GSoC Final Report - Casbin-RS

Personal Details

• First/Last Name: Yi sheng Chai

• Email: hackerchai.com@gmail.com

• School/University: Chongqing University

• Location: Chongqing, China

• Timezone: China Standard Time (CST), UTC+8

• Github Profile: https://github.com/hackerchai

Project Details

• Student: YishengChai

• Mentors: YangLuo, ChengJiang, JoeyXie

• Organization: Casbin

• Project Name: ImpelementtheAsyncSQLAdapterandActix-webmiddlewareforCasbin-rs

Overview

Casbin-RS is now ready for production

Casbin-RS aims at building reliable and high-performance library supporting various model access control for Rust projects. In the past months, I have developed CasbinSqlxAdapter to support fully Async with Casbin Database Adapter, which gives developers an alternative in database adapter selection as well as a more high-performance adapter.

In addition, now all the components of Casbin-RS have intergrated with Github Action CI and Auto-Release support.

Casbin-RS is now ready for Actix-web Development

Actix-web is the the most popular Rust web framework at present. It is also known as the fastestwebframework. With powerful extractors and extensible features, we can build rust-web application easily. In the past months, I am working on how to intergration Casbin with Actix-web together.

With CasbinActix-webMiddleware, It will provide a basic middleware to reads username(from other AuthN middleware), request path, request method from an user request and sends enforce request (subject, domain, object, action) to casbin enforcer for authorization. The middleware wll block the request if enforcer denied the request. We can automatically handle request with authorization control with this.

With CasbinActix-webActor, we can wrap casbin into an actor for a safer and easier way to call in request handle. In the actix system, actors are objects which encapsulate state and behavior and run within the Actor System provided by the actix library. We build this actor for basic CRUD operation of casbin instance

CasbinActix-webRealWorldApp is a fully functional demo which intergrated with Actix-web, CasbinActix-webMiddleware , CasbinActix-webActor, Diesel, CasbinDieselAdaper. It is basically an Anonymous Forum which has admin-user system. With the intergration of casbin, it can authorize the requests and add policies when new user registered. This app provides a set of RESTful API using JWT authentication. This can be seen as an example for developers to use casbin with actix-web.

The work I have done

My Weekly Development Report can be seen here.

CasbinSqlxAdapter

All the commits made by me: commit-list, this repo is mainly maintained by me.

• Basic Api Implemntation
• Test Module For Functions
• Multi-Databse support: Including MySQL/PostgreSQL
• Fully Async Support
• CI/CD Intergrations: Github Actions
• Auto-Release: Github Actions
• Database Environment Setupt: Docker
• Document Writing

CasbinActix-webMiddleware

All the commits made by me: commit-list, this repo is mainly maintained by me.

• Basic Function Implementation
• Test Module For Middleware
• Support for AuthN Middleware Intergration
• Support Domain Model and Domian-less Model
• Support Get/Set Enforcer for Flexible Demand
• CI/CD Intergrations: Github Actions
• Auto-Release: Github Actions
• Document Writing

CasbinActix-webActor

All the commits made by me: commit-list, this repo is mainly maintained by me.

• Basic Casbin Function Implementation
• Test Module for Actor Runtime
• Support Actix Supervisor: Auto-Restart Feature
• Support Get/Set Enforcer for Flexible Dem,and
• CI/CD Intergrations: Github Actions
• Auto-Release: Github Actions
• Document Writing

CasbinActix-webRealWorldApp

All the commits made by me: commit-list, this module is mainly maintained by me.

• Basic Restful API Implementation using Actix-web: Anonymous Forum
• Intergration with CasbinActix-webMiddleware and CasbinActix-webActor
• User JWT Authentication Middleware Implementation
• Database Design and Migration Implement
• Casbin Configuration and Structure Design
• URL White-list for Casbin AuthZ Middleware and JWT AuthN Middleware
• Preset Policy Databse Initial Implementation
• CI/CD Intergrations: Github Actions
• Document Writing

CasbinDieselAdaper

All the commits made by me: commit-list

• Code Refactor and Optimization
• Database Environment Setup Improvement
• CI/CD Intergrations: Github Actions
• Auto-Release: Github Actions
• Document Writing Improvement
• Daily Maintenance and Upgrade

CasbinOfficialWebsite

All the commits made by me: commit-list

• Casbin-Rs Actix Middleware & Actor Documentation

Challenges and Difficulties

1. RwLock deadlock problem

   When developing the middleware and actor, I have to use RwLock to wrap casbin instance to avoid Rust lifetime issue, they are all set and passed the Unit-Tests. But when I was developing the real-world-app, I encountered several Rwlock Deadlock problems, with my mentor's help, finally I successfully solve the problem by manually dropping the RwLock in case of middleware long-term holding the write lock.

2. Sqlx compile-time checking and CI issues

   Sqlx-rs uses the compile-time check which forces me to set the database environment up while compiling. When it comes to the CI, it becomes a little difficult for my first time of working with Github Actions. So I have to set up the database docker for the compile time-check. But here is the good news: Sqlx officially announced it will use sqlx-cli to avoid compile-time checking. When the feature comes to stable, I will try to port this feature to our Sqlx Adapter.

After GSoC

I will definitely continue contributing to Casbin, there are still a lot to do in the future:

• Implement new data structure for casbin-rs: For now, out data structure is tree, which causes the usage of lock and makes it hard to support multi-thread processing. In the future, maybe we can use index tree to solve this problem.
• Implement RPC version of casbin-rs