Note: There are some significant changes in GSoC 2022 like expanding eligibility and multiple sizes of projects, see details at GSoC official site: https://opensource.googleblog.com/2021/11/expanding-google-summer-of-code-in-2022.html
Google Summer of Code (GSoC) is a global program held by Google to bring students into open source software development. Students work with an open source organization on a 3 month programming project during their break from school. See more details at: https://summerofcode.withgoogle.com/
The student will be more likely selected if he/she:
- Contribute to Casbin related project before.
- Familiar with the techniques required by the idea he selected.
- Show the previous code related to the idea on personal website or GitHub.
- Provide a personal website and descriptions for previous work/projects.
- Provide demo sites for the previous projects if possible.
- Provide a resume/CV.
- Choose an idea from our list: https://github.com/casbin/SummerOfCode2022
- Send your resume/CV in PDF to: [email protected]
- Do a self-introduction in: https://gitter.im/casbin/gsoc
- Get familiar with the existing code, try to solve opened issues for your chosen idea's repo before & after application deadline.
- If you have questions, you can ask the mentor of the idea via GitHub or Gitter.
- Submit your proposal in GSoC official site. The deadline is TBD.
- Casbin Core Engine (Golang)
- Casdoor
- Casnode
- Casbin Dashboard
- Casbin for C/C++
- Casbin for Java
- Casbin for .NET
- Casdoor for .NET
- Casbin Sam
- Casbin for Cloud Native
- Casbin for Rust
- Casbin for Node.js
- Casbin Hub
- Casbin for PHP
- Casbin for Python
- Casbin.js
- Casbin for Lua
- Casbin for Dart
- Casbin for Swift
- Casbin Mesh
Support more features and tune the performance in Casbin core engine. This will first be done in Golang Casbin. Possibly applied to other language implementations.
Some issues to work on:
- Make a Casbin middleware for go-zero: casbin/casbin#957
- Improve the performance of the new BatchEnforce() API: casbin/casbin#710
- Make a default implementation of WatcherEx: casbin/casbin#943
- Help solve issues for the 1st-party and 3rd-party middlewares
- Golang
- Other languages that Casbin is written with
Yang Luo, Casbin founder
350 hour
Medium
Build a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC. It can:
- Use OAuth 2.0 + OIDC as the authentication protocols.
- Support popular 3rd-party identity providers like Google, GitHub, Facebook, etc.
- Has a web portal to manage users, roles and permissions.
- Use Casbin as authorization method.
- Support user register, login, password reset, 2FA like Email and SMS.
The current progress is: https://door.casdoor.com/. Source code: https://github.com/casdoor/casdoor. We want the student to continue the work.
Some issues to work on:
- Support SAML as IdP: casdoor/casdoor#405
- Support password hashing in LDAP: casdoor/casdoor#499
- Add Telegram provider: casdoor/casdoor#341
- Add Casbin model and policy management: casdoor/casdoor#95
- Design and develop a more beautiful frontend portal: casdoor/casdoor#69
- Golang (backend)
- Javascript + React + Ant Design (frontend)
- Casbin
Yang Luo, Casbin founder
350 hour
Medium
Casnode is a light-weight forum software. It is used by Casbin community as the official developer forum (https://forum.casbin.com/). We hope to fix its bugs and add more features like mailing list to replace the traditional open-source community mailing list.
The current progress is: https://github.com/casbin/casnode
Some features to add/improve:
- Further optimized the project UI: https://github.com/casbin/casnode/issues/400 Now casnode UI may break on some models, mainly mobile phones, we need to further optimize our project UI to fix it.
- Anonymous-Post Note: we may change whether to enable the node's anonymous function via the admin console.
- Improve the part of https://forum.casbin.com/api and https://forum.casbin.com/swagger/#/ that provides API externally.
- Implement notes, so users could create and publish notes: https://github.com/casbin/casnode/issues/341.
- Implement timeline, so users could post their thoughts and reply to others' thoughts there: https://github.com/casbin/casnode/issues/341
- Add RSS feed.
- Add some metrics, for Prometheus or others.
- Backup and recovery data from backup files.
Code quality maintenance:
- Add configurable logs. Notes: this may add a completion log system for casnode using zap.
- More friendly error handling instead of panic. Notes: this may be built on a well-established logging system
- Add some commits for code. Notes: This could be finished when you read the code.
- Improve performance, such as SQL query, cache, etc.
And other issues that may arise during the time.
- Golang (backend)
- Javascript + React (frontend)
- Casbin
Junjie Zhang, Casbin member, Yang Luo, Casbin founder
175 hour
Easy
Build a web UI dashboard/admin portal for Casbin & Casbin-Server.
It can:
- Manage models, adapters, enforcers. The adapter manager should handle different DBs.
- Model editor with a syntax and semantic validator.
- Policy editor, it should be able to handle 10,000+ more rules.
- A test page to make example request to Casbin and get response, like Postman. So users can test their model and policy.
- Authentication and authorization for the dashboard itself. Of course authorization will be implemented in Casbin (we proudly dogfood our own product :))
The current progress is: https://dashboard.casbin.com . Source code: https://github.com/casbin/casbin-dashboard. We want the student to continue the work.
- Golang (backend)
- Javascript + React + Ant Design (frontend)
- Casbin
Yang Luo, Casbin founder
175 hour
Easy
Casbin-CPP provides various models for advanced authorization solutions in C++. It currently supports all the major OS's including Windows, Linux and macOS.
casbin-cpp
has seen a major revamp to make the library as functional as its Golang counterparts.
This project uses CMake for building, packaging, and installation, and CTest for testing.
Apart from that, casbin-cpp
supports python bindings through pybind11
.
The current progress is: https://github.com/casbin/casbin-cpp
Here is a list of tasks we're looking forward to work on this summer on a priority basis:
- casbin-cpp#79: Developing authz middlewares for other C++ projects like Mosquitto.
- casbin-cpp#115: Developing authz middleware for Envoy proxy.
- casbin-cpp#100: Various features of Casbin-CPP can be used in Glewlwyd, a C++ based server. We need to investigate and try to integrate casbin-cpp into Glewlwyd.
- casbin-cpp#190: Unit testing and benchmarking for multithreaded workloads is in backlog and needs to be investigated thoroughly.
- C++
- Golang (only need to read code)
- CMake
- Python
Yash Pandey, Casbin member, Joey Xie, Casbin member, Yang Luo, Casbin founder
175 hour
Hard
jCasbin needs to be kept in sync with the features of casbin-golang at all times. For example, the special syntax of in
, the update of the role manager, etc.
At the same time, it is also necessary to maintain and integrate the unique ecology of Java, such as casbin-spring-boot-starter
and Play middleware
, etc.
Performance is also a point of great concern, so benchmark
needs to be done.
- More features support
- Reimplement the role manager: jcasbin#261
- Sync more features about "in" special grammar from Go-Casbin: special-grammer
- Make a default implementation of WatcherEx and migrate Watcher to WatcherEx : Default implementation of WatcherEx casbin#943
- Fix the bug about ClassCastException for Strings within grouping fucntions: ClassCastException for Strings within grouping fucntions jcasbin#254
- Continuous maintenance of the surrounding ecology
- Optimize casbin-spring-boot-starter and other middlewares dependencies. casbin-spring-boot-starter
- Provide more offical adapter/watcher like Golang: watchers
- Make a Play Framework middleware: Create a jCasbin authorization module for Play jcasbin#104
- Help solve issues for the 1st-party and 3rd-party middlewares.
- Benchmark and performance optimization
- Benchmarking jCasbin and the integrations with main middlewares.
- Find and resolve performance bottlenecks.
- Explore the alternative in large-scale scenarios
- Java
- Other languages that Casbin is written with
Yang Tang, Casbin member, Zhengjin Fang, Casbin member, Yang Luo, Casbin founder
175 hour
Medium
Casbin.NET v2 will release quickly. The new architecture provides excellent performance and flexible scalability and prepares for the addition of more imaginative and exciting features.
- Support more features:
- a. Feature Request: subjectPriority(https:// github.com/casbin/Casbin.NET/issues/238)
- b. Support "in" special grammar(casbin/Casbin.NET#198)
- c. Validate and compile matcher when loading model(casbin/Casbin.NET#228)
- d. Improve the unit test coverage(casbin/Casbin.NET#151)
- Enhance ecosystem:
- a. Support ASP.NET Core and Blazor (Enhance Casbin.AspNetCore)
- b. Provide Offical Redis adaptor/watcher.
- .NET/C#
- ASP.NET Core
Sagilio, Casbin member
175 hour
Medium
Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC. We hope to provide a comprehensive and powerful SDK to make .NET application integrate with it easily.
- Implement SDK:
- a. Implement Casdoor.Client to call Casdoor APIs easily.
- b. Implement Casdoor.AspNetCore to integrate ASP.NET Core with Casdoor.
- c. Implement Casdoor.Native to integrate WPF or Maui with Casdoor
- Implement Samples:
- a. Provide ASP.NET Core Web API, MVC and Blazor samples with the SDK.
- b. Provide WPF or Maui smaples with the SDK.
- .NET/C#
- ASP.NET Core
- WPF or Maui
Sagilio, Casbin member
175 hour
Medium
An authorization service based on OAuth 2.x and support centralized authentication / Single-Sign-On (SSO) integration. It can:
- Use Casbin.NET and Casbin.AspNetCore to authorizate.
- Provide Web APIs to manage users, roles and permissions.
- Support integrate OIDC authentication provider (Identity Server 4) and ASP.NET Identity to manage user and sgin in/out.
- Support be integrated to Dapr or Steeltoe as authentication/authorization provider.
The current progress is: https://github.com/casbin-net/casbin-sam. We want the student to continue the work.
- .NET/C#
- Casbin.NET and Casbin.AspNetCore
- Dapr or Steeltoe
Sagilio, Casbin member, Yang Luo, Casbin founder
175 hour
Medium
Currently, Casbin has limited adaptability in the cloud-native field. We hope to use kubebuilder 3.x to refact the k8s-authz and provide CRD based model and policy management. Enhance model parse to compatible with k8s better.
- Refact k8s-authz
- a. Porvide predefined
r
orp
tokens and custom function for k8s. - b. Provide CRD based model and policy management.
- c. Provide Client and helm integration.
- d. Make kubesphere-athz compatible with the new k8s-authz.
- e. Improve test coverage for the new k8s-authz and envoy-authz.
- Enhance ecosystem:
- a. Implement Casbin middleware for Dapr
- b. Explore more usage scenarios on Cloud Native.
- Golang
- K8s (kubebuilder) and Cloud Native
- Service Mesh and Dapr
Sagilio, Casbin member, Ashish, Casbin member, Yang Luo, Casbin founder
350 hour
Hard
With Casbin community's effort, the Rust version of Casbin is now mature and ready for production. Casbin-RS can provide access control with blazing fast speed.
There are something need to be implemented,from easy to hard:
- Embrace Rust 2021 edition [Easy]
- Complete the migration from edition 2018 to edition 2021.
- Clean up stale and meaningless dependencies and make clippy happy.
Note This work will help you get familiar with the Rust toolchain and the existing work of Casbin-RS, so please complete it for at least two repos.
- Continuous maintenance of the surrounding ecology [Medium]
- Implement a middleware for Poem with examples.
- An article introducing how to use casbin-rs with poem.
- Participate in the maintenance of at least one other repo, such as sqlx-adapter or casbin-grpc.
Note This work will help you understand the mechanics of casbin's operation. In addition, we hope you can present your works, which will become an important milestone for you in the casbin community.
- Explore casbin-rs in real-world/distributed applications [Hard]
- You can choose to:
- Implement a real-world application with casbin-rs, Or
- Implementing openraft-based distributed casbin clusters/plugins.
- An article that describes your current work.
Note Go beyond the existing casbin-rs projects, this is a job that is completely led by you. casbin-grpc and casbin-raft are the results of some previous explorations.
- Rust
- Other languages that Casbin is written with
Chojan Shang, Casbin member, Yisheng Chai, Casbin member, Cheng JIANG, Casbin member, Yang Luo, Casbin founder
175 hour
Hard
Improving the user experience of Node-Casbin will be our focus.
Some issues to work on:
-
Sync GetImplicitResourcesForUser method(casbin/node-casbin#344)
-
Sync UpdateGroupingPolicy and UpdateNamedGroupingPolicy method(casbin/node-casbin#324)
-
Improve built-in method of matcher(casbin/node-casbin#332)
-
Scaling Access Control Lists for multi-million users(casbin/node-casbin#147)
-
Sequelize v6 compatibility: addPolicies & removePolicies problem(casbin/node-casbin#207)
- JavaScript (Node.js/TypeScript)
- Other languages that Casbin is written with
Zixuan Liu, Casbin member
175 hour
Medium
Casbin Hub is similar to Docker Hub website, which is mainly used to share and discuss the model and policy of Casbin.
We need to implement the following features:
-
Support anyone to share the model and policy of Casbin. Sharers must describe the scenario that this model applies, and mark the classification, like so: Frontend, Backend, Cloud, Message System, and so on. Users can discuss shared content.
-
Integrate the Casbin-Online-Editor is used to test or debug the model and policy shared by users.
- Golang (Backend)
- React (Frontend)
- Casbin
Zixuan Liu, Casbin member, Yang Luo, Casbin founder
175 hour
Medium
PHP-Casbin An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
- Add
AddPermissionsForUser
API. - Add cache for
g
function, refer to: https://github.com/casbin/casbin/blob/master/util/builtin_operators.go#L333. - Integrate laravel's Gates in Laravel-Authz.
- Implementation of WatcherEx, basic Watcher: Swoole Redis watcher Workerman Redis watcher.
- Implement propel-adapter, Propel is a highly customizable and blazing fast ORM library for PHP.
- Consistent with the functionality of Casbin Core Engine (Golang).
- Bug fixes in issues, improve some extensions.
- PHP
- Casbin
Jon Lee, Casbin member
350 hour
Medium
- At present, compared to Casbin for Golang,
Pycasbin
is not very perfect, especially the lack of RBAC API, so we hope thatPycasbin
can fully implement the function of Casbin (Go). PyCasbin
's adaptation to various frameworks, such asDjango
,Tornado
, etc.
Pycasbin organization: https://github.com/pycasbin
- Implement redis-adapter.
- Implement etcd-adapter.
- Improve performance for
enforce()
. - Complete implementation of PyCasbin-on-CPP.
- Reimplement the implementation of Pycasbin in
Django
, introduce Django'sMiddleware
,Caching
,Logging
, and integrate the Django authentication system, and existing plugins: django-casbin django-orm-adapter.
Some issues to work on: https://github.com/casbin/pycasbin/issues
- Python
- Other languages that Casbin is written with
Jon Lee, Casbin member
350 hour
Medium
Quite a lot of users want to use Casbin to control web frontend UI elements, like:
- Some tabs are only visible to admin users.
- Some buttons should be grayed-out for users with no permission to click them.
- A list can only show filtered items based on a user's permission rights.
Over time we have made node-casbin a cross-platform Javascript permission control library and have called the new library casbin.js. The next step is to refactor node-casbin to a casbin.js-based wrapper. Another possible idea is create a browser-casbin
for front-end developers with front-end friendly api.
The current progress is: https://github.com/casbin/casbin.js
Currently, we still lack the middlewares for Angular, React and Vue. These new JS frameworks are very popular and making middlewares for them will boost our usage from their population.
- Sync progress with node-casbin
- Update vue-authz and react-authz to new casbin.js.
- Refactor node-casbin to casbin.js wrapper.
- Typescript
- Node-Casbin
- Vue or React development experience
- At least one backend language like Golang
Xinyu Zhou, Casbin member, Yang Luo, Casbin founder
350 hour
Hard
Port Golang Casbin into Lua. We call it lua-casbin
. It should work on the Nginx + OpenResty stack. Most of Casbin's functionalities (for example 90%) should work.
Nginx is now the most popular HTTP server in the world. OpenResty is a web platform based on Nginx which can run Lua scripts using its LuaJIT engine. Nginx + OpenResty are usually used in edge computing and authorization is a real need for its scenario. Lua-Casbin will help Nginx and OpenResty users on checking permissions of the coming HTTP request.
The current progress is: https://github.com/casbin/lua-casbin
- Implementation of
Watcher
,Watcher
ensures policy consistency in multiple Casbin instances. - Add cache for
g
function, refer to: https://github.com/casbin/casbin/blob/master/util/builtin_operators.go#L333. - Add
AddPermissionsForUser
API. - Add LoadPolicyArray() to load policy from array
- Improve performance for
enforce()
. - Implement the built-in function
keyMatch5
. - Fixes and refinements to lua-casbin's extensions.
- Nginx
- OpenResty
- Lua
- Golang (only need to read code)
Jon Lee, Casbin member, Yang Luo, Casbin founder
175 hour
Medium
Port Casbin to Dart, little progress has been made in the project so it's excellent for jumping in early.
The current progress is: https://github.com/casbin/dart-casbin
You will be responsible for the design and making of the Dart port with the help of the mentor, most of Casbin's functionalities should work.
- Dart
- Other languages that Casbin is written with.
Tomás Arias, Casbin member
175 hour
Medium
We already have a Swift version Casbin called SwiftCasbin. It already works on all primary OSs, like Windows, Linux, macOS,iOS,tvOS,watchOS. Most of Casbin's functionalities (for example 90%) should work.
The current progress is: https://github.com/casbin/SwiftCasbin
There are still many bugs and missing features in SwiftCasbin. Moreover, we also need to make authz middlewares for any Swift projects:
- Server-Side like Vapor and adapters for DB.
- A frontend developer friendly API for UI frameworks like UIKit,SwiftUI.
- Swift
- Golang (only need to read code)
- ios UIkit SwiftUI
Xiaobei, Casbin member, Yang Luo, Casbin founder
175 hour
Medium
Last summer, we started a new project called Casbin-Mesh which allows us to deploy the Casbin to many nodes using the raft consensus algorithm to handle rapidly increasing data, which raises the throughout of read-only transactions.
The current progress is: https://github.com/casbin/casbin-mesh
However, there are still many works that need to be done.
- The bottleneck of memory data structure
- Reconstruction the memory data model
- We are going to use the buffer pool manager handling very large data that over then RAM
- Avoiding full-table scanning
- Indexes
- Create indexes for all policies
- Use Indexes to avoid full-table scanning
- Basic query optimization
- Transaction Implementations
- Golang
- At least you need to be familiar with the basic concepts of the query optimization, indexing (hash index, B+ tree index), multi-version concurrency control.
- (preferred) Had taken database lectures (Such as CMU 15-445 etc.)
WenyXu, Casbin member, Yang Luo, Casbin founder
350 hour
Hard