feat: always allow OPTIONS (#16)

* feat: always allow OPTIONS Signed-off-by: Zxilly <[email protected]> * build: update dependency Signed-off-by: Zxilly <[email protected]>
pycasbin · Dec 1, 2021 · 6576796 · 6576796
1 parent 31b0edb
commit 6576796
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 9 deletions.
diff --git a/dev-requirements.in b/dev-requirements.in
@@ -1,5 +1,5 @@
 fastapi
-casbin
+casbin >= 1.0.0
 pytest
 pip-tools
 pytest-cov

diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -1,10 +1,11 @@
 atomicwrites==1.4.0
 attrs==20.3.0
 bleach==3.3.0
+bracex==2.2.1
 build==0.3.0
 bump2version==1.0.1
 bumpversion==0.6.0
-casbin==0.18.1
+casbin==1.12.0
 certifi==2020.12.5
 chardet==4.0.0
 click==7.1.2
@@ -32,7 +33,7 @@ readme-renderer==29.0
 requests-toolbelt==0.9.1
 requests==2.25.1
 rfc3986==1.4.0
-simpleeval==0.9.10
+simpleeval==0.9.11
 six==1.15.0
 starlette-auth-toolkit==0.5.0
 starlette==0.13.6
@@ -41,4 +42,9 @@ tqdm==4.58.0
 twine==3.3.0
 urllib3==1.26.3
 uvicorn==0.13.4
+wcmatch==8.3
 webencodings==0.5.1
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools
diff --git a/fastapi_authz/middleware.py b/fastapi_authz/middleware.py
@@ -30,7 +30,7 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
             await self.app(scope, receive, send)
             return
 
-        if self._enforce(scope, receive):
+        if self._enforce(scope, receive) or scope["method"] == "OPTIONS":
             await self.app(scope, receive, send)
             return
         else:
@@ -62,6 +62,4 @@ def _enforce(self, scope: Scope, receive: Receive) -> bool:
 
         user = request.user.display_name if request.user.is_authenticated else 'anonymous'
 
-        print(user, path, method)
-
         return self.enforcer.enforce(user, path, method)
diff --git a/setup.py b/setup.py
@@ -1,7 +1,6 @@
 from setuptools import setup, find_packages
 from os import path
 
-__version__ = "0.0.5"
 desc_file = "README.md"
 
 here = path.abspath(path.dirname(__file__))
@@ -23,14 +22,12 @@
 
 setup(
     name="fastapi-authz",
-    version=__version__,
     description="An authorization middleware for FastAPI that supports ACL, RBAC, ABAC, based on PyCasbin",
     long_description=long_description,
     long_description_content_type="text/markdown",
     author="Zxilly",
     author_email="[email protected]",
     url="https://github.com/pycasbin/fastapi-authz",
-    download_url="https://github.com/pycasbin/fastapi-authz/tarball/" + __version__,
     license="Apache 2.0",
     python_requires=">=3.6",
     classifiers=[

diff --git a/tests/test_middleware.py b/tests/test_middleware.py
@@ -6,6 +6,7 @@
     "test_server_path, test_client_path, method, status_code, user, response_body", [
         ('/dataset1/resource2', '/dataset1/resource2', 'GET', 200, 'alice', 'ok'),
         ('/dataset1/resource2', '/dataset1/resource2', 'GET', 403, 'notalice', 'Forbidden'),
+        ('/dataset1/resource2', '/dataset1/resource2', 'OPTIONS', 200, 'notalice', 'ok'),
         ('/dataset1/resource1', '/dataset1/resource1', 'POST', 200, 'alice', 'ok'),
     ]
 )