Authorize query in Upsert before processing

dgraph-io · Aug 21, 2019 · 9a66690 · 9a66690
1 parent 459b5f5
commit 9a66690
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 37 deletions.
diff --git a/edgraph/access.go b/edgraph/access.go
@@ -57,7 +57,7 @@ func authorizeMutation(ctx context.Context, gmu *gql.Mutation) error {
 	return nil
 }
 
-func authorizeQuery(ctx context.Context, req *api.Request) error {
+func authorizeQuery(ctx context.Context, parsedReq *gql.Result) error {
 	// always allow access
 	return nil
 }
diff --git a/edgraph/access_ee.go b/edgraph/access_ee.go
@@ -384,7 +384,9 @@ func ResetAcl() {
 			StartTs:   startTs,
 			CommitNow: true,
 			Mutations: []*api.Mutation{
-				&api.Mutation{Set: createUserNQuads},
+				{
+					Set: createUserNQuads,
+				},
 			},
 		}
 
@@ -661,23 +663,15 @@ func logAccess(log *accessEntry) {
 }
 
 //authorizeQuery authorizes the query using the aclCachePtr
-func authorizeQuery(ctx context.Context, req *api.Request) error {
+func authorizeQuery(ctx context.Context, parsedReq *gql.Result) error {
 	if len(Config.HmacSecret) == 0 {
 		// the user has not turned on the acl feature
 		return nil
 	}
 
-	parsedReq, err := gql.Parse(gql.Request{
-		Str:       req.Query,
-		Variables: req.Vars,
-	})
-	if err != nil {
-		return err
-	}
-	preds := parsePredsFromQuery(parsedReq.Query)
-
 	var userId string
 	var groupIds []string
+	preds := parsePredsFromQuery(parsedReq.Query)
 	doAuthorizeQuery := func() error {
 		userData, err := extractUserAndGroups(ctx)
 		if err == nil {
@@ -713,7 +707,7 @@ func authorizeQuery(ctx context.Context, req *api.Request) error {
 		return nil
 	}
 
-	err = doAuthorizeQuery()
+	err := doAuthorizeQuery()
 	if span := otrace.FromContext(ctx); span != nil {
 		span.Annotatef(nil, (&accessEntry{
 			userId:    userId,

diff --git a/edgraph/server.go b/edgraph/server.go
@@ -576,10 +576,6 @@ func doQueryInUpsert(ctx context.Context, req *api.Request, gmu *gql.Mutation) (
 		return l, nil
 	}
 
-	// if err := authorizeQuery(ctx, req); err != nil {
-	// 	return nil, err
-	// }
-
 	mu := req.Mutations[0]
 	upsertQuery := req.Query
 	needVars := findVars(gmu)
@@ -623,6 +619,10 @@ func doQueryInUpsert(ctx context.Context, req *api.Request, gmu *gql.Mutation) (
 		return nil, errors.Wrapf(err, "while validating query: %q", upsertQuery)
 	}
 
+	if err := authorizeQuery(ctx, &parsedReq); err != nil {
+		return nil, err
+	}
+
 	qr := query.Request{Latency: l, GqlQuery: &parsedReq, ReadTs: req.StartTs}
 	if err := qr.ProcessQuery(ctx); err != nil {
 		return nil, errors.Wrapf(err, "while processing query: %q", upsertQuery)
@@ -771,16 +771,32 @@ func (s *Server) doQuery(ctx context.Context, req *api.Request, authorize bool)
 	if ctx.Err() != nil {
 		return nil, ctx.Err()
 	}
-	startTime := time.Now()
+
+	ctx, span := otrace.StartSpan(ctx, methodQuery)
+	span.Annotatef(nil, "Query received: %v", req)
+
+	var l query.Latency
+	l.Start = time.Now()
+	parsedReq, err := gql.Parse(gql.Request{
+		Str:       req.Query,
+		Variables: req.Vars,
+	})
+	l.Parsing += time.Since(l.Start)
+	if err != nil {
+		return resp, err
+	}
+
+	if err = validateQuery(parsedReq.Query); err != nil {
+		return resp, err
+	}
 
 	if authorize {
-		if err := authorizeQuery(ctx, req); err != nil {
+		if err := authorizeQuery(ctx, &parsedReq); err != nil {
 			return nil, err
 		}
 	}
 
 	var measurements []ostats.Measurement
-	ctx, span := otrace.StartSpan(ctx, methodQuery)
 	ctx = x.WithMethod(ctx, methodQuery)
 	defer func() {
 		span.End()
@@ -789,7 +805,7 @@ func (s *Server) doQuery(ctx context.Context, req *api.Request, authorize bool)
 			v = x.TagValueStatusError
 		}
 		ctx, _ = tag.New(ctx, tag.Upsert(x.KeyStatus, v))
-		timeSpentMs := x.SinceMs(startTime)
+		timeSpentMs := x.SinceMs(l.Start)
 		measurements = append(measurements, x.LatencyMs.M(timeSpentMs))
 		ostats.Record(ctx, measurements...)
 	}()
@@ -809,22 +825,6 @@ func (s *Server) doQuery(ctx context.Context, req *api.Request, authorize bool)
 		return resp, errors.Errorf("Empty query")
 	}
 
-	var l query.Latency
-	l.Start = time.Now()
-	span.Annotatef(nil, "Query received: %v", req)
-
-	parsedReq, err := gql.Parse(gql.Request{
-		Str:       req.Query,
-		Variables: req.Vars,
-	})
-	if err != nil {
-		return resp, err
-	}
-
-	if err = validateQuery(parsedReq.Query); err != nil {
-		return resp, err
-	}
-
 	var queryRequest = query.Request{
 		Latency:  &l,
 		GqlQuery: &parsedReq,