Merge pull request #123 from CodeForBaltimore/revjtanton/issue-100

Adding Casbin for User Roles

Author: stoopidJSON

package-lock.json

@@ -37,11 +37,14 @@
   "dependencies": {
     "@babel/core": "7.9.0",
     "@babel/node": "7.8.7",
+    "casbin": "4.3.1",
+    "casbin-sequelize-adapter": "2.0.1",
     "chai": "4.2.0",
     "cors": "2.8.5",
     "crypto": "1.0.1",
     "dotenv": "8.2.0",
     "express": "4.17.1",
+    "express-rate-limit": "5.1.1",
     "express-request-id": "1.4.1",
     "helmet": "3.22.0",
     "json2csv": "^5.0.0",

package.json

@@ -20,6 +20,14 @@ This repo has simplified a few of the Sequelize CLI options that would be common
 - `npm run db-seed` will run all seeders and populate all data.
 - `npm run db-unseed` will delete all data in all tables and revert all seeders.
 
+# Casbin
+User role management is being handled by [Casbin](https://casbin.org/). To facilitate this our migrations and seeding will replicate the `casbin_rule` table that would be generated by the casbin-sequelize package. We are then seeding as normal, however the field names are not straight-forward. They are defined as follows:
+- `role` = The plain-text name of the role. _Example:_ `admin`
+- `path` = The path the role has access to. _Example:_ `/user`
+- `method` = The http method that can be hit. _Example_ `GET`
+
+For use and management of roles after seeding, please refer to the API spec or Casbin Node.js documentation. 
+
 # Links and more information
 To create new models, migrations, and seeders you _must_ use the Sequelize CLI commands. Full documentation is here https://sequelize.org/master/manual/migrations.html but here are a few useful commands:
 - `npx sequelize-cli model:generate --name User --attributes firstName:string,lastName:string,email:string` - Creates a model under `/src/models` and a migration script.

sequelize/README.md

@@ -1,6 +1,73 @@
 [
     {
         "role": "admin",
-        "description": "This is a test admin role."
+        "path": "/*",
+        "method": "GET"
+    },
+    {
+        "role": "admin",
+        "path": "/*",
+        "method": "POST"
+    },
+    {
+        "role": "admin",
+        "path": "/*",
+        "method": "PUT"
+    },
+    {
+        "role": "admin",
+        "path": "/*",
+        "method": "DELETE"
+    },
+    
+    {
+        "role": "user",
+        "path": "/entity",
+        "method": "GET"
+    },
+    {
+        "role": "user",
+        "path": "/entity",
+        "method": "POST"
+    },
+    {
+        "role": "user",
+        "path": "/entity",
+        "method": "PUT"
+    },
+    {
+        "role": "user",
+        "path": "/contact",
+        "method": "GET"
+    },
+    {
+        "role": "user",
+        "path": "/contact",
+        "method": "POST"
+    },
+    {
+        "role": "user",
+        "path": "/contact",
+        "method": "PUT"
+    },
+    {
+        "role": "user",
+        "path": "/csv/Entity",
+        "method": "GET"
+    },
+    {
+        "role": "user",
+        "path": "/csv/Contact",
+        "method": "GET"
+    },
+    {
+        "role": "user",
+        "path": "/user/*",
+        "method": "GET"
+    },
+    {
+        "role": "user",
+        "path": "/user/*",
+        "method": "PUT"
     }
 ]

sequelize/data/user-role.json

@@ -2,11 +2,11 @@
     {
         "email": "[email protected]",
         "password": "donuts",
-        "roles": [1]
+        "roles": ["admin"]
     },
     {
         "email": "[email protected]",
         "password": "test",
-        "roles": [1]
+        "roles": ["user"]
     }
 ]

sequelize/data/user.json

@@ -23,9 +23,6 @@ module.exports = {
 			token: {
 				type: Sequelize.STRING
 			},
-			roles: {
-				type: Sequelize.JSON
-			},
 			displayName: {
 				type: Sequelize.STRING
 			},

sequelize/migrations/01-create-demo-user.js

@@ -1,32 +1,37 @@
 'use strict';
 module.exports = {
 	up: (queryInterface, Sequelize) => {
-		return queryInterface.createTable('UserRoles', {
+		return queryInterface.createTable('casbin_rule', {
 			id: {
 				allowNull: false,
 				autoIncrement: true,
 				primaryKey: true,
 				type: Sequelize.INTEGER
 			},
-			role: {
-				allowNull: false,
-				unique: true,
+			ptype: {
 				type: Sequelize.STRING
 			},
-			description: {
+			v0: {
 				type: Sequelize.STRING
 			},
-			createdAt: {
-				allowNull: false,
-				type: Sequelize.DATE
+			v1: {
+				type: Sequelize.STRING
+			},
+			v2: {
+				type: Sequelize.STRING
+			},
+			v3: {
+				type: Sequelize.STRING
+			},
+			v4: {
+				type: Sequelize.STRING
+			},
+			v5: {
+				type: Sequelize.STRING
 			},
-			updatedAt: {
-				allowNull: false,
-				type: Sequelize.DATE
-			}
 		});
 	},
 	down: queryInterface => {
-		return queryInterface.dropTable('UserRoles');
+		return queryInterface.dropTable('casbin_rule');
 	}
 };

sequelize/migrations/02-create-demo-user-role.js

@@ -1,15 +1,21 @@
+
 const userRoles = require('../data/user-role.json');
 
 module.exports = {
 	up: queryInterface => {
+		const roles = [];
 		for (const element of userRoles) {
-			element.createdAt = new Date();
-			element.updatedAt = new Date();
+			roles.push({
+				ptype: "p",
+				v0: element.role,
+				v1: element.path,
+				v2: element.method
+			});
 		}
 
-		return queryInterface.bulkInsert('UserRoles', userRoles);
+		return queryInterface.bulkInsert('casbin_rule', roles);
 	},
 	down: queryInterface => {
-		return queryInterface.bulkDelete('UserRoles', null, {});
+		return queryInterface.bulkDelete('casbin_rule', null, {});
 	}
 };