- Name: Shivansh Yadav (@Shivansh-yadav13)
- Organisation: Casbin
- Project link: https://summerofcode.withgoogle.com/programs/2022/projects/EVqUyzdC
- Repository link:
- Project Name: Casbin For Node.js - Benchmarks, Feature Enhancement, multiple platform support, Policy Storage Adapter
- Project Summary: Casbin is an authorization library that extends its features to implement Access
Control Lists, Role-Based Access Control, and Attribute-Based Access Control models in various programming languages to its clients. Casbin's core engine is written using golang. Node-Casbin is a version of Casbin which is written using Node.js JavaScript, Node-Casbin can used for implementing authorization for backend programs. Since there are two different middlewares for front-end JavaScript and Back-end JavaScript, the plan was to create a single middleware that would work on both the Front-End & the Back-End and therefore we planned on working on Casbin-core for this summer.
Project Ideas are as follows:
- Adding Benchmarking to Casbin-core.
- Implementing more Features/Functions.
- Adding tests for multiple JavaScript platform.
Repo | Title | Status |
---|---|---|
casbin-website#299 | fix: Updated Management API & RBAC API for Node. | |
node-casbin#338 | feat(batchenforce): added batchEnforce | |
node-casbin#338 | feat(batchenforce): added batchEnforce | |
casbin-website#301 | feat: Added Node.js example for BatchEnforce | |
node-casbin#341 | feat: GetImplicitUsersForRole | |
casbin-website#305 | feat: Node.js example for GetImplicitUsersForRole | |
node-casbin#347 | fix: matcher result should be boolean or number for KeyGet2 | |
node-casbin#349 | fix: 'eval' not detected | |
node-casbin#349 | fix: Add Node.js example for Matching Function & RoleManagerAPI | |
node-casbin#353 | fix(BREAKING CHANGE): rebuild newEnforcer | |
pycasbin#249 | feat: update_filtered_policies | |
node-casbin#361 | feat: Support for wildcard match | |
node-casbin#361 | fix: EnforceEx return allow reason for deny policy | |
pycasbin#255 | fix: Configure Linting | |
node-casbin#364 | feat: updateGroupingPolicy(), updateNamedGroupingPolicy(), getImplicitResourcesForUser() | |
casbin-website-v2#2 | feat: website migrate v1 to v2 | |
mongoose-adapter#56 | fix: Schema p_type to ptype | |
mongoose-adapter#59 | fix!: Field name 'p_type' to 'ptype' |
Casbin is an authorization library that supports access control models like ACL, RBAC, ABAC. Originally written in Golang, it has been implemented in various languages and Node-Casbin is the Node.js implementation of Casbin. Since we plan to create a single middlware for all the JavaScript work, I have done some work both in Casbin-Core & Node-Casbin The current progress is:
- Benchmarks were added for the APIs & was added to CI.
Repo | Title | Status |
---|---|---|
casbin-core#4 | test: add benchmark for model | |
casbin-core#6 | test: add CachedEnforcer, managementAPI, RoleManager benchmark | |
casbin-core#7 | chore: add benchmark workflow |
- Tests for Front-End JavaScript frameworks were added along with their CI workflow.
Repo | Title | Status |
---|---|---|
casbin-core#2 | feat: enforcer reactjs test | |
casbin-core#5 | chore: add workflow for javascript platforms | |
casbin-core#8 | test: add enforcer react-native test | |
casbin-core#10 | test: add ng enforcer test | |
casbin-core#11 | test: add ng workflow |
When going over some APIs I found that addPolicies & removePolicies stops the operation for existing/missing policies and for huge policy storage it can get hard to figure the result of this failed operation, so we disucssed on GitHub Issue, we planned on adding seperate methods for this since changing this method might affect the way people using these in their softwares.
Repo | Title | Status |
---|---|---|
casbin-core#9 | allow missing policy in addPolicies & removePolicies | |
casbin-core#12 | feat: addPoliciesWithAffected & removePoliciesWithAffected |
One more Idea was to add multiple section types means we could be able to pass in an enforce context while calling the enforcer method which contains sections we want to use while enforcing (sections mentioned in the model). Since this was already implemented in the past but was not added to Node-Casbin but a PR was made to Casbin.js which is another library for Front-End JavaScript. We decided to cherry-pick those PR and make necessary changed to make it compatible with present Node-Casbin. Also added some missing features which were present in Casbin Golang.
Repo | Title | Status |
---|---|---|
node-casbin#375 | feat: multiple section types | |
casbin-core#14 | feat: getAllUsersByDomain, getFieldIndex | |
casbin-core#17 | feat: rbac with domain api | |
node-casbin#383 | feat: EnforceWithMatcher & EnforceExWithMatcher |
Another idea came from an existing Node-Casbin Issue, where the idea was to change the working of Node-Casbin to use loadFilteredPolicy
before performing Enforce
action, this was suggest by the author of the issue, so that any change in the policy storage database will not require any watcher and it will also boost the perfomance since loading of policies depended on the Enforce request.
But on discussing this with my mentor Zixuan Liu, he suggested that it is restricted by the casbin model storage, which will load all policies to memory. So we decided to work on Watcher-Ex which was present in Casbin Golang.
Repo | Title | Status |
---|---|---|
casbin-core#13 | feat: add WatcherEX interface | |
casbin-core#15 | fix: export watcherEx | |
casbin-core#16 | feat: call watcherEx methods | |
node-casbin#381 | feat: add WatcherEx | |
redis-watcher#26 | fix: pass in update msg | |
redis-watcher#30 | feat: WatcherEx | |
casbin#1092 | WatcherEx Callback Loop | |
node-casbin#384 | fix: remove watcher/watcherEx methods from internal methods |
The work for Cassandra Adapter for Node-Casbin is in progress and can be found at https://github.com/Shivansh-yadav13/cassandra-adapter
Repo | Title | Status |
---|---|---|
nest-authz#156 | fix: upgrade dependencies | |
typeorm-adapter#53 | fix: node version | |
prisma-adapter#46 | feat: update dependency to prisma v4 | |
redis-watcher#29 | fix: CI node version | |
casbin-website#10 | feat: add blogs | |
casbin-website#29 | fix: button vertical alignment | |
casbin-website#42 | fix: homepage text style | |
casbin-website#56 | fix: mobile logo alignment |
I have contributed to more than one project and all the description and details about the work can we found from the below links:
- Casbin-Core
- Node-Casbin
- For the Node-Casbin project some of the features that were added to the Casbin-Core project can be cherry-picked.
- For the Casbin-Core project the dependencies that were not supported by the Web were removed but still the project needs to become compatible with all the plugins that were created for the Node-Casbin project.
- More tests of the exisiting JavaScript frameworks can be added.
- WatcherEx can be added to more exisitng watcher plugins.
After the GSoC, I would like to explore and contribute to more Casbin's projects like Casbin Golang, K8s Authz, K8s Gatekeeper etc.
This summer I learned a lot and ejoyed working on the projects, all the credit goes to Google for organising this amazing program and, to the Casbin Organization. I would like to thank my mentors Yang Luo(@hsluoyz), Zixuan Liu(nodece) and Xinyu Zhou(Zxilly) for helping me throughout the entire summer, I have learned a lot in terms of tech and collaboration from them. I look forward to working with them in the future.