Skip to content

Commit

Permalink
refactor(authorization): rework (#891)
Browse files Browse the repository at this point in the history
* fix(authorization): relation checking on bulk creation

* fix(authentication): missing scope construction in oAuth2 native

* fix(authorization): bulk relations check not checking all provided resources

* refactor(authorization): optimize index-building jobs

* refactor(authorization): optimize inherited permissions tree-building

* [CodeFactor] Apply fixes

* fix(authorization): wildcard (*) permissions not added correctly
refactor(authorization): small performance improvement in index building

* refactor(authorization): another performance improvement

* fix(authorization): ResourceDefinition.name field missing uniqueness constraint

* fix(authorization): ResourceDefinition relations/permissions nullable MongoDB fields handling (#896)

* fix(grpc-sdk): redis connections not closing on process exit (#901)

* fix(authorization): constructRelationIndex not reusing grpc-sdk (#902)

* refactor(authorization): remove redundant functions (#903)

refactor(authorization): re-index resources when definitions are modified
feat(authorization): maintain inheritance tree
fix(authorization): inherited permissions not removed when tree branches break

---------

Co-authored-by: codefactor-io <[email protected]>
Co-authored-by: Konstantinos Feretos <[email protected]>
  • Loading branch information
3 people authored Jan 18, 2024
1 parent db7c1f8 commit e274a14
Show file tree
Hide file tree
Showing 13 changed files with 348 additions and 424 deletions.
4 changes: 4 additions & 0 deletions libraries/grpc-sdk/src/utilities/EventBus.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ export class EventBus {
this._clientSubscriber.on('ready', () => {
ConduitGrpcSdk.Logger.log('The Bus is in the station...hehe');
});
process.on('exit', () => {
this._clientSubscriber.quit();
this._clientPublisher.quit();
});
}

unsubscribe(subscriberId: string): void {
Expand Down
4 changes: 4 additions & 0 deletions libraries/grpc-sdk/src/utilities/StateManager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ export class StateManager {
// attempted with the `using` API.
automaticExtensionThreshold: 500, // time in ms
});

process.on('exit', () => {
this.redisClient.quit();
});
}

async acquireLock(resource: string, ttl: number = 5000): Promise<Lock> {
Expand Down
4 changes: 3 additions & 1 deletion modules/authentication/src/handlers/oauth2/OAuth2.ts
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,9 @@ export abstract class OAuth2<T, S extends OAuth2Settings>

async authenticate(call: ParsedRouterRequest): Promise<UnparsedRouterResponse> {
ConduitGrpcSdk.Metrics?.increment('login_requests_total');
const scopes = call.request.params?.scopes ?? this.defaultScopes;
const scopes = this.constructScopes(
call.request.params?.scopes ?? this.defaultScopes,
);
const payload = await this.connectWithProvider({
accessToken: call.request.params['access_token'],
clientId: this.settings.clientId,
Expand Down
68 changes: 66 additions & 2 deletions modules/authorization/src/admin/index.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
import ConduitGrpcSdk, {
ConduitRouteActions,
ConduitRouteReturnDefinition,
ParsedRouterRequest,
UnparsedRouterResponse,
} from '@conduitplatform/grpc-sdk';
import { GrpcServer, RoutingManager } from '@conduitplatform/module-tools';
import { ResourceHandler } from './resources';
import { RelationHandler } from './relations';
import { ActorIndex, ObjectIndex, Relationship, ResourceDefinition } from '../models';
import { QueueController } from '../controllers';

export class AdminHandlers {
private readonly resourceHandler: ResourceHandler;
Expand All @@ -18,12 +25,69 @@ export class AdminHandlers {
this.registerAdminRoutes();
}

reconstructIndices() {
async reconstructIndices(
call: ParsedRouterRequest,
callback: (response: UnparsedRouterResponse) => void,
) {
// used to trigger an index re-construction
ConduitGrpcSdk.Logger.warn('Reconstructing indices...');
ConduitGrpcSdk.Logger.warn('Wiping index data...');
await Promise.all([
ActorIndex.getInstance().deleteMany({}),
ObjectIndex.getInstance().deleteMany({}),
]);
callback('ok');
ConduitGrpcSdk.Logger.warn('Beginning index reconstruction...');
const resources = await ResourceDefinition.getInstance().findMany({});
ConduitGrpcSdk.Logger.info(`Found ${resources.length} resources...`);
for (const resource of resources) {
ConduitGrpcSdk.Logger.info(`Reconstructing index for ${resource.name}...`);
const query = {
subjectType: resource.name,
};
const relationsCount = await Relationship.getInstance().countDocuments(query);
ConduitGrpcSdk.Logger.info(
`Found ${relationsCount} relations for ${resource.name}...`,
);
let processed = 0;
let relations = await Relationship.getInstance().findMany(
query,
undefined,
processed,
1000,
);
while (relations.length > 0) {
ConduitGrpcSdk.Logger.info(
`Reconstructing index for ${resource.name}... ${relations.length} remaining`,
);
await QueueController.getInstance().addRelationIndexJob(
relations.map(r => {
return { subject: r.subject, relation: r.relation, object: r.resource };
}),
);
await QueueController.getInstance().waitForIdle();
processed += relations.length;
relations = await Relationship.getInstance().findMany(
query,
undefined,
processed,
1000,
);
}
}
}

private registerAdminRoutes() {
this.routingManager.clear();
this.routingManager.route(
{
path: '/indexer/reconstruct',
action: ConduitRouteActions.POST,
description: `Wipes and re-constructs the relation indexes.`,
},
new ConduitRouteReturnDefinition('IndexReconstruct', 'String'),
this.reconstructIndices.bind(this),
);
this.relationHandler.registerRoutes(this.routingManager);
this.resourceHandler.registerRoutes(this.routingManager);
this.routingManager.registerRoutes().then();
Expand Down
Loading

0 comments on commit e274a14

Please sign in to comment.