Mastering RESTful APIs and Middleware with ThinkPHP5.1 & Casbin

What is RESTful?

RESTful is an architectural style for web applications that uses HTTP and can define resources with XML or JSON. It is suitable for mobile internet providers to expose business‑enablement interfaces, allowing third‑party OTT services to create, modify, or delete resources.

RESTful Model and Casbin matchers

The article introduces the keyMatch2 model used by Casbin. It shows the Casbin configuration sections ( [request_definition], [policy_definition], [policy_effect], [matchers]) and explains why keyMatch2 is preferred over keyMatch because it supports wildcard * and path parameters like /:resource, e.g., /api/projects/:id.

Testing with Postman

Four API endpoints are defined:

GET /api/projects – retrieve project list.

POST /api/projects – create a new project.

DELETE /api/projects/2020 – delete a specific project.

Route definitions in ThinkPHP using Route::group and Route::get / post / delete.

Sample SQL statements insert corresponding Casbin rules for GET, POST, and DELETE actions.

Middleware integration

The route group is extended with ->middleware(AuthMiddleware::class). The middleware extracts uid from request headers, logs the request, and calls Casbin::enforce to verify permissions. It returns JSON error responses for missing authentication (401) or insufficient permission (403) and forwards the request on success.

An example log entry shows a warning with uid, URL, and HTTP method.