@codeskyblue the current ACL is simple but crude.The user has to define .ghs.yml under each path to define a policy rule. It doesn't work well if we grant permissions to folders with a naming pattern. And there's no roles at all.

For example, if I want to allow all users with LOG_ADMINS role to be able to read all folders with leading log_ pattern, like: log_20190101, log_20190102, then there's no simple way to do this. I have to create .ghs.yml for each folder.

But if using Casbin, it will be very simple. Just define a role called LOG_ADMINS, then add users to it. Then write a rule like:

p, LOG_ADMINS, log_.*, (delete)|(upload)

,then it does everything for you.

Casbin has already be the de-facto ACL library for Golang's projects. Supporting it will free your hands from the trivial authz work and let you focus on the core value of gohttpserver.

[codeskyblue]

I know you have many features want to added into this repo, but it make this repo hard to maintained. So even .ghs.yml is too simple, I still keep it this way until I have plenty time to do Code refactoring.