initial version

Author: everesio

.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: Build
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go: ['1.24', '1.25']
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go }}
+      - name: Start NATS server and test
+        run: make start-nats-server test
+      - name: Start NATS server and benchmark
+        run: make start-nats-server benchmark
+      - name: Stop NATS server
+        if: always()
+        run: make stop-nats-server

.gitignore

@@ -28,5 +28,8 @@ go.work.sum
 .env
 
 # Editor/IDE
-# .idea/
-# .vscode/
+.vscode/
+/.idea/
+*.iws
+*.iml
+*.ipr

Makefile

@@ -0,0 +1,53 @@
+SHELL := /bin/bash
+.SHELLFLAGS += -o pipefail -O extglob
+.DEFAULT_GOAL := help
+
+ROOT_DIR  := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+.PHONY: help
+help: ## Display this help
+	@printf "\nUsage:\n  make \033[36m<target>\033[0m\n"
+	@awk 'BEGIN {FS = ":.*##";} \
+		/^[a-zA-Z_0-9-]+:.*?##/ { \
+			printf "  \033[36m%-35s\033[0m %s\n", $$1, $$2 } \
+			/^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) \
+		} ' \
+	$(MAKEFILE_LIST)
+
+
+##@ Test targets
+
+.PHONY: test
+test: ## run tests
+	go test -v -race -count=1 ./...
+
+.PHONY: benchmark
+benchmark: ## run benchmarks
+	go test -bench=. -benchmem ./...
+
+##@ Run targets
+
+.PHONY: start-nats-server
+start-nats-server: ## start NATS server
+	docker compose -f tests/nats/docker-compose.yaml up -d --force-recreate --wait
+
+.PHONY: stop-nats-server
+stop-nats-server: ## stop NATS server
+	docker compose -f tests/nats/docker-compose.yaml down --volumes
+
+##@ Auxiliary targets
+
+.PHONY: list-rules
+list-rules: ## list all casbin rules in the NATS KV store
+	@for key in $$(nats kv ls casbin_rules | grep -v '^No ' | awk '{print $$1}'); do \
+	  echo "== $$key =="; \
+	  nats kv get casbin_rules $$key; \
+	done
+
+.PHONY: list-keys
+list-keys: ## list all keys in the NATS KV store
+	nats kv ls casbin_rules
+
+.PHONY: del-bucket
+del-bucket: ## delete the casbin_rules bucket
+	nats kv del casbin_rules

README.md

@@ -0,0 +1,63 @@
+Casbin JetStream
+====
+
+[![Build](https://github.com/grepplabs/casbin-jetstream/actions/workflows/ci.yml/badge.svg)](https://github.com/grepplabs/casbin-jetstream/actions/workflows/ci.yml)
+
+Casbin JetStream is the [NATS JetStream](https://docs.nats.io/nats-concepts/jetstream) adapter for [Casbin](https://github.com/casbin/casbin). With this library, Casbin can load policy from JetStream or save policy to it.
+
+## Installation
+
+    go get github.com/grepplabs/casbin-jetstream
+
+## Usage Examples
+
+### Basic Usage
+
+```go
+package main
+
+import (
+	"github.com/casbin/casbin/v2"
+	jsadapter "github.com/grepplabs/casbin-jetstream"
+)
+
+func main() {
+	// Initialize a casbin jetstream adapter and use it in a Casbin enforcer:
+	a, _ := jsadapter.NewAdapter(&jsadapter.Config{
+		URL: "nats://localhost:4222",
+	})
+	e, _ := casbin.NewEnforcer("examples/rbac_model.conf", a)
+
+	// Load the policy from KV Store.
+	e.LoadPolicy()
+
+	// Check the permission.
+	e.Enforce("alice", "data1", "read")
+
+	// Modify the policy.
+	// e.AddPolicy(...)
+	// e.RemovePolicy(...)
+
+	// Save the policy back to KV Store.
+	e.SavePolicy()
+}
+```
+
+### With mTLS
+
+```go
+
+	a, _ := jsadapter.NewAdapter(&jsadapter.Config{
+		URL:    "nats://localhost:4223",
+		Bucket: "casbin_rules",
+		TLSConfig: jsadapter.TLSConfig{
+			Enable:  true,
+			Refresh: 15 * time.Second,
+			File: jsadapter.TLSClientFiles{
+				Cert:    "/etc/nats/certs/nats-client.pem",
+				Key:     "/etc/nats/certs/nats-client-key.pem",
+				RootCAs: "/etc/nats/certs/ca.pem",
+			},
+		},
+	})
+```