node-casbin / sequelize-adapter Goto Github PK

Using sequelize-adapter with CommonJS module complains about sequelize object being undefined.
Here is the stack trace:

/Repos/config-service/node_modules/sequelize/lib/model.js:55
    return this.sequelize.getQueryInterface();
                          ^

TypeError: Cannot read property 'getQueryInterface' of undefined
    at Function.get queryInterface [as queryInterface] (/Repos/config-service/node_modules/sequelize/lib/model.js:55:27)
    at isFunctionMember (/Repos/config-service/node_modules/sequelize-typescript/dist/model/model/model.js:99:25)
    at object_1.getAllPropertyNames.filter.key (/Repos/config-service/node_modules/sequelize-typescript/dist/model/model/model.js:96:5)
    at Array.filter (<anonymous>)
    at Object.<anonymous> (/Repos/config-service/node_modules/sequelize-typescript/dist/model/model/model.js:95:6)
    at Module._compile (internal/modules/cjs/loader.js:701:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:712:10)
    at Module.load (internal/modules/cjs/loader.js:600:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:539:12)
    at Function.Module._load (internal/modules/cjs/loader.js:531:3)

Here is the code being run:

const casbin = require("casbin");
const { SequelizeAdapter } = require("casbin-sequelize-adapter");
(async () => {
  const a = await SequelizeAdapter.newAdapter({
    host: "localhost",
    port: "3306",
    username: "root",
    password: "",
    database: "test",
    dialect: "mysql",
  });

  const e = await casbin.newEnforcer("../model.conf", a);
  e.enforce("alice", "data1", "read");
})();

node version: v14.8.0
"casbin": "^5.1.3",
"casbin-sequelize-adapter": "^2.1.0",

Hi,
I was wondering if there was a way to load initial policies from a file and then make them consistent in the sequelize database we reference.
The use case would be this:

• Application starts up
• Casbin has been initialized with Sequelize Adapter
• Casbin load default policies from a file (ideally a CSV)
• Casbin save them (if not already existing) in the database
• Casbin is ready to be used.

See: https://github.com/node-casbin/sequelize-adapter/runs/6197468119?check_suite_focus=true

Missing:

Need to update this repo to use a newer Sequalize to remove the vulnerability in Sequalize < v6.19.1. I tried but running into some problems with #69, any help would be great!

I'm using sequelize adapter for creating a persistent implementation of my ACL. As I said in this issue #19 I'm loading from file all the default policy that my system must have. I've noticed that after I've loaded all the infos I need in Caspin and then I call savePolicyin the Postrgre database all the entities get duplicated. This is supposed to work like that with the Auto-Save?

Hi, I have just started integrating casbin into my saas multi tenant app for authorization management. I am building REST APIs which can be used by app's frontend roles and permission management module.

For this I have create multiple apis:-

1. role listing at system and tenant level
2. user listing for a given role for a tenant
3. create custom role at tenant level

....

a glimpse of how i am using node sequelize adapter as below

async function returnEnforcer () {
  const a = await SequelizeAdapter.newAdapter({
    username: process.env.DB_USER,
    password: process.env.DB_PASS,
    database: process.env.DB_NAME,
    dialect: 'mysql',
    dialectOptions: {
      socketPath: `${dbSocketPath}/${process.env.INSTANCE_CONNECTION_NAME}`
    }
  })

  const e = await casbin.newEnforcer('rbac_model.conf', a)
  return e
}

class Casbin {
  async addPolicies (rules) {
    // Check the permission.

    // Modify the policy.
    // await e.addPolicy(...);
    // await e.removePolicy(...);
    const e = await returnEnforcer()
    const added = await e.addNamedPolicies('p', rules)

    return added

    // Save the policy back to DB.
    // await e.savePolicy();
  }

  async removePolicies (rules) {
    const e = await returnEnforcer()
    const removed = await e.removeNamedPolicies('p', rules)
    return removed
  }

  async getPolicy (clientProjectFilter = null) {
    const e = await returnEnforcer()
    const policy = await e.getPolicy()
    return policy
  }
  async enforce (request) {
    const e = await returnEnforcer()
    return e.enforce(request.sub, request.dom, request.obj, request.act)
  }

**Issue with this is that it creates a new connection each time i call above functions from respective APIs, but somehow i need to understand if i can use my global connection pool already created for other modules as well. Or atleast a pool can be created dedicated for casbin interaction with mysql.

Please let me know if i am thinking on the correct lines and if above is possible then how can i achieve the connection pool so that i can optimize my connections with sql

I can't call addPolicy when using Sequelize v5. I get the following error:

     TypeError: sequelize_1.Model[(staticMethodPrefix + "conformOptions")] is not a function
      at Function.BaseModel.prepareInstantiationOptions (node_modules/sequelize-typescript/lib/models/BaseModel.js:97:69)
      at new Model (node_modules/sequelize-typescript/lib/models/v4/Model.js:8:45)
      at new CasbinRule (node_modules/casbin-sequelize-adapter/lib/casbinRule.js:26:18)
      at new <anonymous> (node_modules/casbin-sequelize-adapter/lib/adapter.js:28:12)
      at SequelizeAdapter.savePolicyLine (node_modules/casbin-sequelize-adapter/lib/adapter.js:122:22)
      at SequelizeAdapter.<anonymous> (node_modules/casbin-sequelize-adapter/lib/adapter.js:175:31)
      at Generator.next (<anonymous>)
      at .../node_modules/casbin-sequelize-adapter/lib/adapter.js:20:71
      at new WrappedPromise (node_modules/async-listener/es6-wrapped-promise.js:13:18)
      at __awaiter (node_modules/casbin-sequelize-adapter/lib/adapter.js:16:12)
      at SequelizeAdapter.addPolicy (node_modules/casbin-sequelize-adapter/lib/adapter.js:174:16)
      at Context.<anonymous> (test/controller/attachment_controller_test.js:73:27)

Please fix it. Thanks!

When using a postgres URI for creating a new sequelize adapter I'm getting SSL connection is required. Please specify SSL options and retry..
Below is the syntax I'm using.

const { SequelizeAdapter } = require("casbin-sequelize-adapter");

sqladapter = await SequelizeAdapter.newAdapter(postgres://root@localhost:5432/testdb, {
          dialect: "postgres",
          schema: "automation",
          dialectOptions: {
            ssl: true,
          },
        });     

The adapter works fine when using username, password syntax.

   sqladapter = await SequelizeAdapter.newAdapter({
          host: "hostname",
          port: "5432",
          username: "root",
          password: "",
          database: "testdb",
          dialect: "postgres",
          schema: "automation",
          dialectOptions: {
            ssl: true,
          },
        });

"sequelize": "^5.22.3"
"casbin-sequelize-adapter": "^2.1.0"
"casbin": "^5.1.3"

https://github.com/node-casbin/sequelize-adapter/runs/8289139592?check_suite_focus=true

Cause by PR: #64

Adapter now send logs to standard output and I cannot disable them. As it is usual in Sequelize and Casbin, I would like to be able to turn it off - or, preferably to send log messages to a customized log engine like Winston to provide logs which are properly leveled and customized, fitting my current logging system.

Hi, thanks for this library ❤️

Would it be possible to support changing the default casbin_rule table name? We have our own convention of table names and at the moment casbin_rule sticks out.

I'm thinking of something like:

const adapter = await SequelizeAdapter.newAdapter({
    username: config.db.username,
    // ...
    tableName: 'not_casbin_rule`
});

Happy to make a PR for it.

Assigned to @zhmushan

It seems like if I try to create an adapter instance, the last one overrides all previously created.
For my application, I have multiple tenants and per tenant Postgres schema is different.

example:

• pgOptions1 has schema name as *tenant1*
  

• pgOptions2 has schema name as *tenant2*
  

• pgOptions3 has schema name as *tenant3*
  

  const casbinAdapter1 = await SequelizeAdapter.newAdapter(pgOptions1);
  const casbinAdapter2 = await SequelizeAdapter.newAdapter(pgOptions2);
  const casbinAdapter3 = await SequelizeAdapter.newAdapter(pgOptions3);

if I init above 3 adapters then it seems like casbinAdapter1 and casbinAdapter2 instance are equivalent to casbinAdapter3.
So if I use any adapter in enforcer it always points to the last db adapter instance i.e. tenant3 schema instance.

See: #61 (comment)

Hi, I've just started using Casbin and am considering using this library, but there's a few things about it that feel a bit unsafe or suboptimal to me, so I was wondering if you'd be happy to receive a pull request that made the following changes:

Remove use of sync in open

Sequelize docs suggest use migrations rather than sync in production: https://sequelize.org/master/manual/getting-started.html#note-for-production and there are several blogs and stack overflow posts suggesting the same for safety reasons. Removing the call to sync would require users to create the table themselves, however the library could provide a reference migration file to make this easier.

Wrap savePolicy in a transaction

Currently the savePolicy function drops and recreates the policy table, then inserts the policy rules in memory into the newly created table one at a time. As this isn't done in a transaction, any errors that occurred would mean the policy would be partially or wholly lost - a serious issue. I think this should be easy enough to fix by truncating the table rather than dropping it and wrapping the whole thing in a transaction.

Use bulk insert in savePolicy

A less serious issue of performance rather than safety, the savePolicy function could be made much faster by using bulk rather than one-by-one insert.

Remove sequelize-typescript

Sequelize now includes types, so there's an opportunity to remove this dependency. It may require refactoring CasbinRule a little as I don't believe the Sequelize types support annotations in the same way that sequelize-typescript does.

Would you be happy to receive a PR that made these changes? And if so would you prefer separate PRs for each individual change?

Hi All , I am trying to integrate casbin . Data is getting saved in DB using addPolicy

When i try to access data : await e.enforce("alice", "data1", "read"); i am getting false
Can anyone help me with this
?

Hello,

When I want to delete a user using deleteUser() function, the user is deleted from the memory, but the change is not being saved to the DB. I need to call savePolicy() afterward to do so.
Noting that addRoleForUser() save automatically the changes to DB.

Can you help with this?
Thank you.

https://github.com/node-casbin/sequelize-adapter/runs/3091187688?check_suite_focus=true

how long to start support v6

I am using nestjs. What would be the best practice for implementation? I don't want to create a new instance of this every time it is used?

Gina

So i ran this in java

enforcer.addPolicy("abcd","123","read");

This creates a table casbin_rule which is fine with columns

ptype,v0,v1,v2,v3,v4,v5

But now i connect the same database with NodeJS with casbin-sequelize-adapter

const casbin = require('casbin');
const { SequelizeAdapter } = require('casbin-sequelize-adapter');
(async () => {
    const a = await SequelizeAdapter.newAdapter({
        host: 'localhost',
        port: '3306',
        username: 'root',
        password: 'root',
        database: 'myhiber',
        dialect: 'mysql',
    });

    const e = await casbin.newEnforcer('../model.conf', a);

    // Check the permission.
    console.log(e.enforce('abcd', '123', 'read'))
})()

But it is throwing an error

Executing (default): SELECT 1+1 AS result
Executing (default): CREATE TABLE IF NOT EXISTS `casbin_rule` (`id` INTEGER NOT NULL auto_increment , `ptype` VARCHAR(255), `v0` VARCHAR(255), `v1` VARCHAR(255), `v2` VARCHAR(255), `v3` VARCHAR(255), `v4` VARCHAR(255), `v5` VARCHAR(255), PRIMARY KEY (`id`)) ENGINE=InnoDB;
Executing (default): SHOW INDEX FROM `casbin_rule` FROM `myhiber`
Executing (default): SELECT `id`, `ptype`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5` FROM `casbin_rule` AS `CasbinRule`;
(node:6328) UnhandledPromiseRejectionWarning: SequelizeDatabaseError: Unknown column 'id' in 'field list'

Why is it trying to select a different schema structure in default compared to Java ? hence the error log ..

Selecting id is the issue here

Hello,

Can I remove or ignore the 'id' column of created casbin_rule table?
If so, where shall I edit? Since I don't see the 'id' field in your model.
Thanks.

async function init(mode){
    let adapter = await SequelizeAdapter.newAdapter(`mysql://${mysql_user}:${mysql_password}@${mysql_host}:${mysql_port}/${mode}_casbin`,true);
    let enforcer = await Enforcer.newEnforcer(
        `${conf_uri}/${mode}.conf`,
        adapter
    );
    await enforcer.loadPolicy();
    return enforcer;
}

after init,set enforcer connecting in memory,
after init twice,use connecting in memory and two connecting only load one side policys.

I'm using MySQL and having some troubles with the time to add a new user policy. This is taking around 6 seconds. Is this the expected time?

My express.js route

app.put('/role/user/add', async (req, res) => {
  const status = await addUserRole(req.body.user, req.body.role_name);
  send_response(res, status);
})

Function to insert a new user role.

    async addUserRole(user_name, role_name){
        const status = await this.enforcer.addNamedGroupingPolicy('g', user_name, role_name);
        await this.enforcer.savePolicy();
        return status;
    }

Setting logging: false fails to prevent query logs output to console. This is inconsistent with base node-casbin.

This disables logging

const sequelize = new Sequelize(
	dbUrl(),
	{
		logging: false,
		dialect: 'postgres',
		dialectOptions: dialectOptions
	}
);

This does not

	const a = await SequelizeAdapter.newAdapter(
		dbUrl(),
		{
			logging: false,
			dialect: 'postgres',
			dialectOptions: dialectOptions
		}
	);

Otherwise, either connection works.

I believe this is a bug. When calling removeFilteredNamedPolicy, sec or ptype values aren't respected.

Example

table content
id, ptype, v0, v1, v2, ...
1, p, user:1, table, read
2, p, user:1, desk, read
3, g, user:1, role:admin
4, p, user:2, desk, delete

enforcer.removeFilteredNamedPolicy('p', 0, 'user:1')

Expected Behaviour

To remove rows 1,2. i.e. policies that are applied to a user

Actual Behaviour

Removes rows 1,2 and 3. i.e. also removes grouping policies for user:1

It appears that this issue has already been raised and supposedly, it was solved with this PR, but even after installing the latest version of the adapter(v2.6.1), the problem still persists. In the previous issue (as this) provided three sets of options for connecting to different schemas in the same database. However, when running the code, the last adapter seems to override the other two, preventing you from opening different database connections. The only difference among the options is the schema.

const pgOptions1 = {
  username: 'some_user',
  host: 'some_host',
  port: XXXX,
  password: 'some_password',
  database: 'some_db',
  schema: "tenant1",
  logging: false,
  dialect: 'postgres'
};

const pgOptions2 = {
  username: 'some_user',
  host: 'some_host',
  port: XXXX,
  password: 'some_password',
  database: 'some_db',
  schema: "tenant2",
  logging: false,
  dialect: 'postgres'
};

const pgOptions3 = {
  username: 'some_user',
  host: 'some_host',
  port: XXXX,
  password: 'some_password',
  database: 'some_db',
  schema: "tenant3",
  logging: false,
  dialect: 'postgres'
};

async function run() {
  const casbinAdapter1 = await SequelizeAdapter.newAdapter(pgOptions1);
  const casbinAdapter2 = await SequelizeAdapter.newAdapter(pgOptions2);
  const casbinAdapter3 = await SequelizeAdapter.newAdapter(pgOptions3);

  const enforcer1 = await casbin.newEnforcer('abac_model.conf', casbinAdapter1);
  const enforcer2 = await casbin.newEnforcer('abac_model.conf', casbinAdapter2);
  const enforcer3 = await casbin.newEnforcer('abac_model.conf', casbinAdapter3);

  const p = ['sub', 'obj', 'act'];
 // this add policy at tenant3 
  await enforcer2.addPolicy(...p);
 
}

run().catch(console.error);

Could you please verify if the problem is resolved?

Thank you in advance