c4dt · ineiti · Nov 24, 2023 · Nov 24, 2023
diff --git a/scripts/run_local.sh b/scripts/run_local.sh
@@ -183,7 +183,7 @@ clean)
   kill_nodes
   kill_backend
   kill_db
-  rm -f bin/*
+  rm -rf bin nodes
   exit
   ;;
 

diff --git a/web/backend/src/authManager.ts b/web/backend/src/authManager.ts
@@ -29,22 +29,21 @@ the connection string has the following format:
 postgres://username:password@host:port/database
 the migrate option is used to create the tables if they don't exist, we set it to false because we create the tables manually
 */
-async function initEnforcer() {
-  const dbAdapter = await SequelizeAdapter.newAdapter({
-    dialect: 'postgres',
-    host: process.env.DATABASE_HOST,
-    port: parseInt(process.env.DATABASE_PORT || '5432', 10),
-    username: process.env.DATABASE_USERNAME,
-    password: process.env.DATABASE_PASSWORD,
-    database: 'casbin',
-  });
-  return newEnforcer('src/model.conf', dbAdapter);
+export async function initEnforcer(): Promise<Enforcer> {
+  if (authEnforcer === undefined) {
+    const dbAdapter = await SequelizeAdapter.newAdapter({
+      dialect: 'postgres',
+      host: process.env.DATABASE_HOST,
+      port: parseInt(process.env.DATABASE_PORT || '5432', 10),
+      username: process.env.DATABASE_USERNAME,
+      password: process.env.DATABASE_PASSWORD,
+      database: 'casbin',
+    });
+    authEnforcer = await newEnforcer('src/model.conf', dbAdapter);
+  }
+  return authEnforcer;
 }
 
-Promise.all([initEnforcer()]).then((createdEnforcer) => {
-  [authEnforcer] = createdEnforcer;
-});
-
 export function isAuthorized(sciper: number | undefined, subject: string, action: string): boolean {
   return authEnforcer.enforceSync(sciper, subject, action);
 }

diff --git a/web/backend/src/cli.ts b/web/backend/src/cli.ts
@@ -8,27 +8,12 @@ Backend CLI, currently providing 3 commands for user management:
 */
 
 import { Command, InvalidArgumentError } from 'commander';
-import { SequelizeAdapter } from 'casbin-sequelize-adapter';
-import { newEnforcer } from 'casbin';
 import { curve } from '@dedis/kyber';
 import * as fs from 'fs';
-import { PERMISSIONS, readSCIPER } from './authManager';
+import { PERMISSIONS, readSCIPER, initEnforcer } from './authManager';
 
 const program = new Command();
 
-async function initEnforcer() {
-  const dbAdapter = await SequelizeAdapter.newAdapter({
-    dialect: 'postgres',
-    host: process.env.DATABASE_HOST,
-    port: parseInt(process.env.DATABASE_PORT || '5432', 10),
-    username: process.env.DATABASE_USERNAME,
-    password: process.env.DATABASE_PASSWORD,
-    database: 'casbin',
-  });
-
-  return newEnforcer('src/model.conf', dbAdapter);
-}
-
 program
   .command('addAdmin')
   .description('Given a SCIPER number, the owner would gain full admin permissions')

diff --git a/web/backend/src/controllers/authentication.ts b/web/backend/src/controllers/authentication.ts
@@ -1,10 +1,12 @@
 import express from 'express';
 import axios, { AxiosError } from 'axios';
 import { sciper2sess } from '../session';
-import { getUserPermissions, readSCIPER, setMapAuthorization } from '../authManager';
+import { initEnforcer, getUserPermissions, readSCIPER, setMapAuthorization } from '../authManager';
 
 export const authenticationRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 authenticationRouter.get('/get_dev_login/:userId', (req, res) => {
   if (process.env.REACT_APP_DEV_LOGIN !== 'true') {
     const err = `/get_dev_login can only be called with REACT_APP_DEV_LOGIN===true: ${process.env.REACT_APP_DEV_LOGIN}`;

diff --git a/web/backend/src/controllers/dela.ts b/web/backend/src/controllers/dela.ts
@@ -5,13 +5,16 @@ import axios, { AxiosError, Method } from 'axios';
 import xss from 'xss';
 import {
   assignUserPermissionToOwnElection,
+  initEnforcer,
   isAuthorized,
   PERMISSIONS,
   revokeUserPermissionToOwnElection,
 } from '../authManager';
 
 export const delaRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 // get payload creates a payload with a signature on it
 function getPayload(dataStr: string) {
   let dataStrB64 = Buffer.from(dataStr).toString('base64url');

diff --git a/web/backend/src/controllers/proxies.ts b/web/backend/src/controllers/proxies.ts
@@ -1,9 +1,11 @@
 import express from 'express';
 import lmdb from 'lmdb';
-import { isAuthorized, PERMISSIONS } from '../authManager';
+import { initEnforcer, isAuthorized, PERMISSIONS } from '../authManager';
 
 export const proxiesRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 const proxiesDB = lmdb.open<string, string>({ path: `${process.env.DB_PATH}proxies` });
 proxiesRouter.post('', (req, res) => {
   if (!isAuthorized(req.session.userId, PERMISSIONS.SUBJECTS.PROXIES, PERMISSIONS.ACTIONS.POST)) {

diff --git a/web/backend/src/controllers/users.ts b/web/backend/src/controllers/users.ts
@@ -1,9 +1,11 @@
 import express from 'express';
 
-import { addPolicy, isAuthorized, PERMISSIONS } from '../authManager';
+import { addPolicy, initEnforcer, isAuthorized, PERMISSIONS } from '../authManager';
 
 export const usersRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 // This call allows a user that is admin to get the list of the people that have
 // a special role (not a voter).
 usersRouter.get('/user_rights', (req, res) => {