hsluoyz
commented
4 years ago @kingiw you did a great job in this summer and thanks for contributing to Casbin. Congrats on finishing the GSoC!
Closed kingiw closed 3 years ago
hsluoyz
commented
4 years ago @kingiw you did a great job in this summer and thanks for contributing to Casbin. Congrats on finishing the GSoC!
Casbin.js is one of GSoC 2020 projects for Casbin community. See the Main Page for more details. Refer to Casbin.js documentation for usage instructions and star our origin repo.
This report illustrates Casbin.js features and our current challenges (by Aug. 2020). This reports also serves as the final evaluation report for GSoC 2020.
Features
Casbin.js was built from zero during the past three months. The purpose of Casbin.js is to extend the existed access control management functionalities of Casbin to the frontend webpages. In our picture, Casbin.js can unify authorization management at the client sides, while avoid the potential security risks like the divulge of access data.
Currently, Casbin.js can be perfected integrated with a server-side Casbin core and provides some foolproof interfaces for enforcing the permission of the client-side visitors.
Casbin.js have supported the following modes by now:
Casbin.js is now perfectly support diverse access control models that Casbin originally supports, including the ACL, RBAC and ABAC.
Casbin.js support dynamic environment. If you are using React or Vue, you can install Casbin.js with npm or yarn. Casbin.js can also be used directly in the browser by referring its bundled version.
To avoid unnecessary syncing, Casbin.js is equipped with a built-in cache system.
Challenges
Casbin.js is a new-born baby, and it still faces a series of challenges.
One of the most tough challenges is the implementation of a simple version of enforcer with no sacrifice on the available features. Temporarily Casbin.js uses part of the functionalities of Node-Casbin in the enforcer in order to support ABAC. However, this requires the integration with Node-Casbin, which greatly increases the size of Casbin.js and brings up with lots of redundancy. I am currently working on developing a "small" enforcer that suitable for the frontend.
Another tough problem is to minimize the cost of describing a user's permission. Originally, for ACL and RBAC, a dedicatedly designed object is enough for profiling what a user can do. However, advanced model like ABAC and ABAC with custom rules require a more flexible and robust data structure.
Contribution
Main Event
I develop Casbin.js from zero during the GSoC coding period. At the beginning, my mentors and I have a heated discussion on the features of Casbin.js. Most of the ideas and the architecture follow my proposal. Originally, Casbin.js was designed to support ACL and RBAC. However, earlier this month, I have a strong debate with my mentors and we finally determine to move Casbin.js to support ABAC and ABACaccess control model.
Start of Casbin.js architecture: https://github.com/casbin/casbin.js/pull/4/ (Authorizer, message synchronization)
Permission handlers and basic APIs: https://github.com/casbin/casbin.js/pull/5
Support as a UMD module: https://github.com/casbin/casbin.js/pull/6
Add cookie mode: https://github.com/casbin/casbin.js/pull/7
Local storage cache: https://github.com/casbin/casbin.js/pull/9
Breaking change: Support for ABAC and other AC models: https://github.com/casbin/casbin.js/pull/11
I wrote a demo in React, which shows the basic methodology of Casbin.js: https://github.com/casbin-js/examples/tree/master/react
I provided the necessary API for backend service in both go Casbin and Node-Casbin. I'll add the API to the Casbin of other languages later on.
https://github.com/casbin/casbin/pull/557
https://github.com/casbin/node-casbin/pull/179
https://github.com/casbin/node-casbin/pull/186
I also try to create something named CSS controller in the native HTML environment. The CSS controller can monitor and manipulate the styles according to the user's permission. I slow it down temporarily because I think it's not really useful. See https://github.com/kingiw/casbin.js/commits/cssctl for more details.
Others
DynamoDB Adapter
I write an adapter for DynamoDB for jCasbin. See the gist for more details.
Casbin Forum
I made some contributions to casbin-forum. My major work is to unify the access-control management modules using RBAC+ABAC model with Casbin. Temporarily I've done the work on the server sides and waiting for the updates of Casbin. See https://github.com/casbin/casbin-forum/pull/65/files. Also, as the experiments, I will use Casbin.js in the Casbin forum client side.
Casbin Documentation
I participated in the development and maintenance of our official website of Casbin. Including the following two parts:
After GSoC
I will continue developing Casbin.js after the end of GSoC. Fixing the challenges mentioned above will be my major work.
Some of the features raised in my proposal were not implemented: to integrate Casbin.js with modern frontend framework and provide easily used interfaces. I believe this feature is not a must for Casbin.js, so I didn't prioritize that. I will do this task after fixing the biggest challenges of Casbin.js.
Acknowledgement
I wish to express my heartfelt appreciation to my mentor and the creator of Casbin @hsluoyz, as well as Casbin member @nodece and @GopherJ. They all give me lots of assistance, guidance and inspiration during the past three months.