From 4434db3254e3fb233a51ea10cf940c5cfadf6c80 Mon Sep 17 00:00:00 2001
From: Linus Gasser <linus.gasser@epfl.ch>
Date: Fri, 24 Nov 2023 09:27:22 +0100
Subject: [PATCH] Correctly create new keys

The new keys couldn't be created when the backend was not running.
Fixed it by calling the backend only when necessary.
---
 scripts/run_local.sh                          |  2 +-
 web/backend/src/authManager.ts                | 27 +++++++++----------
 web/backend/src/cli.ts                        | 17 +-----------
 web/backend/src/controllers/authentication.ts |  4 ++-
 web/backend/src/controllers/dela.ts           |  3 +++
 web/backend/src/controllers/proxies.ts        |  4 ++-
 web/backend/src/controllers/users.ts          |  4 ++-
 7 files changed, 27 insertions(+), 34 deletions(-)

diff --git a/scripts/run_local.sh b/scripts/run_local.sh
index 98c59cc8b..7c09687f1 100755
--- a/scripts/run_local.sh
+++ b/scripts/run_local.sh
@@ -183,7 +183,7 @@ clean)
   kill_nodes
   kill_backend
   kill_db
-  rm -f bin/*
+  rm -rf bin nodes
   exit
   ;;
 
diff --git a/web/backend/src/authManager.ts b/web/backend/src/authManager.ts
index 9593ce9f1..0c7fc2e88 100644
--- a/web/backend/src/authManager.ts
+++ b/web/backend/src/authManager.ts
@@ -29,22 +29,21 @@ the connection string has the following format:
 postgres://username:password@host:port/database
 the migrate option is used to create the tables if they don't exist, we set it to false because we create the tables manually
 */
-async function initEnforcer() {
-  const dbAdapter = await SequelizeAdapter.newAdapter({
-    dialect: 'postgres',
-    host: process.env.DATABASE_HOST,
-    port: parseInt(process.env.DATABASE_PORT || '5432', 10),
-    username: process.env.DATABASE_USERNAME,
-    password: process.env.DATABASE_PASSWORD,
-    database: 'casbin',
-  });
-  return newEnforcer('src/model.conf', dbAdapter);
+export async function initEnforcer(): Promise<Enforcer> {
+  if (authEnforcer === undefined) {
+    const dbAdapter = await SequelizeAdapter.newAdapter({
+      dialect: 'postgres',
+      host: process.env.DATABASE_HOST,
+      port: parseInt(process.env.DATABASE_PORT || '5432', 10),
+      username: process.env.DATABASE_USERNAME,
+      password: process.env.DATABASE_PASSWORD,
+      database: 'casbin',
+    });
+    authEnforcer = await newEnforcer('src/model.conf', dbAdapter);
+  }
+  return authEnforcer;
 }
 
-Promise.all([initEnforcer()]).then((createdEnforcer) => {
-  [authEnforcer] = createdEnforcer;
-});
-
 export function isAuthorized(sciper: number | undefined, subject: string, action: string): boolean {
   return authEnforcer.enforceSync(sciper, subject, action);
 }
diff --git a/web/backend/src/cli.ts b/web/backend/src/cli.ts
index e8a740174..cabda56e6 100755
--- a/web/backend/src/cli.ts
+++ b/web/backend/src/cli.ts
@@ -8,27 +8,12 @@ Backend CLI, currently providing 3 commands for user management:
 */
 
 import { Command, InvalidArgumentError } from 'commander';
-import { SequelizeAdapter } from 'casbin-sequelize-adapter';
-import { newEnforcer } from 'casbin';
 import { curve } from '@dedis/kyber';
 import * as fs from 'fs';
-import { PERMISSIONS, readSCIPER } from './authManager';
+import { PERMISSIONS, readSCIPER, initEnforcer } from './authManager';
 
 const program = new Command();
 
-async function initEnforcer() {
-  const dbAdapter = await SequelizeAdapter.newAdapter({
-    dialect: 'postgres',
-    host: process.env.DATABASE_HOST,
-    port: parseInt(process.env.DATABASE_PORT || '5432', 10),
-    username: process.env.DATABASE_USERNAME,
-    password: process.env.DATABASE_PASSWORD,
-    database: 'casbin',
-  });
-
-  return newEnforcer('src/model.conf', dbAdapter);
-}
-
 program
   .command('addAdmin')
   .description('Given a SCIPER number, the owner would gain full admin permissions')
diff --git a/web/backend/src/controllers/authentication.ts b/web/backend/src/controllers/authentication.ts
index 0ba1c36a4..87ecf669b 100644
--- a/web/backend/src/controllers/authentication.ts
+++ b/web/backend/src/controllers/authentication.ts
@@ -1,10 +1,12 @@
 import express from 'express';
 import axios, { AxiosError } from 'axios';
 import { sciper2sess } from '../session';
-import { getUserPermissions, readSCIPER, setMapAuthorization } from '../authManager';
+import { initEnforcer, getUserPermissions, readSCIPER, setMapAuthorization } from '../authManager';
 
 export const authenticationRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 authenticationRouter.get('/get_dev_login/:userId', (req, res) => {
   if (process.env.REACT_APP_DEV_LOGIN !== 'true') {
     const err = `/get_dev_login can only be called with REACT_APP_DEV_LOGIN===true: ${process.env.REACT_APP_DEV_LOGIN}`;
diff --git a/web/backend/src/controllers/dela.ts b/web/backend/src/controllers/dela.ts
index 10c35e11c..8c725f9fc 100644
--- a/web/backend/src/controllers/dela.ts
+++ b/web/backend/src/controllers/dela.ts
@@ -5,6 +5,7 @@ import axios, { AxiosError, Method } from 'axios';
 import xss from 'xss';
 import {
   assignUserPermissionToOwnElection,
+  initEnforcer,
   isAuthorized,
   PERMISSIONS,
   revokeUserPermissionToOwnElection,
@@ -12,6 +13,8 @@ import {
 
 export const delaRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 // get payload creates a payload with a signature on it
 function getPayload(dataStr: string) {
   let dataStrB64 = Buffer.from(dataStr).toString('base64url');
diff --git a/web/backend/src/controllers/proxies.ts b/web/backend/src/controllers/proxies.ts
index 38e02247c..ea45a780a 100644
--- a/web/backend/src/controllers/proxies.ts
+++ b/web/backend/src/controllers/proxies.ts
@@ -1,9 +1,11 @@
 import express from 'express';
 import lmdb from 'lmdb';
-import { isAuthorized, PERMISSIONS } from '../authManager';
+import { initEnforcer, isAuthorized, PERMISSIONS } from '../authManager';
 
 export const proxiesRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 const proxiesDB = lmdb.open<string, string>({ path: `${process.env.DB_PATH}proxies` });
 proxiesRouter.post('', (req, res) => {
   if (!isAuthorized(req.session.userId, PERMISSIONS.SUBJECTS.PROXIES, PERMISSIONS.ACTIONS.POST)) {
diff --git a/web/backend/src/controllers/users.ts b/web/backend/src/controllers/users.ts
index 201fa039c..f5239df05 100644
--- a/web/backend/src/controllers/users.ts
+++ b/web/backend/src/controllers/users.ts
@@ -1,9 +1,11 @@
 import express from 'express';
 
-import { addPolicy, isAuthorized, PERMISSIONS } from '../authManager';
+import { addPolicy, initEnforcer, isAuthorized, PERMISSIONS } from '../authManager';
 
 export const usersRouter = express.Router();
 
+initEnforcer().catch((e) => console.error(`Couldn't initialize enforcerer: ${e}`));
+
 // This call allows a user that is admin to get the list of the people that have
 // a special role (not a voter).
 usersRouter.get('/user_rights', (req, res) => {