Skip to content

Instantly share code, notes, and snippets.

@Shivansh-yadav13
Last active September 7, 2022 03:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Shivansh-yadav13/0a303de392b49f077c1e88e725a11449 to your computer and use it in GitHub Desktop.
Save Shivansh-yadav13/0a303de392b49f077c1e88e725a11449 to your computer and use it in GitHub Desktop.
Google Summer of Code 2022 Final Work Product

Google Summer of Code 2022 Final Work Product


Group 15

Introduction

  • Name: Shivansh Yadav (@Shivansh-yadav13)
  • Organisation: Casbin
  • Project link: https://summerofcode.withgoogle.com/programs/2022/projects/EVqUyzdC
  • Repository link:
  • Project Name: Casbin For Node.js - Benchmarks, Feature Enhancement, multiple platform support, Policy Storage Adapter
  • Project Summary: Casbin is an authorization library that extends its features to implement Access Control Lists, Role-Based Access Control, and Attribute-Based Access Control models in various programming languages to its clients. Casbin's core engine is written using golang. Node-Casbin is a version of Casbin which is written using Node.js JavaScript, Node-Casbin can used for implementing authorization for backend programs. Since there are two different middlewares for front-end JavaScript and Back-end JavaScript, the plan was to create a single middleware that would work on both the Front-End & the Back-End and therefore we planned on working on Casbin-core for this summer. Project Ideas are as follows:
    • Adding Benchmarking to Casbin-core.
    • Implementing more Features/Functions.
    • Adding tests for multiple JavaScript platform.

Contributions

Prior to GSoC

Repo Title Status
casbin-website#299 fix: Updated Management API & RBAC API for Node. badge
node-casbin#338 feat(batchenforce): added batchEnforce badge
node-casbin#338 feat(batchenforce): added batchEnforce badge
casbin-website#301 feat: Added Node.js example for BatchEnforce badge
node-casbin#341 feat: GetImplicitUsersForRole badge
casbin-website#305 feat: Node.js example for GetImplicitUsersForRole badge
node-casbin#347 fix: matcher result should be boolean or number for KeyGet2 badge
node-casbin#349 fix: 'eval' not detected badge
node-casbin#349 fix: Add Node.js example for Matching Function & RoleManagerAPI badge
node-casbin#353 fix(BREAKING CHANGE): rebuild newEnforcer badge
pycasbin#249 feat: update_filtered_policies badge
node-casbin#361 feat: Support for wildcard match badge
node-casbin#361 fix: EnforceEx return allow reason for deny policy badge
pycasbin#255 fix: Configure Linting badge
node-casbin#364 feat: updateGroupingPolicy(), updateNamedGroupingPolicy(), getImplicitResourcesForUser() badge
casbin-website-v2#2 feat: website migrate v1 to v2 badge
mongoose-adapter#56 fix: Schema p_type to ptype badge
mongoose-adapter#59 fix!: Field name 'p_type' to 'ptype' badge

Contributions during GSoC

Casbin is an authorization library that supports access control models like ACL, RBAC, ABAC. Originally written in Golang, it has been implemented in various languages and Node-Casbin is the Node.js implementation of Casbin. Since we plan to create a single middlware for all the JavaScript work, I have done some work both in Casbin-Core & Node-Casbin The current progress is:

  • Benchmarks were added for the APIs & was added to CI.
Repo Title Status
casbin-core#4 test: add benchmark for model badge
casbin-core#6 test: add CachedEnforcer, managementAPI, RoleManager benchmark badge
casbin-core#7 chore: add benchmark workflow badge
  • Tests for Front-End JavaScript frameworks were added along with their CI workflow.
Repo Title Status
casbin-core#2 feat: enforcer reactjs test badge
casbin-core#5 chore: add workflow for javascript platforms badge
casbin-core#8 test: add enforcer react-native test badge
casbin-core#10 test: add ng enforcer test badge
casbin-core#11 test: add ng workflow badge

When going over some APIs I found that addPolicies & removePolicies stops the operation for existing/missing policies and for huge policy storage it can get hard to figure the result of this failed operation, so we disucssed on GitHub Issue, we planned on adding seperate methods for this since changing this method might affect the way people using these in their softwares.

Repo Title Status
casbin-core#9 allow missing policy in addPolicies & removePolicies badge
casbin-core#12 feat: addPoliciesWithAffected & removePoliciesWithAffected badge

One more Idea was to add multiple section types means we could be able to pass in an enforce context while calling the enforcer method which contains sections we want to use while enforcing (sections mentioned in the model). Since this was already implemented in the past but was not added to Node-Casbin but a PR was made to Casbin.js which is another library for Front-End JavaScript. We decided to cherry-pick those PR and make necessary changed to make it compatible with present Node-Casbin. Also added some missing features which were present in Casbin Golang.

Repo Title Status
node-casbin#375 feat: multiple section types badge
casbin-core#14 feat: getAllUsersByDomain, getFieldIndex badge
casbin-core#17 feat: rbac with domain api badge
node-casbin#383 feat: EnforceWithMatcher & EnforceExWithMatcher badge

Another idea came from an existing Node-Casbin Issue, where the idea was to change the working of Node-Casbin to use loadFilteredPolicy before performing Enforce action, this was suggest by the author of the issue, so that any change in the policy storage database will not require any watcher and it will also boost the perfomance since loading of policies depended on the Enforce request. But on discussing this with my mentor Zixuan Liu, he suggested that it is restricted by the casbin model storage, which will load all policies to memory. So we decided to work on Watcher-Ex which was present in Casbin Golang.

Repo Title Status
casbin-core#13 feat: add WatcherEX interface badge
casbin-core#15 fix: export watcherEx badge
casbin-core#16 feat: call watcherEx methods badge
node-casbin#381 feat: add WatcherEx badge
redis-watcher#26 fix: pass in update msg badge
redis-watcher#30 feat: WatcherEx badge
casbin#1092 WatcherEx Callback Loop badge
node-casbin#384 fix: remove watcher/watcherEx methods from internal methods badge

The work for Cassandra Adapter for Node-Casbin is in progress and can be found at https://github.com/Shivansh-yadav13/cassandra-adapter

Other Contributions

Repo Title Status
nest-authz#156 fix: upgrade dependencies badge
typeorm-adapter#53 fix: node version badge
prisma-adapter#46 feat: update dependency to prisma v4 badge
redis-watcher#29 fix: CI node version badge
casbin-website#10 feat: add blogs badge
casbin-website#29 fix: button vertical alignment badge
casbin-website#42 fix: homepage text style badge
casbin-website#56 fix: mobile logo alignment badge

I have contributed to more than one project and all the description and details about the work can we found from the below links:

What's next?

  • For the Node-Casbin project some of the features that were added to the Casbin-Core project can be cherry-picked.
  • For the Casbin-Core project the dependencies that were not supported by the Web were removed but still the project needs to become compatible with all the plugins that were created for the Node-Casbin project.
  • More tests of the exisiting JavaScript frameworks can be added.
  • WatcherEx can be added to more exisitng watcher plugins.

After the GSoC, I would like to explore and contribute to more Casbin's projects like Casbin Golang, K8s Authz, K8s Gatekeeper etc.

Ackowledgement

This summer I learned a lot and ejoyed working on the projects, all the credit goes to Google for organising this amazing program and, to the Casbin Organization. I would like to thank my mentors Yang Luo(@hsluoyz), Zixuan Liu(nodece) and Xinyu Zhou(Zxilly) for helping me throughout the entire summer, I have learned a lot in terms of tech and collaboration from them. I look forward to working with them in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment