feat: always allow OPTIONS (#16)

Zxilly · web-flow · commit 65767963ce26 · 2021-12-01T14:38:05.000+08:00
* feat: always allow OPTIONS

Signed-off-by: Zxilly &lt;zhouxinyu1001@gmail.com&gt;

* build: update dependency

Signed-off-by: Zxilly &lt;zhouxinyu1001@gmail.com&gt;
diff --git a/dev-requirements.in b/dev-requirements.in
@@ -1,5 +1,5 @@
 fastapi
-casbin
+casbin >= 1.0.0
 pytest
 pip-tools
 pytest-cov
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -1,10 +1,11 @@
 atomicwrites==1.4.0
 attrs==20.3.0
 bleach==3.3.0
+bracex==2.2.1
 build==0.3.0
 bump2version==1.0.1
 bumpversion==0.6.0
-casbin==0.18.1
+casbin==1.12.0
 certifi==2020.12.5
 chardet==4.0.0
 click==7.1.2
@@ -32,7 +33,7 @@ readme-renderer==29.0
 requests-toolbelt==0.9.1
 requests==2.25.1
 rfc3986==1.4.0
-simpleeval==0.9.10
+simpleeval==0.9.11
 six==1.15.0
 starlette-auth-toolkit==0.5.0
 starlette==0.13.6
@@ -41,4 +42,9 @@ tqdm==4.58.0
 twine==3.3.0
 urllib3==1.26.3
 uvicorn==0.13.4
+wcmatch==8.3
 webencodings==0.5.1
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools
diff --git a/fastapi_authz/middleware.py b/fastapi_authz/middleware.py
@@ -30,7 +30,7 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
             await self.app(scope, receive, send)
             return
 
-        if self._enforce(scope, receive):
+        if self._enforce(scope, receive) or scope["method"] == "OPTIONS":
             await self.app(scope, receive, send)
             return
         else:
@@ -62,6 +62,4 @@ def _enforce(self, scope: Scope, receive: Receive) -> bool:
 
         user = request.user.display_name if request.user.is_authenticated else 'anonymous'
 
-        print(user, path, method)
-
         return self.enforcer.enforce(user, path, method)
diff --git a/setup.py b/setup.py
@@ -1,7 +1,6 @@
 from setuptools import setup, find_packages
 from os import path
 
-__version__ = "0.0.5"
 desc_file = "README.md"
 
 here = path.abspath(path.dirname(__file__))
@@ -23,14 +22,12 @@
 
 setup(
     name="fastapi-authz",
-    version=__version__,
     description="An authorization middleware for FastAPI that supports ACL, RBAC, ABAC, based on PyCasbin",
     long_description=long_description,
     long_description_content_type="text/markdown",
     author="Zxilly",
     author_email="zhouxinyu1001@gmail.com",
     url="https://github.com/pycasbin/fastapi-authz",
-    download_url="https://github.com/pycasbin/fastapi-authz/tarball/" + __version__,
     license="Apache 2.0",
     python_requires=">=3.6",
     classifiers=[
diff --git a/tests/test_middleware.py b/tests/test_middleware.py
@@ -6,6 +6,7 @@
     "test_server_path, test_client_path, method, status_code, user, response_body", [
         ('/dataset1/resource2', '/dataset1/resource2', 'GET', 200, 'alice', 'ok'),
         ('/dataset1/resource2', '/dataset1/resource2', 'GET', 403, 'notalice', 'Forbidden'),
+        ('/dataset1/resource2', '/dataset1/resource2', 'OPTIONS', 200, 'notalice', 'ok'),
         ('/dataset1/resource1', '/dataset1/resource1', 'POST', 200, 'alice', 'ok'),
     ]
 )

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`"test_server_path, test_client_path, method, status_code, user, response_body", [`
`7`	`7`	`('/dataset1/resource2', '/dataset1/resource2', 'GET', 200, 'alice', 'ok'),`
`8`	`8`	`('/dataset1/resource2', '/dataset1/resource2', 'GET', 403, 'notalice', 'Forbidden'),`
	`9`	`+ ('/dataset1/resource2', '/dataset1/resource2', 'OPTIONS', 200, 'notalice', 'ok'),`
`9`	`10`	`('/dataset1/resource1', '/dataset1/resource1', 'POST', 200, 'alice', 'ok'),`
`10`	`11`	`]`
`11`	`12`	`)`