We built a Caddy module to control access to REST resources based on the user's role and a set of permissions.

marmelab

Marmelab built simple_rest_rbac, an open-source Caddy module that enforces role-based access control on REST APIs. The middleware checks user permissions from a JSON configuration file, integrates with JWT authentication via placeholders, and returns 403 Forbidden for unauthorized requests. It uses the same permission format as React-admin's RBAC module, supporting wildcards and deny rules. The solution eliminates the need to reimplement authorization logic on both client and server sides.

Add Role-Based Access Control On Top Of Your REST API