Skip to content

Commit

Permalink
refactor(authorization): add separate fields in indexes to improve se…
Browse files Browse the repository at this point in the history 
…arch and utilize db index
  • Loading branch information
@kkopanidis
kkopanidis committed Aug 25, 2023
1 parent e532e7c commit d0bb09c
Show file tree
Hide file tree
Showing 14 changed files with 253 additions and 6 deletions.
2 changes: 1 addition & 1 deletion modules/authorization/src/Authorization.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ export default class Authorization extends ManagedModule<Config> {
async onServerStart() {
await this.grpcSdk.waitForExistence('database');
this.database = this.grpcSdk.database!;
await runMigrations(this.grpcSdk);
}

async onConfig() {
Expand All @@ -81,6 +80,7 @@ export default class Authorization extends ManagedModule<Config> {
this.updateHealth(HealthCheckStatus.NOT_SERVING);
} else {
await this.registerSchemas();
await runMigrations(this.grpcSdk);
this.indexController = IndexController.getInstance(this.grpcSdk);
this.relationsController = RelationsController.getInstance(
this.grpcSdk,
Expand Down
12 changes: 11 additions & 1 deletion modules/authorization/src/controllers/index.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,14 @@ export class IndexController {
async createOrUpdateObject(subject: string, entity: string) {
const index = await ObjectIndex.getInstance().findOne({ subject, entity });
if (!index) {
await ObjectIndex.getInstance().create({ subject, entity });
await ObjectIndex.getInstance().create({
subject,
subjectType: subject.split(':')[0],
subjectPermission: subject.split('#')[1],
entity,
entityType: entity.split(':')[0],
relation: entity.split('#')[1],
});
}
}

Expand All @@ -42,7 +49,10 @@ export class IndexController {
if (!found) {
await ActorIndex.getInstance().create({
subject: subject,
subjectType: subject.split(':')[0],
entity: `${object}#${relation}`,
entityType: object.split(':')[0],
relation: relation,
});
}
const permissions = Object.keys(objectDefinition.permissions);
Expand Down
2 changes: 2 additions & 0 deletions modules/authorization/src/controllers/permissions.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,10 @@ export class PermissionsController {
const computedTuple = computePermissionTuple(subject, action, resource);
await Permission.getInstance().create({
subject,
subjectType: subject.split(':')[0],
permission: action,
resource,
resourceType: resource.split(':')[0],
computedTuple,
});
}
Expand Down
2 changes: 2 additions & 0 deletions modules/authorization/src/controllers/relations.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,10 @@ export class RelationsController {

relationResource = await Relationship.getInstance().create({
subject: subject,
subjectType: subject.split(':')[0],
relation: relation,
resource: object,
resourceType: object.split(':')[0],
computedTuple: computeRelationTuple(subject, relation, object),
});
await this.indexController.constructRelationIndex(subject, relation, object);
Expand Down
37 changes: 37 additions & 0 deletions modules/authorization/src/migrations/actorIndex.migration.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
import { ActorIndex } from '../models';

export const migrateActorIndex = async (grpcSdk: ConduitGrpcSdk) => {
const count = await ActorIndex.getInstance().countDocuments({
entityType: '',
});
if (count === 0) {
return;
}
let actorIndexes = await ActorIndex.getInstance().findMany(
{
entityType: '',
},
undefined,
0,
100,
);
let iterator = 0;
while (actorIndexes.length > 0) {
for (const actorIndex of actorIndexes) {
await ActorIndex.getInstance().findByIdAndUpdate(actorIndex._id, {
entityType: actorIndex.entity.split(':')[0],
subjectType: actorIndex.subject.split(':')[0],
relation: actorIndex.subject.split('#')[1],
});
}
actorIndexes = await ActorIndex.getInstance().findMany(
{
entityType: '',
},
undefined,
++iterator * 100,
100,
);
}
};
11 changes: 10 additions & 1 deletion modules/authorization/src/migrations/index.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
import { migrateObjectIndex } from './objectIndex.migration';
import { migrateActorIndex } from './actorIndex.migration';
import { migrateRelationships } from './relationship.migration';
import { migratePermission } from './permission.migration';

export async function runMigrations(grpcSdk: ConduitGrpcSdk) {
// ...
await Promise.all([
migrateObjectIndex(grpcSdk),
migrateActorIndex(grpcSdk),
migrateRelationships(grpcSdk),
migratePermission(grpcSdk),
]);
}
38 changes: 38 additions & 0 deletions modules/authorization/src/migrations/objectIndex.migration.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
import { ObjectIndex } from '../models';

export const migrateObjectIndex = async (grpcSdk: ConduitGrpcSdk) => {
const count = await ObjectIndex.getInstance().countDocuments({
entityType: '',
});
if (count === 0) {
return;
}
let objectIndexes = await ObjectIndex.getInstance().findMany(
{
entityType: '',
},
undefined,
0,
100,
);
let iterator = 0;
while (objectIndexes.length > 0) {
for (const objectIndex of objectIndexes) {
await ObjectIndex.getInstance().findByIdAndUpdate(objectIndex._id, {
subjectType: objectIndex.subject.split(':')[0],
subjectPermission: objectIndex.subject.split('#')[1],
entityType: objectIndex.entity.split(':')[0],
relation: objectIndex.subject.split('#')[1],
});
}
objectIndexes = await ObjectIndex.getInstance().findMany(
{
entityType: '',
},
undefined,
++iterator * 100,
100,
);
}
};
36 changes: 36 additions & 0 deletions modules/authorization/src/migrations/permission.migration.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
import { Permission } from '../models';

export const migratePermission = async (grpcSdk: ConduitGrpcSdk) => {
const count = await Permission.getInstance().countDocuments({
resourceType: '',
});
if (count === 0) {
return;
}
let permissions = await Permission.getInstance().findMany(
{
resourceType: '',
},
undefined,
0,
100,
);
let iterator = 0;
while (permissions.length > 0) {
for (const permission of permissions) {
await Permission.getInstance().findByIdAndUpdate(permission._id, {
subjectType: permission.subject.split(':')[0],
resourceType: permission.resource.split(':')[0],
});
}
permissions = await Permission.getInstance().findMany(
{
resourceType: '',
},
undefined,
++iterator * 100,
100,
);
}
};
36 changes: 36 additions & 0 deletions modules/authorization/src/migrations/relationship.migration.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
import { Relationship } from '../models';

export const migrateRelationships = async (grpcSdk: ConduitGrpcSdk) => {
const count = await Relationship.getInstance().countDocuments({
resourceType: '',
});
if (count === 0) {
return;
}
let relationships = await Relationship.getInstance().findMany(
{
resourceType: '',
},
undefined,
0,
100,
);
let iterator = 0;
while (relationships.length > 0) {
for (const objectIndex of relationships) {
await Relationship.getInstance().findByIdAndUpdate(objectIndex._id, {
subjectType: objectIndex.subject.split(':')[0],
resourceType: objectIndex.resource.split(':')[0],
});
}
relationships = await Relationship.getInstance().findMany(
{
resourceType: '',
},
undefined,
++iterator * 100,
100,
);
}
};
22 changes: 22 additions & 0 deletions modules/authorization/src/models/ActorIndex.schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,36 @@ const schema: ConduitModel = {
_id: TYPE.ObjectId,
/**
* {
* subject entity
* "user:12312312": "organization:123123#member"
* }
*/
subject: {
type: TYPE.String,
required: true,
},
// user
subjectType: {
type: TYPE.String,
required: true,
default: '',
},
entity: {
type: TYPE.String,
required: true,
},
// organization
entityType: {
type: TYPE.String,
required: true,
default: '',
},
// member
relation: {
type: TYPE.String,
required: true,
default: '',
},
createdAt: TYPE.Date,
updatedAt: TYPE.Date,
};
Expand All @@ -40,7 +59,10 @@ export class ActorIndex extends ConduitActiveSchema<ActorIndex> {
private static _instance: ActorIndex;
_id: string;
subject: string;
subjectType: string;
entity: string;
entityType: string;
relation: string;
createdAt: Date;
updatedAt: Date;

Expand Down
28 changes: 28 additions & 0 deletions modules/authorization/src/models/ObjectIndex.schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,34 @@ const schema: ConduitModel = {
type: TYPE.String,
required: true,
},
// organization
subjectType: {
type: TYPE.String,
required: true,
default: '',
},
// view
subjectPermission: {
type: TYPE.String,
required: true,
default: '',
},
entity: {
type: TYPE.String,
required: true,
},
// organization
entityType: {
type: TYPE.String,
required: true,
default: '',
},
// member
relation: {
type: TYPE.String,
required: true,
default: '',
},
createdAt: TYPE.Date,
updatedAt: TYPE.Date,
};
Expand All @@ -41,7 +65,11 @@ export class ObjectIndex extends ConduitActiveSchema<ObjectIndex> {
private static _instance: ObjectIndex;
_id: string;
subject: string;
subjectType: string;
subjectPermission: string;
entity: string;
entityType: string;
relation: string;
createdAt: Date;
updatedAt: Date;

Expand Down
16 changes: 15 additions & 1 deletion modules/authorization/src/models/Permission.schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,24 @@ const schema: ConduitModel = {
type: TYPE.String,
required: true,
},
// organization
resourceType: {
type: TYPE.String,
required: true,
default: '',
},
// user:1adasdas
subject: {
type: TYPE.String,
required: true,
},
// member relation: "owner"
// user
subjectType: {
type: TYPE.String,
required: true,
default: '',
},
// read
permission: {
type: TYPE.String,
required: true,
Expand Down Expand Up @@ -48,7 +60,9 @@ export class Permission extends ConduitActiveSchema<Permission> {
private static _instance: Permission;
_id: string;
resource: string;
resourceType: string;
subject: string;
subjectType: string;
permission: string;
computedTuple: string;
createdAt: Date;
Expand Down
15 changes: 14 additions & 1 deletion modules/authorization/src/models/Relationship.schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,23 @@ const schema: ConduitModel = {
type: TYPE.String,
required: true,
},
// organization
resourceType: {
type: TYPE.String,
required: true,
default: '',
},
// user:1adasdas
subject: {
type: TYPE.String,
required: true,
},
// user
subjectType: {
type: TYPE.String,
required: true,
default: '',
},
// member relation: "owner"
relation: {
type: TYPE.String,
Expand Down Expand Up @@ -47,8 +59,9 @@ export class Relationship extends ConduitActiveSchema<Relationship> {
private static _instance: Relationship;
_id: string;
resource: string;
resourceId: string;
resourceType: string;
subject: string;
subjectType: string;
relation: string;
computedTuple: string;
createdAt: Date;
Expand Down
Loading

0 comments on commit d0bb09c

Please sign in to comment.