From b4ea574ce0a69475e8e19cd91d1aaa913964a121 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 13:03:53 +0000 Subject: [PATCH 01/25] Fix #140 --- src/backend/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/__main__.py b/src/backend/__main__.py index 7093dad..9e0ce19 100644 --- a/src/backend/__main__.py +++ b/src/backend/__main__.py @@ -55,4 +55,4 @@ def get(self, id): api.add_resource(getBookByID, '/Book/getByID') if __name__ == '__main__': - app.run() \ No newline at end of file + app.run(host='localhost', port=8000) \ No newline at end of file From 1cea2c8ddef6bde842a78d6d35697d971c52c68c Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 13:08:43 +0000 Subject: [PATCH 02/25] Further fix for #140 --- src/backend/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/__main__.py b/src/backend/__main__.py index 9e0ce19..cead2f7 100644 --- a/src/backend/__main__.py +++ b/src/backend/__main__.py @@ -55,4 +55,4 @@ def get(self, id): api.add_resource(getBookByID, '/Book/getByID') if __name__ == '__main__': - app.run(host='localhost', port=8000) \ No newline at end of file + app.run(host='0.0.0.0', port=8000) \ No newline at end of file From abcc9fe91f1ce16296f4c9d0b9e46ebdcea9836a Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 13:23:23 +0000 Subject: [PATCH 03/25] Add arguments to `api` endpoints #142 --- src/backend/__main__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/backend/__main__.py b/src/backend/__main__.py index cead2f7..9cd0189 100644 --- a/src/backend/__main__.py +++ b/src/backend/__main__.py @@ -50,9 +50,9 @@ class getBookByID(Resource): def get(self, id): return db.getBookData(id = int(id)) -api.add_resource(getBookByISBN, '/Book/getByISBN') -api.add_resource(getBookByName, '/Book/getByName') -api.add_resource(getBookByID, '/Book/getByID') +api.add_resource(getBookByISBN, '/Book/getByISBN/') +api.add_resource(getBookByName, '/Book/getByName/') +api.add_resource(getBookByID, '/Book/getByID/') if __name__ == '__main__': app.run(host='0.0.0.0', port=8000) \ No newline at end of file From fd8ff9c99d70a6977d4f9701970fdb3fe3984ae6 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 13:39:32 +0000 Subject: [PATCH 04/25] Let `policySetup.py` run #143 --- compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 6d78124..6341564 100644 --- a/compose.yaml +++ b/compose.yaml @@ -47,7 +47,7 @@ services: environment: DB_HOST: db DB_PORT: 5432 - command: ["python","/src/__main__.py"] + command: ["python", "src/auth/policySetup.py", "&&", "python", "/src/__main__.py"] depends_on: db: condition: service_healthy From 800fd6425ad9906a2f831a4bd4d4fdfa941497bb Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 14:13:20 +0000 Subject: [PATCH 05/25] update compose to actually let `policySetup.py` run `casbin.Enforcer` is imported as a class in `__main__.py` not an Instance Furthers #143 --- compose.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 6341564..a859da7 100644 --- a/compose.yaml +++ b/compose.yaml @@ -47,7 +47,9 @@ services: environment: DB_HOST: db DB_PORT: 5432 - command: ["python", "src/auth/policySetup.py", "&&", "python", "/src/__main__.py"] + DB_NAME: library + CASBIN_LOGIN_PASS: ${CASBIN_LOGIN_PASS} + command: sh -c "python /src/auth/policySetup.py && python /src/__main__.py" depends_on: db: condition: service_healthy From b94ee8b8f4b1b266ab94c5ac52417c0746192985 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 14:13:49 +0000 Subject: [PATCH 06/25] Fix some problems for `casbin.Enforcer` is imported as a class in `__main__.py` not an Instance Fixes #143 --- src/backend/auth/policySetup.py | 2 +- src/backend/backend.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/auth/policySetup.py b/src/backend/auth/policySetup.py index b57e4c4..29ffbb2 100644 --- a/src/backend/auth/policySetup.py +++ b/src/backend/auth/policySetup.py @@ -26,7 +26,7 @@ log_handler = logging.StreamHandler(sys.stdout) log.addHandler(log_handler) -log.setLevel(logging.INFO) +log.setLevel(logging.DEBUG) log.info('Initiating policySetup.py') diff --git a/src/backend/backend.Dockerfile b/src/backend/backend.Dockerfile index 2bb5001..eb7644a 100644 --- a/src/backend/backend.Dockerfile +++ b/src/backend/backend.Dockerfile @@ -24,7 +24,7 @@ RUN pip install --no-cache-dir --require-hashes --force-reinstall -r requirement RUN adduser --disabled-password --gecos '' appuser USER appuser -ADD ./* ./ +ADD . ./ EXPOSE 8000 From 01637ffda6b95a631328cf1bc663159ea3dde94a Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 14:14:27 +0000 Subject: [PATCH 07/25] silly update to `launch.sh` ***NEEDS TO BE REVERSED FOR PRODUCTION*** --- launch.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/launch.sh b/launch.sh index 8d16b5d..c620ef3 100755 --- a/launch.sh +++ b/launch.sh @@ -6,7 +6,7 @@ if [ $1 = "--kill" ]; then docker system prune --force exit 0 else - docker compose up --build $1 + docker compose up --build $1 backend db fi unset DB_PASS unset CASBIN_LOGIN_PASS \ No newline at end of file From 166ddd1979d02b8ade546a89438997321bd371ec Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 15:29:29 +0000 Subject: [PATCH 08/25] Update `0_roles.sh` to be a `.sh` file #144 --- db-init/0_roles.sh | 14 ++++++++++++++ db-init/0_roles.sql | 29 ----------------------------- 2 files changed, 14 insertions(+), 29 deletions(-) create mode 100755 db-init/0_roles.sh delete mode 100644 db-init/0_roles.sql diff --git a/db-init/0_roles.sh b/db-init/0_roles.sh new file mode 100755 index 0000000..2cc78ba --- /dev/null +++ b/db-init/0_roles.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE ROLE casbin NOLOGIN; + CREATE ROLE casbin_login LOGIN PASSWORD '${CASBIN_LOGIN_PASS}'; + GRANT casbin TO casbin_login; + + GRANT CREATE, USAGE ON SCHEMA public TO casbin_login; + GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO casbin_login; + + CREATE ROLE server_admin LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; + CREATE ROLE server_write LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; + CREATE ROLE server_read LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; +EOSQL \ No newline at end of file diff --git a/db-init/0_roles.sql b/db-init/0_roles.sql deleted file mode 100644 index ebaacde..0000000 --- a/db-init/0_roles.sql +++ /dev/null @@ -1,29 +0,0 @@ -/* -# This program is for the automatic creation of database roles upon first start. -# Copyright (C) 2025, The CS Nerds (HippoProgrammer & SuitablyMysterious) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see .*/ - - --- Create casbin role -CREATE ROLE casbin NOLOGIN; -CREATE ROLE casbin_login LOGIN PASSWORD :casbin_login_pass; -GRANT casbin TO casbin_login; - --- Create server admin, write and read roles -CREATE ROLE server_admin LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; -CREATE ROLE server_write LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; -CREATE ROLE server_read LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; - -CREATE ROLE zitadel LOGIN PASSWORD 'zitadel'; \ No newline at end of file From 8dad705609920bdea35048ab8dbd30c07471ad42 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 15:30:05 +0000 Subject: [PATCH 09/25] Furthers #143 --- compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yaml b/compose.yaml index a859da7..9d58b59 100644 --- a/compose.yaml +++ b/compose.yaml @@ -64,10 +64,11 @@ services: restart: unless-stopped volumes: - pgdata:/var/lib/postgresql/data - - db-init:/docker-entrypoint-initdb.d:ro # Init scripts for postgres + - ./db-init:/docker-entrypoint-initdb.d:ro environment: POSTGRES_USER: library POSTGRES_PASSWORD: ${DB_PASS} + CASBIN_LOGIN_PASS: ${CASBIN_LOGIN_PASS} POSTGRES_DB: library healthcheck: @@ -106,7 +107,6 @@ networks: # Frontend and DB MUST NEVER be on the same network. volumes: pgdata: - db-init: secrets: casbin_login_pass: From 4d537fa9506f9d28b44cd7bf2c7ad83403f1d118 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 15:30:52 +0000 Subject: [PATCH 10/25] covenience change to `launch.sh` --- launch.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/launch.sh b/launch.sh index c620ef3..f0f12cd 100755 --- a/launch.sh +++ b/launch.sh @@ -2,8 +2,9 @@ export DB_PASS=`python3 dbKeyGen.py --keys db --print` export CASBIN_LOGIN_PASS=`python3 dbKeyGen.py --keys auth --print` if [ $1 = "--kill" ]; then - docker compose down + docker compose down -v docker system prune --force + docker volume prune --force exit 0 else docker compose up --build $1 backend db From 8c5425440813cc7f5db886e287ab0732e8fe53e7 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 15:37:52 +0000 Subject: [PATCH 11/25] Remove `auto_save` parameter from the `Enforcer` Fixes #145 --- src/backend/auth/policySetup.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/auth/policySetup.py b/src/backend/auth/policySetup.py index 29ffbb2..09bc4a8 100644 --- a/src/backend/auth/policySetup.py +++ b/src/backend/auth/policySetup.py @@ -38,9 +38,9 @@ engine = create_engine(DSN, future=True) adapter = Adapter(engine) -enforcer = Enforcer(str(MODEL_PATH), adapter, auto_save=False) +enforcer = Enforcer(str(MODEL_PATH), adapter) enforcer.load_policy() -db_enforcer = Enforcer(str(MODEL_PATH), adapter, auto_save=False) +db_enforcer = Enforcer(str(MODEL_PATH), adapter) file_enforcer = Enforcer(str(MODEL_PATH), str(POLICY_PATH)) for rule in file_enforcer.get_policy(): From 063829f2eb13b9fa67005e0b3ea7bd8cbf05a6a4 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 2 Aug 2025 15:49:47 +0000 Subject: [PATCH 12/25] update `model.conf` to use casbin properly --- src/backend/auth/model.conf | 2 +- src/backend/auth/policy.csv | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/auth/model.conf b/src/backend/auth/model.conf index 4854b51..ce3c477 100644 --- a/src/backend/auth/model.conf +++ b/src/backend/auth/model.conf @@ -22,7 +22,7 @@ r = sub, tbl, obj, act, verified # needs to be changed later on p = sub, tbl, obj, act, verified # needs to be changed later on [role_definition] -g = _, _, _, _, _, _ # unique id, student id, name, email, role, password +g = _, _ # uuid, permissions [policy_effect] e = some(where (p.eft == allow)) diff --git a/src/backend/auth/policy.csv b/src/backend/auth/policy.csv index 5cf12e8..5a5e032 100644 --- a/src/backend/auth/policy.csv +++ b/src/backend/auth/policy.csv @@ -5,4 +5,4 @@ p,librarian,loans,loan,delete,True p,student,books,book,read,True p,*,books,book,read,False p,admin,*,*,*,True -g,000000,0000,admin,admin,root \ No newline at end of file +g,000000,None,admin,None,admin,root \ No newline at end of file From dcc02b536148ebb82f0ded71848b81969c19ef7e Mon Sep 17 00:00:00 2001 From: SuitablyMysterious Date: Mon, 4 Aug 2025 11:23:35 +0100 Subject: [PATCH 13/25] Revert #140 --- src/backend/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/__main__.py b/src/backend/__main__.py index 9cd0189..0de144c 100644 --- a/src/backend/__main__.py +++ b/src/backend/__main__.py @@ -55,4 +55,4 @@ def get(self, id): api.add_resource(getBookByID, '/Book/getByID/') if __name__ == '__main__': - app.run(host='0.0.0.0', port=8000) \ No newline at end of file + app.run() \ No newline at end of file From 57cc27399fa08f3a2d3d206fdf9bcc6b9effbc4a Mon Sep 17 00:00:00 2001 From: SuitablyMysterious Date: Mon, 4 Aug 2025 11:41:21 +0100 Subject: [PATCH 14/25] Revert #142 --- src/backend/__main__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/backend/__main__.py b/src/backend/__main__.py index 0de144c..7f85691 100644 --- a/src/backend/__main__.py +++ b/src/backend/__main__.py @@ -50,9 +50,9 @@ class getBookByID(Resource): def get(self, id): return db.getBookData(id = int(id)) -api.add_resource(getBookByISBN, '/Book/getByISBN/') -api.add_resource(getBookByName, '/Book/getByName/') -api.add_resource(getBookByID, '/Book/getByID/') +api.add_resource(getBookByISBN, '/Book/getByISBN/') +api.add_resource(getBookByName, '/Book/getByName/') +api.add_resource(getBookByID, '/Book/getByID/') if __name__ == '__main__': app.run() \ No newline at end of file From 9016ea975f27d7c4f8ea7ddec01aa161e03089d4 Mon Sep 17 00:00:00 2001 From: SuitablyMysterious Date: Mon, 4 Aug 2025 11:43:57 +0100 Subject: [PATCH 15/25] Allow `launch.sh` to run in git bash on windows --- launch.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/launch.sh b/launch.sh index f0f12cd..086f596 100755 --- a/launch.sh +++ b/launch.sh @@ -1,6 +1,6 @@ #!/bin/sh -export DB_PASS=`python3 dbKeyGen.py --keys db --print` -export CASBIN_LOGIN_PASS=`python3 dbKeyGen.py --keys auth --print` +export DB_PASS=`python dbKeyGen.py --keys db --print` +export CASBIN_LOGIN_PASS=`python dbKeyGen.py --keys auth --print` if [ $1 = "--kill" ]; then docker compose down -v docker system prune --force From bcc8d4af598658aa6195127bd9bfca763aa2206a Mon Sep 17 00:00:00 2001 From: SuitablyMysterious Date: Mon, 4 Aug 2025 17:35:46 +0100 Subject: [PATCH 16/25] update secrets to be correct --- compose.yaml | 4 ++++ launch.sh | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 9d58b59..01ef88f 100644 --- a/compose.yaml +++ b/compose.yaml @@ -48,6 +48,7 @@ services: DB_HOST: db DB_PORT: 5432 DB_NAME: library + POSTGRES_PASSWORD: ${DB_PASS} CASBIN_LOGIN_PASS: ${CASBIN_LOGIN_PASS} command: sh -c "python /src/auth/policySetup.py && python /src/__main__.py" depends_on: @@ -55,6 +56,9 @@ services: condition: service_healthy ports: - "8000:8000" + secrets: + - casbin_login_pass + - db_pass db: # Database # entrypoint: ['docker-entrypoint.sh'] image: postgres:17.5-alpine3.21 # Using alpine Postgres image diff --git a/launch.sh b/launch.sh index 086f596..c50eec8 100755 --- a/launch.sh +++ b/launch.sh @@ -7,7 +7,8 @@ if [ $1 = "--kill" ]; then docker volume prune --force exit 0 else - docker compose up --build $1 backend db + docker compose down -v + docker compose up --build $1 backend db frontend fi unset DB_PASS unset CASBIN_LOGIN_PASS \ No newline at end of file From 9959b43421752ec60e4b094de6e0e216d76326d7 Mon Sep 17 00:00:00 2001 From: SuitablyMysterious Date: Mon, 4 Aug 2025 17:41:42 +0100 Subject: [PATCH 17/25] fixed `launch.sh` --- launch.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/launch.sh b/launch.sh index c50eec8..eb46e3d 100755 --- a/launch.sh +++ b/launch.sh @@ -1,4 +1,5 @@ #!/bin/sh +docker compose down -v export DB_PASS=`python dbKeyGen.py --keys db --print` export CASBIN_LOGIN_PASS=`python dbKeyGen.py --keys auth --print` if [ $1 = "--kill" ]; then @@ -7,7 +8,7 @@ if [ $1 = "--kill" ]; then docker volume prune --force exit 0 else - docker compose down -v + docker compose up --build $1 backend db frontend fi unset DB_PASS From e9603f7fedc0e80a1d64e6b0e23c76260ec9fb62 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 17:41:35 +0000 Subject: [PATCH 18/25] add a `casbin_users` table #146 --- db-init/1_tables.sql | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/db-init/1_tables.sql b/db-init/1_tables.sql index 1f239c7..3fa0fae 100644 --- a/db-init/1_tables.sql +++ b/db-init/1_tables.sql @@ -40,4 +40,9 @@ CREATE TABLE IF NOT EXISTS users ( student_id INTEGER NOT NULL email TEXT NOT NULL UNIQUE, role TEXT NOT NULL, -); \ No newline at end of file +); + +CREATE TABLE IF NOT EXISTS casbin_users ( + id UUID PRIMARY KEY, + role TEXT NOT NULL +) \ No newline at end of file From 8809285b45f31e4eb2003eddde9fd3f3e7ddcc00 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 17:42:11 +0000 Subject: [PATCH 19/25] remove the `role` field from the `users` table --- db-init/1_tables.sql | 1 - 1 file changed, 1 deletion(-) diff --git a/db-init/1_tables.sql b/db-init/1_tables.sql index 3fa0fae..796aff0 100644 --- a/db-init/1_tables.sql +++ b/db-init/1_tables.sql @@ -39,7 +39,6 @@ CREATE TABLE IF NOT EXISTS users ( surname TEXT NOT NULL, student_id INTEGER NOT NULL email TEXT NOT NULL UNIQUE, - role TEXT NOT NULL, ); CREATE TABLE IF NOT EXISTS casbin_users ( From ee3b8d55d706e52949e72509bf360f127a915446 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 19:27:36 +0000 Subject: [PATCH 20/25] remove unnecessary imports --- src/backend/auth/policySetup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/auth/policySetup.py b/src/backend/auth/policySetup.py index 09bc4a8..840e117 100644 --- a/src/backend/auth/policySetup.py +++ b/src/backend/auth/policySetup.py @@ -18,7 +18,7 @@ import logging import sys import os -from casbin import Enforcer, persist +from casbin import Enforcer from casbin_sqlalchemy_adapter import Adapter from sqlalchemy import create_engine From fd14dc53b1a8871de0fc23db6c4f8da3215dc6bd Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 19:28:23 +0000 Subject: [PATCH 21/25] why was that there (stupid code completions) --- db-init/0_roles.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/db-init/0_roles.sh b/db-init/0_roles.sh index 2cc78ba..5325b42 100755 --- a/db-init/0_roles.sh +++ b/db-init/0_roles.sh @@ -7,8 +7,4 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL GRANT CREATE, USAGE ON SCHEMA public TO casbin_login; GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO casbin_login; - - CREATE ROLE server_admin LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; - CREATE ROLE server_write LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; - CREATE ROLE server_read LOGIN PASSWORD 'SUBSTITUTE_PASSWORD'; EOSQL \ No newline at end of file From 886ef98caf52e0f18f829fd7bed40b9a8a993ffc Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 19:37:54 +0000 Subject: [PATCH 22/25] remove admin role form `policy.csv` --- src/backend/auth/policy.csv | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/backend/auth/policy.csv b/src/backend/auth/policy.csv index 5a5e032..7eff608 100644 --- a/src/backend/auth/policy.csv +++ b/src/backend/auth/policy.csv @@ -4,5 +4,4 @@ p,librarian,loans,loan,add,True p,librarian,loans,loan,delete,True p,student,books,book,read,True p,*,books,book,read,False -p,admin,*,*,*,True -g,000000,None,admin,None,admin,root \ No newline at end of file +p,admin,*,*,*,True \ No newline at end of file From 1e42871e9d8c33fda630989e3de9cfafa6743061 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 19:40:22 +0000 Subject: [PATCH 23/25] add a `code` user to policy --- src/backend/auth/policy.csv | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/backend/auth/policy.csv b/src/backend/auth/policy.csv index 7eff608..99d2804 100644 --- a/src/backend/auth/policy.csv +++ b/src/backend/auth/policy.csv @@ -4,4 +4,6 @@ p,librarian,loans,loan,add,True p,librarian,loans,loan,delete,True p,student,books,book,read,True p,*,books,book,read,False -p,admin,*,*,*,True \ No newline at end of file +p,admin,*,*,*,True +p,code,*,*,*,True +g,0,code \ No newline at end of file From 6b88127bd764dd5090d065a270b64ce39dc05798 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 19:44:30 +0000 Subject: [PATCH 24/25] add anoter change to Casbin is implemented slightly wrong Fixes #146 --- src/backend/db.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/backend/db.py b/src/backend/db.py index 935be94..588cb7e 100644 --- a/src/backend/db.py +++ b/src/backend/db.py @@ -30,7 +30,7 @@ class APIException(Exception): pass -def sendSQLCommand(command, userID, table, verified = True, fetch = 1): # NO USER INPUT SHOULD BE SENT DIRECTLY HERE +def sendSQLCommand(command, UUID, table, verified = True, fetch = 1): # NO USER INPUT SHOULD BE SENT DIRECTLY HERE verb = command.strip().split()[0].upper() action_map = { "SELECT": "read", @@ -39,7 +39,7 @@ def sendSQLCommand(command, userID, table, verified = True, fetch = 1): # NO USE "DELETE": "delete", #@HippoProgrammer Please update this as I know not much SQL } action = action_map.get(verb) - if Enforcer.enforce(userID, table, "*", action, verified): + if Enforcer.enforce(UUID, table, "*", action, verified): log.debug("User is authorized to perform this action") log.info('Connecting to postgres DB...') with psycopg.connect(f"postgres://library:{str(os.environ['DB_PASS'])}@db:5432/library") as conn: # create a connection to the db @@ -100,9 +100,9 @@ def __init__(self, forename: str, surname: str, student_id: int, email: str, rol def SQLStore(self): try: sendSQLCommand( - command="INSERT INTO users (id, forename, surname, student_id, email, role) VALUES (%s, %s, %s, %s, %s, %s)", - params=(self.uuid, self.forename, self.surname, self.student_id, self.email, self.role), - userID='admin', # Needs to updated later on + command="INSERT INTO users (id, forename, surname, student_id, email) VALUES (%s, %s, %s, %s, %s)", + params=(self.uuid, self.forename, self.surname, self.student_id, self.email), + UUID=0, # Ummm, is this correct @HippoProgrammer table='users', verified=True, fetch=0 @@ -111,7 +111,7 @@ def SQLStore(self): log.error(f"Failed to store user {self.student_id} in database: {e}") def addToCasbin(self): try: - enforcer = Enforcer("model.conf", "policy.csv") + enforcer = Enforcer("auth/model.conf", "auth/policy.csv") enforcer.add_policy("user", self.uuid, "read", "book") enforcer.add_grouping_policy(self.uuid, "group", self.role) enforcer.save_policy() From 34c37394f946e016648fa5f973967b53fb420060 Mon Sep 17 00:00:00 2001 From: Suitably Mysterious Date: Sat, 9 Aug 2025 19:47:57 +0000 Subject: [PATCH 25/25] Fix authentication in `User` class --- src/backend/db.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/backend/db.py b/src/backend/db.py index 588cb7e..4d760cc 100644 --- a/src/backend/db.py +++ b/src/backend/db.py @@ -20,6 +20,8 @@ from uuid import uuid4 from email_validator import validate_email, EmailNotValidError from casbin import Enforcer +from casbin_sqlalchemy_adapter import Adapter +from sqlalchemy import create_engine log = logging.getLogger(__name__) @@ -27,6 +29,12 @@ log.info('Read DB password') +MODEL_PATH = "auth/model.conf" +DB_URL = f"postgresql+psycopg://casbin_login:{os.environ['CASBIN_LOGIN_PASS']}@db:5432/library" +engine = create_engine(DB_URL) +adapter = Adapter(engine) +enforcer = Enforcer(MODEL_PATH, adapter) + class APIException(Exception): pass @@ -111,9 +119,7 @@ def SQLStore(self): log.error(f"Failed to store user {self.student_id} in database: {e}") def addToCasbin(self): try: - enforcer = Enforcer("auth/model.conf", "auth/policy.csv") - enforcer.add_policy("user", self.uuid, "read", "book") - enforcer.add_grouping_policy(self.uuid, "group", self.role) + enforcer.add_grouping_policy(self.uuid, self.role) enforcer.save_policy() except Exception as e: log.error(f"Failed to add user {self.uuid} to Casbin: {e}")