feat(server): apply evaluator to router, pass profile name to context

Author: oscar60310

labs/playground1/profile.yaml

@@ -4,3 +4,4 @@
     persistent-path: ./test-data/moma.db
     log-queries: true
     log-parameters: true
+  allow: '*'

packages/build/src/lib/schema-parser/middleware/checkProfile.ts

@@ -14,19 +14,25 @@ export class CheckProfile extends SchemaParserMiddleware {
   }
 
   public async handle(schemas: RawAPISchema, next: () => Promise<void>) {
+    if (!schemas.profiles && schemas.profile) {
+      schemas.profiles = [schemas.profile];
+    }
+
     await next();
     const transformedSchemas = schemas as APISchema;
-    if (!transformedSchemas.profile)
+    if (!transformedSchemas.profiles)
       throw new Error(
         `The profile of schema ${transformedSchemas.urlPath} is not defined`
       );
 
-    try {
-      this.dataSourceFactory(transformedSchemas.profile);
-    } catch (e: any) {
-      throw new Error(
-        `The profile of schema ${transformedSchemas.urlPath} is invalid: ${e?.message}`
-      );
+    for (const profile of transformedSchemas.profiles) {
+      try {
+        this.dataSourceFactory(profile);
+      } catch (e: any) {
+        throw new Error(
+          `The profile ${profile} of schema ${transformedSchemas.urlPath} is invalid: ${e?.message}`
+        );
+      }
     }
   }
 }

packages/build/src/lib/schema-parser/middleware/middleware.ts

@@ -24,6 +24,7 @@ export interface RawAPISchema
   request?: DeepPartial<RawRequestParameter[]>;
   response?: DeepPartial<RawResponseProperty[]>;
   metadata?: Record<string, any>;
+  profile?: string;
 }
 
 @injectable()

packages/build/test/schema-parser/middleware/checkProfile.spec.ts

@@ -26,7 +26,7 @@ it('Should throw error when the profile is invalid', async () => {
   await expect(
     checkProfile.handle(schema, async () => Promise.resolve())
   ).rejects.toThrow(
-    `The profile of schema /user is invalid: profile not found`
+    `The profile profile1 of schema /user is invalid: profile not found`
   );
 });
 

packages/core/src/lib/template-engine/nunjucksExecutionMetadata.ts

@@ -32,6 +32,7 @@ export class NunjucksExecutionMetadata {
       context: {
         params: this.parameters,
         user: this.userInfo,
+        profile: this.profileName,
       },
       [ReservedContextKeys.CurrentProfileName]: this.profileName,
     };

packages/core/src/models/artifact.ts

@@ -91,7 +91,7 @@ export interface APISchema {
   // If not set pagination, then API request not provide the field to do it
   pagination?: PaginationSchema;
   sample?: Sample;
-  profile: string;
+  profiles: Array<string>;
 }
 
 export interface BuiltArtifact {

packages/integration-testing/src/example1/profile.yaml

@@ -1,2 +1,3 @@
 - name: pg-mem
   type: pg-mem
+  allow: '*'

packages/serve/src/containers/container.ts

@@ -3,6 +3,7 @@ import { Container as CoreContainer } from '@vulcan-sql/core';
 import {
   applicationModule,
   documentRouterModule,
+  evaluationModule,
   extensionModule,
   routeGeneratorModule,
 } from './modules';
@@ -32,6 +33,7 @@ export class Container {
     await this.inversifyContainer.loadAsync(extensionModule(config));
     await this.inversifyContainer.loadAsync(applicationModule());
     await this.inversifyContainer.loadAsync(documentRouterModule());
+    await this.inversifyContainer.loadAsync(evaluationModule());
   }
 
   public async unload() {

packages/serve/src/containers/modules/evaluation.ts

@@ -0,0 +1,8 @@
+import { Evaluator } from '@vulcan-sql/serve/evaluator';
+import { AsyncContainerModule } from 'inversify';
+import { TYPES } from '../types';
+
+export const evaluationModule = () =>
+  new AsyncContainerModule(async (bind) => {
+    bind<Evaluator>(TYPES.Evaluator).to(Evaluator).inSingletonScope();
+  });

packages/serve/src/containers/modules/index.ts

@@ -2,3 +2,4 @@ export * from './routeGenerator';
 export * from './extension';
 export * from './application';
 export * from './documentRouter';
+export * from './evaluation';

packages/serve/src/containers/types.ts

@@ -10,6 +10,8 @@ export const TYPES = {
   VulcanApplication: Symbol.for('VulcanApplication'),
   // Document router
   Factory_DocumentRouter: Symbol.for('Factory_DocumentRouter'),
+  // Evaluation
+  Evaluator: Symbol.for('Evaluator'),
   // Extensions
   Extension_RouteMiddleware: Symbol.for('Extension_RouteMiddleware'),
   Extension_Authenticator: Symbol.for('Extension_Authenticator'),

packages/serve/src/lib/evaluator/evaluator.ts

@@ -1,9 +1,10 @@
 import {
+  getLogger,
   Profile,
   ProfileAllowConstraints,
   TYPES as CORE_TYPES,
 } from '@vulcan-sql/core';
-import { injectable, multiInject } from 'inversify';
+import { injectable, multiInject, optional } from 'inversify';
 import { isArray } from 'lodash';
 import { AuthUserInfo } from '../../models/extensions';
 import {
@@ -35,12 +36,22 @@ import {
 //        name: group
 //        value: admin
 
+const logger = getLogger({ scopeName: 'SERVE' });
+
 @injectable()
 export class Evaluator {
   private profiles = new Map<string, AuthConstraint[][]>();
 
-  constructor(@multiInject(CORE_TYPES.Profile) profiles: Profile[]) {
+  constructor(
+    @multiInject(CORE_TYPES.Profile) @optional() profiles: Profile[] = []
+  ) {
     for (const profile of profiles) {
+      if (!profile.allow) {
+        logger.warn(
+          `Profile ${profile.name} doesn't have allow property, which means nobody can use it`
+        );
+        continue;
+      }
       this.profiles.set(profile.name, this.getConstraints(profile.allow));
     }
   }
@@ -76,7 +87,7 @@ export class Evaluator {
     andConstraints: AuthConstraint[]
   ): boolean {
     for (const constraint of andConstraints) {
-      if (!constraint.evaluate(user)) return false;
+      if (!constraint.evaluate(user || { name: '', attr: {} })) return false;
     }
     return true;
   }

packages/serve/src/lib/route/route-component/baseRoute.ts

@@ -3,6 +3,7 @@ import { APISchema, TemplateEngine, Pagination } from '@vulcan-sql/core';
 import { IRequestValidator } from './requestValidator';
 import { IRequestTransformer, RequestParameters } from './requestTransformer';
 import { IPaginationTransformer } from './paginationTransformer';
+import { Evaluator } from '@vulcan-sql/serve/evaluator';
 
 export interface TransformedRequest {
   reqParams: RequestParameters;
@@ -15,6 +16,7 @@ export interface RouteOptions {
   reqValidator: IRequestValidator;
   paginationTransformer: IPaginationTransformer;
   templateEngine: TemplateEngine;
+  evaluator: Evaluator;
 }
 
 export interface IRoute {
@@ -27,19 +29,23 @@ export abstract class BaseRoute implements IRoute {
   protected readonly reqValidator: IRequestValidator;
   protected readonly templateEngine: TemplateEngine;
   protected readonly paginationTransformer: IPaginationTransformer;
+  private evaluator: Evaluator;
 
+  // TODO: Too many injection from constructor, we should try to use container or compose some components
   constructor({
     apiSchema,
     reqTransformer,
     reqValidator,
     paginationTransformer,
     templateEngine,
+    evaluator,
   }: RouteOptions) {
     this.apiSchema = apiSchema;
     this.reqTransformer = reqTransformer;
     this.reqValidator = reqValidator;
     this.paginationTransformer = paginationTransformer;
     this.templateEngine = templateEngine;
+    this.evaluator = evaluator;
   }
 
   public abstract respond(ctx: KoaContext): Promise<any>;
@@ -49,7 +55,12 @@ export abstract class BaseRoute implements IRoute {
   protected async handle(user: AuthUserInfo, transformed: TransformedRequest) {
     const { reqParams } = transformed;
     // could template name or template path, use for template engine
-    const { templateSource, profile } = this.apiSchema;
+    const { templateSource, profiles } = this.apiSchema;
+
+    const profile = this.evaluator.evaluateProfile(user, profiles);
+    if (!profile)
+      // Should be 403
+      throw new Error(`Forbidden`);
 
     const result = await this.templateEngine.execute(templateSource, {
       parameters: reqParams,

packages/serve/src/lib/route/routeGenerator.ts

@@ -9,6 +9,7 @@ import {
 import { inject, injectable } from 'inversify';
 import { TYPES as CORE_TYPES } from '@vulcan-sql/core';
 import { TYPES } from '../../containers/types';
+import { Evaluator } from '../evaluator';
 
 export enum APIProviderType {
   RESTFUL = 'RESTFUL',
@@ -27,6 +28,7 @@ export class RouteGenerator {
   private reqTransformer: IRequestTransformer;
   private paginationTransformer: IPaginationTransformer;
   private templateEngine: TemplateEngine;
+  private evaluator: Evaluator;
   private apiOptions: APIRouteBuilderOption = {
     [APIProviderType.RESTFUL]: RestfulRoute,
     [APIProviderType.GRAPHQL]: GraphQLRoute,
@@ -37,12 +39,14 @@ export class RouteGenerator {
     @inject(TYPES.RequestValidator) reqValidator: IRequestValidator,
     @inject(TYPES.PaginationTransformer)
     paginationTransformer: IPaginationTransformer,
-    @inject(CORE_TYPES.TemplateEngine) templateEngine: TemplateEngine
+    @inject(CORE_TYPES.TemplateEngine) templateEngine: TemplateEngine,
+    @inject(TYPES.Evaluator) evaluator: Evaluator
   ) {
     this.reqValidator = reqValidator;
     this.reqTransformer = reqTransformer;
     this.paginationTransformer = paginationTransformer;
     this.templateEngine = templateEngine;
+    this.evaluator = evaluator;
   }
 
   public async generate(apiSchema: APISchema, optionType: APIProviderType) {
@@ -55,6 +59,7 @@ export class RouteGenerator {
       reqValidator: this.reqValidator,
       paginationTransformer: this.paginationTransformer,
       templateEngine: this.templateEngine,
+      evaluator: this.evaluator,
     });
   }
 

packages/serve/test/app.spec.ts

@@ -30,15 +30,18 @@ import { KoaContext } from '@vulcan-sql/serve/models';
 import { Container } from 'inversify';
 import { extensionModule } from '../src/containers/modules';
 import { TYPES } from '@vulcan-sql/serve';
+import { Evaluator } from '@vulcan-sql/serve/evaluator';
 
 describe('Test vulcan server for practicing middleware', () => {
   let container: Container;
   let stubTemplateEngine: sinon.StubbedInstance<TemplateEngine>;
   let stubDataSource: sinon.StubbedInstance<DataSource>;
+  let stubEvaluator: sinon.StubbedInstance<Evaluator>;
   beforeEach(async () => {
     container = new Container();
     stubTemplateEngine = sinon.stubInterface<TemplateEngine>();
     stubDataSource = sinon.stubInterface<DataSource>();
+    stubEvaluator = sinon.stubInterface<Evaluator>();
 
     await container.loadAsync(
       coreExtensionModule({
@@ -82,6 +85,7 @@ describe('Test vulcan server for practicing middleware', () => {
           router: [],
         })
     );
+    container.bind(TYPES.Evaluator).toConstantValue(stubEvaluator);
   });
 
   afterEach(() => {
@@ -122,6 +126,7 @@ describe('Test vulcan server for calling restful APIs', () => {
   let container: Container;
   let stubTemplateEngine: sinon.StubbedInstance<TemplateEngine>;
   let stubDataSource: sinon.StubbedInstance<DataSource>;
+  let stubEvaluator: sinon.StubbedInstance<Evaluator>;
   let server: http.Server;
   const fakeSchemas: Array<APISchema> = [
     {
@@ -274,6 +279,7 @@ describe('Test vulcan server for calling restful APIs', () => {
     container = new Container();
     stubTemplateEngine = sinon.stubInterface<TemplateEngine>();
     stubDataSource = sinon.stubInterface<DataSource>();
+    stubEvaluator = sinon.stubInterface<Evaluator>();
 
     stubTemplateEngine.execute.callsFake(async (_: string, data: any) => {
       return {
@@ -282,6 +288,8 @@ describe('Test vulcan server for calling restful APIs', () => {
       };
     });
 
+    stubEvaluator.evaluateProfile.returns('profile1');
+
     await container.loadAsync(
       coreExtensionModule({
         artifact: {} as any,
@@ -321,6 +329,7 @@ describe('Test vulcan server for calling restful APIs', () => {
           router: [],
         })
     );
+    container.bind(TYPES.Evaluator).toConstantValue(stubEvaluator);
   });
 
   afterEach(() => {

packages/serve/test/route/routeGenerator.spec.ts

@@ -17,6 +17,7 @@ import {
 } from '@vulcan-sql/serve/route';
 import { Container } from 'inversify';
 import { TYPES } from '@vulcan-sql/serve/containers';
+import { Evaluator } from '@vulcan-sql/serve/evaluator';
 
 describe('Test route generator ', () => {
   let container: Container;
@@ -25,6 +26,7 @@ describe('Test route generator ', () => {
   let stubPaginationTransformer: sinon.StubbedInstance<IPaginationTransformer>;
   let stubTemplateEngine: sinon.StubbedInstance<TemplateEngine>;
   let stubDataSource: sinon.StubbedInstance<DataSource>;
+  let stubEvaluator: sinon.StubbedInstance<Evaluator>;
   const fakeSchemas: Array<APISchema> = Array(
     faker.datatype.number({ min: 2, max: 4 })
   ).fill(sinon.stubInterface<APISchema>());
@@ -38,6 +40,7 @@ describe('Test route generator ', () => {
     stubPaginationTransformer = sinon.stubInterface<IPaginationTransformer>();
     stubDataSource = sinon.stubInterface<DataSource>();
     stubTemplateEngine = sinon.stubInterface<TemplateEngine>();
+    stubEvaluator = sinon.stubInterface<Evaluator>();
 
     container
       .bind(TYPES.PaginationTransformer)
@@ -53,6 +56,7 @@ describe('Test route generator ', () => {
       .bind(CORE_TYPES.Factory_DataSource)
       .toConstantValue(() => stubDataSource);
     container.bind(TYPES.RouteGenerator).to(RouteGenerator);
+    container.bind(TYPES.Evaluator).toConstantValue(stubEvaluator);
   });
 
   afterEach(() => {
@@ -76,6 +80,7 @@ describe('Test route generator ', () => {
         templateEngine: container.get<TemplateEngine>(
           CORE_TYPES.TemplateEngine
         ),
+        evaluator: container.get<Evaluator>(TYPES.Evaluator),
       });
 
       // Act
@@ -111,6 +116,7 @@ describe('Test route generator ', () => {
         templateEngine: container.get<TemplateEngine>(
           CORE_TYPES.TemplateEngine
         ),
+        evaluator: container.get<Evaluator>(TYPES.Evaluator),
       });
 
       // Act