This guide covers the setup and testing for the Quotes App, focusing on three key areas: the frontend, the server (API and database), and the authorization server. It is tailored to manage quotes and ensure secure and authorized access, suitable for integration with a React frontend.
The purpose of authorization in applications can be summarized by the following key points:
-
Decision-Making Process: Authorization determines whether a user's request to perform an action is permissible under the set policies.
-
Policy Evaluation: It involves evaluating each incoming request against a set of predefined policies, typically written in a specific authorization language like Cedar.
-
Preceded by Authentication: Authentication, which verifies the user's identity, is a necessary precursor to authorization. It involves methods like usernames, passwords, or multi-factor authentication (MFA).
-
Scalable: Authorization in applications involves analyzing requests ("Can this user perform this action?"), with engines like Cedar evaluating these against policies to allow or deny actions. This process controls access and ensures adherence to policies, defining who can do what and under what conditions, while enabling consistent policy enforcement across systems.
- React App: A web application built with React.js for managing and visualizing quotes, users, and policies.
- API Server: Deno - A modern JavaScript/TypeScript runtime with Oak.
- Database: PostgreSQL - A robust object-relational database system.
- Containerization: Docker - Docker runs the database.
- OPAL Server - Manages communication, updates, and policy distribution.
- OPAL Client - Installed alongside the Deno server, receives policy updates.
- Policy Engine Cedar - A general-purpose policy engine for policy enforcement.
- Containerization: Docker - Docker runs the server, client and policy engine.
Images from docs.opal.ac by Permit.io
- Install Deno.
- Install Docker.
- Basic knowledge of CLI, clients, servers, and Docker.
- It has been tested on macOS, not on Linux or Windows. The shell scripts could be a problem.
- Duplicate and customize
example.envin bothserverandauthorizationdirectories.
- Clone this template.
- Start the Database: In the
serverdirectory, rundocker-compose -p example-quote-app-database up. - HTTPS Setup: Use
mkcertto generate certificates for secure connections in the root folder. I created them withlocalhostname runningmkcert localhost. Place them in bothserverandfrontendroot directories, you can copy-paste. - Start the Server: In the
serverdirectory, rundeno task start. - Start the Authorization Server: In the
authorizationdirectory, rundocker-compose -p example-quote-app-policy up. - TODO: instructions for frontend
- Connect data (quotes and users) via server to authorization server
- Finish frontend
- For comprehensive explanations and tutorials on OPAL, OPA, and Cedar, visit docs.opal.ac (made by Permit.io)_.
- Understand the architecture and user/admin flows at docs.opal.ac/overview/architecture.
- Learn more about Cedar at cedarpolicy.com.
- Access a list of API endpoints for your local Cedar Client at github.com/permitio/cedar-agent#api-endpoints.
- Explore the Cedar Agent repository on GitHub at github.com/permitio/cedar-agent.
- Experiment with Cedar in the playground at cedarpolicy.com/en/playground.
- Find a tutorial for OPAL and Cedar integration at github.com/permitio/opal-cedar.