Google Summer of Code Final Report for Casbin-CPP project @casbin

GSoC Final Report.md

GSoC Final Report - Casbin-CPP (@casbin)

Project Details

• Student - Divy Patel
• Mentors - Yang Luo, Joey Xie
• Organization - Casbin, Casbin.org

Introduction

Casbin deals with developing scalable authorization libraries supporting various access control paradigms like:

• Access Control List (ACL)
• Role Based Access Control (RBAC)
• Attribute Based Access Control (ABAC)

Casbin has its library support over various languages. The prominent ones are:

• casbin core (Golang)
• casbin-cpp (C++)
• casbin-rs (Rust)
• node-casbin (Node JS)
• jcasbin (Java)
• pycasbin (Python)

Casbin's goal is to integrate, the management of the access-control of system resources, objects, into any application seamlessly without any hassle of writing the policy compliance logic. The ecosystem of casbin is rich in all aspects. It supports the policy storage in various databases in form of persistence adapters. Some of the prominent ones are:

• MySQL
• PostgreSQL
• Redis
• MongoDB

What work was done ?

The following library functionality modules were implemented:

• Port interfaces from casbin-core

  • Effector interface
  • RoleManager interface
  • Adapter, Enforcer, Watcher interface

• Library API implementation

  • Management API Implementation
  • Internal Persistence Operations API Implementation
  • RBAC and RBAC with Domains API Implementation

• CI/CD integrations

  • Setup Azure Pipeline Build Process
  • Setup Semantic Release
  • Setup Unix Makefile Build and setup Travis Build Process

• Testing Functional Modules

  • Test module for Management API
  • Test module for RBAC API
  • Test module for RBAC with Domains API
  • Test module for Model Implementation
  • Test module for RoleManager Implementation
  • Test module for Config Implementation

• Repository Project Documentation

  • Add project's Get-Started and Setup Guide
  • Add project's Build Status and other analytics badges

All commits can be seen here

What's left to do ?

• Implement logger interface: The library, currently, don't have a logger adapter support for logging error or exception or background process messages on console.
• Implement the exception and error interface: The library, currently, don't have exception interface support for raising custom exceptions.
• Implement Synced and Cached Enforcer: Synced Enforcer is a Enforcer implementation which allows library to function in multi-threaded environments. Cached Enforcer stores enforcement results in a cache to return enforcement result quickly on most common or frequent resource access requests.
• Implement Quick Return Strategy in Effector-Enforcer flow: From Issue #439, this feature is a optimization feature, which is already implemented in casbin-core.

Highlights and Challenges

• Integrating and setting-up C++ expression evaluator: As Casbin's model configuration supports custom matchers and policy processing, we need a expression evaluator to parse the statement and execute the statement on request and policy parameters. I used duktape for this purpose. Although the documentation of duktape was detailed enough, but the API functionalities were un-clear before integrating and hands-on testing of duktape library.
• Integrating Google Tests with Azure Pipeline Build Process: Azure Pipeline currently doesn't support Google Test Adapter for its VS C++ build process, so has to port all Google Test Modules to Microsoft C++ Test Modules
• Writing regular expressions for parsing model configuartion statements
• Setting up Unix Build: As it was my first experience working with a build-automation tool, hence, had to do my research to come up with casbin-cpp's Unix platform support Automated Build process in Makefile.