Skip to content

Instantly share code, notes, and snippets.

Last active November 24, 2021 07:03
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Zxilly/fb5a0044777b1986b7577c659f5a6917 to your computer and use it in GitHub Desktop.
Save Zxilly/fb5a0044777b1986b7577c659f5a6917 to your computer and use it in GitHub Desktop.

This reports serves as the final evaluation report for GSoC 2021.

My proposal for GSoC 2021 is Refactor Casbin.js and other optimizations on pycasbin and node-casbin.

For all detailed contribution, please refer to Contribution Analysis

Refactor Casbin.js


In the GSoC 2020, kingiw created an initial version of casbin.js. This version has a CASL-like API. He also adds support to go-casbin and node-casbin.

However, casbin.js relies on an insufficient way to share permissions between the frontend and backend. The backend needs to send the whole policy definition model to the frontend, which will use node-casbin to check the permission. This method requires a heavy data transfer in between, and has potential security problems.

Casbin.js was originally designed to rely on the backend to provide permissions, but we found that what users needed more was a standalone cross-platform permission control library. So we modified the design and developed the v1 version of casbin.js based on node-casbin.

Now, casbin.js is a platform-independent permission control library. It can works on almost all JavaScript Runtime, like Web Browser, Node.js and Deno. We also removed some oversized dependency libraries that will help front-end developers reduce their packaging size. Thanks to node-casbin, casbin.js still supports multiple authorization models like ACL, RBAC and ABAC.

In the future, we plan to refactor node-casbin based on casbin.js. Another version, called browser-casbin, is also planned, which will provide a series of APIs for easy use in the browser.


I stripped all the dependencies on the Node.js API from node-casbin and created the corresponding cross-platform implementation for it.

Also based on the community discussion, I added support for the RBAC model to the sync version of casbin.js, and now the function enableSync() works properly with the RBAC model.

Front-end programs often require more trade-offs in terms of size. To reduce the size of casbin.js, I implemented some of the library dependencies myself.

I have integrated casbin.js with casbin-editor to provide a WYSIWYG experience for novice users.

For detailed contribution, please view

Optimizations on pycasbin and node-casbin


I haven't done much work for pycasbin and it seems to be working well lately.

I've added support for multi-role managers and a series of tool functions. I also added domain matching functions, for which I refactored the legacy role manager.

For detailed contribution, please view


During GSoC, I was responsible for the daily maintenance of node-casbin.

I upgrade the core expression library of node-casbin and introduce the new in operator.

To support the legacy syntax in casbin-golang, I implemented a preprocessor.

For detailed contribution, please view

After GSoC

For now, casbin.js is still released under the package name casbin.js@next. I'll track the optimizations and progress until it's released on the stable branch.

In the original discussion, the next version of node-casbin should be built on casbin.js, and I can provide support for this project.

Before I start preparing for my master's entrance exam, I can participate in the daily maintenance of the library.

In my proposal, I mentioned blitz-authz, which actually has the main code completed, but is having some trouble installing it. The author of blitz.js promised to fix these issues in the v1.0 release, and I have to wait for the upstream work to finish. At that point, I will follow upstream to complete the changes and release it.


I want to express my deep gratitude to my mentor and the founder of Casbin @hsluoyz, as well as Casbin member @nodece, @kingiw and @techoner. They all give me lots of assistance, guidance and inspiration during the past few months.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment