15 repository-uri
Components that verify user claims and scopes to enforce access control policies within request pipelines.
Distinguishing note: Focuses on middleware-based authorization for agentic systems rather than generic authentication.
Explore 15 awesome GitHub repositories matching security & cryptography · Authorization Middleware. Refine with filters or upvote what's useful.
Agno is an agent operating system designed to manage the lifecycle, tool execution, and persistent state of autonomous agents across distributed infrastructure. It provides a unified runtime environment that wraps diverse agent frameworks into a consistent, interoperable protocol, allowing developers to build and deploy complex multi-agent systems that coordinate tasks and delegate sub-processes. The platform distinguishes itself through a robust governance and orchestration layer that includes human-in-the-loop approval gates, role-based access control, and a centralized API gateway. It feat
AgentOS authorizes agent capabilities by accessing verified user claims and scopes from the request context, ensuring security decisions rely on trusted middleware data.
Livewire is a full-stack framework for PHP that enables the development of reactive, dynamic user interfaces using server-side classes and templates. By bridging the gap between server-side logic and client-side DOM updates, it allows developers to build interactive web applications without writing custom JavaScript. The framework operates as a component-based library, where modular units encapsulate interface logic, state, and event handling directly on the server. The framework distinguishes itself through a reactive architecture that automatically synchronizes state between the browser and
Re-applies route-level authorization middleware on every network request to ensure permissions remain valid throughout the component lifecycle.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Integrates with web frameworks and API gateways to intercept requests and validate security policies before processing.
Kratos is a centralized identity and access management server designed to handle user registration, authentication, and profile management. It functions as an identity flow orchestrator, managing the state and security of authentication processes across web, mobile, and command-line interfaces. The system provides a standards-compliant authorization server that issues tokens and manages delegated access for third-party applications and internal services, supporting multi-factor authentication and custom identity schemas to secure user accounts. The project distinguishes itself through a headl
Retrieves authorized resources by querying objects or subjects associated with specific users or relations.
This is a role-based access control system for Laravel applications that manages user permissions and roles within a database. It provides a database permissions manager to assign specific abilities to users and roles, utilizing authorization gates to restrict access to routes and interface elements. The project features a wildcard permission system that uses pattern matching to grant broad access across multiple related permissions. It also supports team-scoped access control, allowing users to maintain different roles and permission levels across separate organizational contexts or teams.
Integrates with Laravel's authorization gates and middleware to restrict access to routes and UI elements.
This project is a comprehensive educational resource and fullstack tutorial for GraphQL development. It provides instructional content and guides focused on designing schemas, implementing servers, and managing the end-to-end workflow of building production-ready applications. The material covers the conceptual differences between graph-based data structures and traditional API architectures. It includes a dedicated security course and guides for client integration, teaching users how to fetch data, manage application state, and apply protection measures to secure API endpoints. The scope of
Includes a dedicated security course on implementing authorization middleware to protect sensitive API data.
Yoga is a GraphQL server framework and runtime-agnostic HTTP handler used to build and deploy GraphQL APIs. It functions as a toolkit for managing schemas and resolvers, providing a spec-compliant environment for hosting APIs across diverse JavaScript runtimes, including Node.js, Deno, Bun, and serverless cloud environments. The project distinguishes itself through its ability to act as an Apollo Federation gateway, composing multiple subgraphs into a single unified supergraph. It also serves as a dedicated subscription server, delivering real-time data streaming via both WebSockets and Serve
Prevents the execution of arbitrary GraphQL documents by requiring clients to send hashes of predefined operations.
Type-graphql is a framework for building GraphQL servers that uses TypeScript classes as the single source of truth for schema definitions and types. It provides a schema generator and a resolver framework that allows developers to define queries and mutations using class-based controllers and decorators. The project focuses on a schema-first approach where TypeScript classes and metadata reflection are used to automatically derive GraphQL schemas. It incorporates a dependency injection container to manage the instantiation and lifecycle of resolver classes. The system includes a middleware
Implements a middleware layer to execute authorization and validation logic before resolver execution.
Rails Admin is a web-based management dashboard and Active Record model manager for Ruby on Rails applications. It provides a graphical user interface for creating, reading, updating, and deleting database records, serving as a secure back office for database content management and administrative data auditing. The project distinguishes itself through a reflection-based schema mapping system that automatically generates CRUD interfaces from database metadata. It includes specialized tools for data versioning and change auditing to track administrative activity, as well as utilities for import
Uses middleware components to verify user identity and roles to enforce access control policies within the request pipeline.
React Apollo is a React-specific GraphQL data fetching library that binds Apollo Client to components through declarative hooks for queries, mutations, and subscriptions. It provides a declarative approach to GraphQL query execution where components declare their data requirements and automatically receive loading, error, and data states without managing request lifecycle code. The library distinguishes itself through a normalized cache layer that deduplicates entities and serves repeated requests without network calls, combined with incremental result streaming via the @defer directive for
Supports persisted operations safelisting where approved queries are registered with the server for security.
Simplebank is a financial services backend application built with Go that manages bank accounts and transfers. It utilizes a dual-protocol interface, providing both gRPC and REST APIs via Protocol Buffers to support different client communication requirements. The system implements a PostgreSQL data layer with versioned schema migrations and type-safe query generation. It handles financial operations through atomic fund transfers and balance change tracking to maintain consistent audit trails. The architecture includes an asynchronous task worker system using a message queue to offload long-
Intercepts API calls using middleware to verify security tokens and enforce role-based access controls.
GraphQL Platform is a comprehensive GraphQL ecosystem for .NET that provides a spec-compliant server framework for building APIs and gateways, along with a typed C# client for consuming GraphQL services. At its core, it translates C# classes and methods into a GraphQL schema using code-first or fluent descriptor approaches, enabling developers to define their API structure directly from their existing .NET code. The platform distinguishes itself through several integrated capabilities that address common GraphQL production concerns. It includes a DataLoader batching and caching engine that gr
Implements a persisted operation registry that accepts only pre-registered GraphQL operations for strict API access control.
Action Policy is a Ruby authorization framework designed to manage user access and permissions by encapsulating security logic into dedicated policy classes. It provides a structured system for defining access rules that evaluate user actions against specific application resources, ensuring that security logic remains decoupled from the primary application code. The framework distinguishes itself through its ability to handle complex authorization requirements across diverse interfaces, including web controllers and various API formats. It supports dynamic permission evaluation by utilizing a
Validates user permissions during request handling via middleware to enforce access control.
NestJS Access Control este un framework de autorizare bazat pe roluri și atribute, conceput pentru ecosistemul NestJS. Oferă un sistem declarativ pentru securizarea rutelor și resurselor aplicației, permițând dezvoltatorilor să impună politici de acces granulare prin decoratori bazați pe metadate. Framework-ul se distinge prin suportul pentru moștenirea ierarhică a rolurilor, care permite rezolvarea seturilor complexe de permisiuni prin traversarea relațiilor dintre rolurile părinte și copil. De asemenea, facilitează gestionarea dinamică a autorizării, permițând încărcarea asincronă a regulilor de securitate din surse de date externe în timpul fazei de bootstrap a aplicației pentru a se asigura că politicile rămân actuale. Dincolo de protecția de bază a rutelor, biblioteca oferă filtrare la nivel de atribut pentru a restricționa operațiunile de citire sau scriere pe proprietăți specifice ale resurselor. Se integrează direct cu containerul de dependency injection și ciclul de viață al cererii, oferind instrumente pentru a extrage identitatea utilizatorului și informațiile despre rol din cererile primite, atât pentru impunerea automată, cât și pentru verificările manuale ale permisiunilor, conștiente de context.
Provides declarative middleware for validating user roles and resource ownership in TypeScript applications.
This package provides a comprehensive authorization framework for Laravel applications, enabling the management of user roles and granular permissions through a database-driven system. It allows developers to define access levels and assign them to users, ensuring that security policies are enforced consistently across the entire application. The system distinguishes itself through a hierarchical inheritance model, where permissions automatically propagate from lower-tier roles to higher-tier roles based on a numerical level system. It includes a dedicated administrative web interface that al
Ships middleware tools for restricting route access and rendering conditional UI components based on user authorization.