Skip to content

Commit

Permalink
feat: bump authup & implement async policy & permission evaluation (#807
Browse files Browse the repository at this point in the history 
)

* feat: bump authup & implement async policy & permission evaluation

* chore: reset lock file

* chore: bump nx to v20.x

* chore: reset lock file

* style: fix linting issues
  • Loading branch information
@tada5hi
tada5hi authored Oct 7, 2024
1 parent 596fd42 commit d065562
Show file tree
Hide file tree
Showing 98 changed files with 4,808 additions and 2,630 deletions.
6,217 changes: 4,140 additions & 2,077 deletions package-lock.json
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"husky": "^9.1.4",
"jest": "^29.7.0",
"jest-serial-runner": "^1.2.0",
"nx": "^19.8.2",
"nx": "^20.0.0",
"rimraf": "^6.0.1",
"rollup": "^4.24.0",
"ts-jest": "^29.2.5",
Expand Down
6 changes: 3 additions & 3 deletions packages/client-ui/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@
"typecheck": "nuxi typecheck"
},
"devDependencies": {
"@authup/client-web-kit": "^1.0.0-beta.19",
"@authup/core-http-kit": "^1.0.0-beta.19",
"@authup/core-kit": "^1.0.0-beta.19",
"@authup/client-web-kit": "^1.0.0-beta.20",
"@authup/core-http-kit": "^1.0.0-beta.20",
"@authup/core-kit": "^1.0.0-beta.20",
"@ilingo/vuelidate": "^5.0.3",
"@fortawesome/fontawesome-free": "^6.6.0",
"@nuxtjs/google-fonts": "^3.2.0",
Expand Down
20 changes: 10 additions & 10 deletions packages/client-vue/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@
},
"homepage": "https://github.com/PrivateAim/hub#readme",
"devDependencies": {
"@authup/client-web-kit": "^1.0.0-beta.19",
"@authup/core-kit": "^1.0.0-beta.19",
"@authup/core-http-kit": "^1.0.0-beta.19",
"@authup/core-realtime-kit": "^1.0.0-beta.19",
"@authup/kit": "^1.0.0-beta.18",
"@authup/client-web-kit": "^1.0.0-beta.20",
"@authup/core-kit": "^1.0.0-beta.20",
"@authup/core-http-kit": "^1.0.0-beta.20",
"@authup/core-realtime-kit": "^1.0.0-beta.20",
"@authup/kit": "^1.0.0-beta.20",
"@ilingo/vuelidate": "^5.0.3",
"@privateaim/core-kit": "^0.8.3",
"@privateaim/kit": "^0.8.3",
Expand All @@ -72,11 +72,11 @@
"vue3-form-wizard": "^0.2.4"
},
"peerDependencies": {
"@authup/client-web-kit": "^1.0.0-beta.12",
"@authup/core-kit": "^1.0.0-beta.12",
"@authup/core-http-kit": "^1.0.0-beta.12",
"@authup/core-realtime-kit": "^1.0.0-beta.13",
"@authup/kit": "^1.0.0-beta.12",
"@authup/client-web-kit": "^1.0.0-beta.20",
"@authup/core-kit": "^1.0.0-beta.20",
"@authup/core-http-kit": "^1.0.0-beta.20",
"@authup/core-realtime-kit": "^1.0.0-beta.20",
"@authup/kit": "^1.0.0-beta.20",
"@ilingo/vuelidate": "^5.0.3",
"@privateaim/core-kit": "^0.8.3",
"@privateaim/storage-kit": "^0.8.3",
Expand Down
4 changes: 2 additions & 2 deletions packages/core-http-kit/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@
"build-watch": "rimraf ./dist && tsc -p tsconfig.build.json --watch"
},
"devDependencies": {
"@authup/kit": "^1.0.0-beta.19",
"@authup/kit": "^1.0.0-beta.20",
"@privateaim/core-kit": "^0.8.3",
"hapic": "^2.5.1",
"rapiq": "^0.9.0"
},
"peerDependencies": {
"@authup/kit": "^1.0.0-beta.19",
"@authup/kit": "^1.0.0-beta.20",
"@privateaim/core-kit": "^0.8.3",
"hapic": "^2.5.1",
"rapiq": "^0.9.0"
Expand Down
4 changes: 2 additions & 2 deletions packages/core-kit/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@
"build-watch": "rimraf ./dist && tsc -p tsconfig.build.json --watch"
},
"devDependencies": {
"@authup/core-kit": "^1.0.0-beta.19",
"@authup/core-kit": "^1.0.0-beta.20",
"@privateaim/kit": "^0.8.3"
},
"peerDependencies": {
"@authup/core-kit": "^1.0.0-beta.19",
"@authup/core-kit": "^1.0.0-beta.20",
"@privateaim/kit": "^0.8.3"
},
"gitHead": "5d3b6f4ce1edf2383bdfbf66e913a08c8a3a2e40",
Expand Down
4 changes: 2 additions & 2 deletions packages/kit/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@
"build-watch": "rimraf ./dist && tsc -p tsconfig.build.json --watch"
},
"devDependencies": {
"@authup/core-kit": "^1.0.0-beta.19"
"@authup/core-kit": "^1.0.0-beta.20"
},
"peerDependencies": {
"@authup/core-kit": "^1.0.0-beta.19"
"@authup/core-kit": "^1.0.0-beta.20"
},
"dependencies": {
"nanoid": "^3.3.4"
Expand Down
4 changes: 2 additions & 2 deletions packages/server-analysis-manager/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"test:coverage": "npm run test -- --coverage"
},
"dependencies": {
"@authup/core-http-kit": "^1.0.0-beta.19",
"@authup/core-http-kit": "^1.0.0-beta.20",
"@ebec/http": "^2.3.0",
"@hapic/harbor": "^2.4.0",
"@privateaim/core-kit": "^0.8.3",
Expand All @@ -39,7 +39,7 @@
"hapic": "^2.5.1",
"routup": "^4.0.1",
"rapiq": "^0.9.0",
"redis-extension": "^1.5.0",
"redis-extension": "^2.0.0",
"singa": "^1.0.0",
"tar": "^7.4.3",
"tar-fs": "^3.0.6",
Expand Down
6 changes: 3 additions & 3 deletions packages/server-core-realtime/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
"license": "Apache-2.0",
"description": "This package contains the realtime application which connects the API with socket based clients.",
"dependencies": {
"@authup/kit": "^1.0.0-beta.19",
"@authup/core-kit": "^1.0.0-beta.19",
"@authup/kit": "^1.0.0-beta.20",
"@authup/core-kit": "^1.0.0-beta.20",
"@ebec/http": "^2.3.0",
"@privateaim/kit": "^0.8.3",
"@privateaim/core-kit": "^0.8.3",
Expand All @@ -24,7 +24,7 @@
"dotenv": "^16.4.5",
"envix": "^1.3.0",
"hapic": "^2.5.1",
"redis-extension": "^1.5.0",
"redis-extension": "^2.0.0",
"routup": "^4.0.1",
"socket.io": "^4.8.0"
},
Expand Down
8 changes: 7 additions & 1 deletion packages/server-core-realtime/src/socket/controllers/analysis-file/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,13 @@ export function registerAnalysisFileSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.ANALYSIS_BUCKET_FILE, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (!socket.data.abilities.has(PermissionName.ANALYSIS_UPDATE)) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.ANALYSIS_UPDATE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
8 changes: 7 additions & 1 deletion packages/server-core-realtime/src/socket/controllers/analysis-log/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,13 @@ export function registerAnalysisLogSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.ANALYSIS_LOG, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (!socket.data.abilities.has(PermissionName.ANALYSIS_UPDATE)) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.ANALYSIS_UPDATE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
28 changes: 21 additions & 7 deletions packages/server-core-realtime/src/socket/controllers/analysis-node/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,13 @@ export function registerAnalysisNodeSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.ANALYSIS_NODE, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.ANALYSIS_APPROVE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.ANALYSIS_APPROVE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down Expand Up @@ -67,9 +71,13 @@ export function registerAnalysisNodeForRealmSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainSubType.ANALYSIS_NODE_IN, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.ANALYSIS_APPROVE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.ANALYSIS_APPROVE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down Expand Up @@ -97,7 +105,13 @@ export function registerAnalysisNodeForRealmSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainSubType.ANALYSIS_NODE_OUT, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (!socket.data.abilities.has(PermissionName.ANALYSIS_UPDATE)) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.ANALYSIS_UPDATE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
14 changes: 9 additions & 5 deletions packages/server-core-realtime/src/socket/controllers/analysis/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,15 @@ export function registerAnalysisSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.ANALYSIS, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.ANALYSIS_UPDATE) &&
!socket.data.abilities.has(PermissionName.ANALYSIS_EXECUTION_START) &&
!socket.data.abilities.has(PermissionName.ANALYSIS_EXECUTION_STOP)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.ANALYSIS_UPDATE,
PermissionName.ANALYSIS_EXECUTION_START,
PermissionName.ANALYSIS_EXECUTION_STOP,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
10 changes: 7 additions & 3 deletions packages/server-core-realtime/src/socket/controllers/node/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,13 @@ export function registerNodeSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.NODE, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.NODE_UPDATE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.NODE_UPDATE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
30 changes: 21 additions & 9 deletions packages/server-core-realtime/src/socket/controllers/project-node/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,13 @@ export function registerProjectNodeSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.PROJECT_NODE, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.PROJECT_APPROVE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.PROJECT_APPROVE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down Expand Up @@ -67,9 +71,13 @@ export function registerProjectNodeForRealmSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainSubType.PROJECT_NODE_IN, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.PROJECT_APPROVE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.PROJECT_APPROVE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down Expand Up @@ -103,9 +111,13 @@ export function registerProjectNodeForRealmSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainSubType.PROJECT_NODE_OUT, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.PROJECT_UPDATE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.PROJECT_UPDATE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
12 changes: 8 additions & 4 deletions packages/server-core-realtime/src/socket/controllers/project/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,14 @@ export function registerProjectSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.PROJECT, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.PROJECT_DELETE) &&
!socket.data.abilities.has(PermissionName.PROJECT_UPDATE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.PROJECT_DELETE,
PermissionName.PROJECT_UPDATE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
11 changes: 8 additions & 3 deletions packages/server-core-realtime/src/socket/controllers/registry-project/handlers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,14 @@ export function registerRegistryProjectSocketHandlers(socket: Socket) {
socket.on(
buildDomainEventSubscriptionFullName(DomainType.REGISTRY_PROJECT, DomainEventSubscriptionName.SUBSCRIBE),
async (target, cb) => {
if (
!socket.data.abilities.has(PermissionName.REGISTRY_MANAGE)
) {
try {
await socket.data.permissionChecker.preCheckOneOf({
name: [
PermissionName.REGISTRY_MANAGE,
PermissionName.REGISTRY_PROJECT_MANAGE,
],
});
} catch (e) {
if (isEventCallback(cb)) {
cb(new UnauthorizedError());
}
Expand Down
8 changes: 4 additions & 4 deletions packages/server-core/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@
"description": "This package contains the server core service.",
"main": "./dist/cli/index.js",
"dependencies": {
"@authup/kit": "^1.0.0-beta.19",
"@authup/core-kit": "^1.0.0-beta.19",
"@authup/core-http-kit": "^1.0.0-beta.19",
"@authup/server-core-plugin-http": "^1.0.0-beta.19",
"@authup/kit": "^1.0.0-beta.20",
"@authup/core-kit": "^1.0.0-beta.20",
"@authup/core-http-kit": "^1.0.0-beta.20",
"@authup/server-adapter-http": "^1.0.0-beta.20",
"@ebec/http": "^2.3.0",
"@hapic/harbor": "^2.4.0",
"@hapic/vault": "^2.3.4",
Expand Down
19 changes: 19 additions & 0 deletions packages/server-core/src/http/controllers/core/analysis-bucket-file/handlers/create.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { BadRequestError } from '@ebec/http';
import {
AnalysisBucketType, AnalysisBuildStatus, AnalysisRunStatus,
} from '@privateaim/core-kit';
import { useRequestIdentityOrFail } from '@privateaim/server-http-kit';
import type { Request, Response } from 'routup';
import { sendCreated } from 'routup';
import { useDataSource } from 'typeorm-extension';
Expand All @@ -16,10 +17,28 @@ import { runAnalysisFileValidation } from '../utils';

export async function createAnalysisBucketFileRouteHandler(req: Request, res: Response) : Promise<any> {
const result = await runAnalysisFileValidation(req, 'create');
result.data.analysis_id = result.relation.bucket.analysis_id;

const dataSource = await useDataSource();
const repository = dataSource.getRepository(AnalysisBucketFileEntity);

const identity = useRequestIdentityOrFail(req);
result.data.realm_id = identity.realmId;

switch (identity.type) {
case 'user': {
result.data.user_id = identity.id;
break;
}
case 'robot': {
result.data.robot_id = identity.id;
break;
}
default: {
throw new BadRequestError('Only user-/robot-accounts are permitted.');
}
}

let entity = repository.create(result.data);

if (
Expand Down
Loading

0 comments on commit d065562

Please sign in to comment.