huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor(server scopes): use constants for streams read scopes

Browse Source
This commit is contained in:
Gergő Jedlicska
2023-07-26 13:09:34 +02:00
parent 6ea7aa8236
commit bb5778bf2d
14 changed files with 50 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/fileimport-service/src/daemon.js
+2 -1
View File
@@ -17,6 +17,7 @@ const { spawn } = require('child_process')
const ServerAPI = require('../ifc/api')
const objDependencies = require('./objDependencies')
const { logger } = require('../observability/logging')
const { Scopes } = require('@speckle/shared')
const HEALTHCHECK_FILE_PATH = '/tmp/last_successful_query'
@@ -97,7 +98,7 @@ async function doTask(task) {
const { token } = await serverApi.createToken({
userId: info.userId,
name: 'temp upload token',
scopes: ['streams:write', 'streams:read'],
scopes: ['streams:write', Scopes.Streams.Read],
lifespan: 1000000
})
tempUserToken = token
packages/server/modules/activitystream/tests/activity.spec.js
+3 -3
View File
@@ -11,7 +11,7 @@ const { noErrors } = require('@/test/helpers')
const {
addOrUpdateStreamCollaborator
} = require('@/modules/core/services/streams/streamAccessService')
const { Roles } = require('@/modules/core/helpers/mainConstants')
const { Roles, Scopes } = require('@speckle/shared')
let sendRequest
@@ -79,7 +79,7 @@ describe('Activity @activity', () => {
;({ sendRequest } = await initializeTestServer(server, app))
const normalScopesList = [
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -106,7 +106,7 @@ describe('Activity @activity', () => {
(token) => (userCr.token = `Bearer ${token}`)
),
createPersonalAccessToken(userX.id, 'no users:read test token', [
'streams:read',
Scopes.Streams.Read,
'streams:write'
]).then((token) => (userX.token = `Bearer ${token}`))
// streams
packages/server/modules/auth/tests/appsGrapql.spec.js
+6 -5
View File
@@ -11,6 +11,7 @@ const {
createAuthorizationCode,
createAppTokenFromAccessCode
} = require('../services/apps')
const { Scopes } = require('@speckle/shared')
let sendRequest
let server
@@ -67,7 +68,7 @@ describe('GraphQL @apps-api', () => {
name: 'Test App',
public: true,
description: 'Test App Description',
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
redirectUrl: 'lol://what'
}
}
@@ -88,7 +89,7 @@ describe('GraphQL @apps-api', () => {
myApp: {
name: 'Test App',
description: 'Test App Description',
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
redirectUrl: 'lol://what'
}
}
@@ -160,7 +161,7 @@ describe('GraphQL @apps-api', () => {
id: testAppId,
name: 'Updated Test App',
description: 'Test App Description',
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
redirectUrl: 'lol://what'
}
}
@@ -192,7 +193,7 @@ describe('GraphQL @apps-api', () => {
name: 'Another Test App',
public: false,
description: 'Test App Description',
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
redirectUrl: 'lol://what'
}
}
@@ -203,7 +204,7 @@ describe('GraphQL @apps-api', () => {
name: 'The n-th Test App',
public: false,
description: 'Test App Description',
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
redirectUrl: 'lol://what'
}
}
packages/server/modules/core/rest/authUtils.js
+2 -2
View File
@@ -6,7 +6,7 @@ const {
} = require('@/modules/shared')
const { getStream } = require('../services/streams')
const { Roles } = require('@speckle/shared')
const { Roles, Scopes } = require('@speckle/shared')
module.exports = {
async validatePermissionsReadStream(streamId, req) {
@@ -27,7 +27,7 @@ module.exports = {
if (!stream.isPublic) {
try {
await validateScopes(req.context.scopes, 'streams:read')
await validateScopes(req.context.scopes, Scopes.Streams.Read)
} catch (err) {
return { result: false, status: 401 }
}
packages/server/modules/core/tests/generic.spec.js
+2 -2
View File
@@ -20,7 +20,7 @@ const {
} = require('@/modules/shared')
const { buildContext } = require('@/modules/shared/middleware')
const { ForbiddenError } = require('apollo-server-express')
const { Roles } = require('@speckle/shared')
const { Roles, Scopes } = require('@speckle/shared')
describe('Generic AuthN & AuthZ controller tests', () => {
before(async () => {
@@ -99,7 +99,7 @@ describe('Generic AuthN & AuthZ controller tests', () => {
.catch((err) => expect('Unknown role: bar').to.equal(err.message))
// this caught me out, but streams:read is not a valid role for now
await authorizeResolver('foo', 'bar', 'streams:read')
await authorizeResolver('foo', 'bar', Scopes.Streams.Read)
.then(() => {
throw new Error('This should have been rejected')
})
packages/server/modules/core/tests/graph.spec.js
+10 -10
View File
@@ -11,7 +11,7 @@ const {
addOrUpdateStreamCollaborator,
removeStreamCollaborator
} = require('@/modules/core/services/streams/streamAccessService')
const { Roles } = require('@speckle/shared')
const { Roles, Scopes } = require('@speckle/shared')
let app
let server
@@ -44,8 +44,8 @@ describe('GraphQL API Core @core-api', () => {
userA.id,
'test token user A',
[
'server:setup',
'streams:read',
Scopes.Server.Setup,
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -60,7 +60,7 @@ describe('GraphQL API Core @core-api', () => {
userB.id,
'test token user B',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -75,7 +75,7 @@ describe('GraphQL API Core @core-api', () => {
userC.id,
'test token user B',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -243,7 +243,7 @@ describe('GraphQL API Core @core-api', () => {
userDelete.id,
'fail token user del',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -271,7 +271,7 @@ describe('GraphQL API Core @core-api', () => {
userDelete.id,
'test token user del',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -1693,7 +1693,7 @@ describe('GraphQL API Core @core-api', () => {
archivedUser.id,
'this will be archived',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -1735,7 +1735,7 @@ describe('GraphQL API Core @core-api', () => {
query,
variables: {
tokenInput: {
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
name: 'thisWillNotBeCreated',
lifespan: 1000000
}
@@ -1840,7 +1840,7 @@ describe('GraphQL API Core @core-api', () => {
name: 'Test App',
public: true,
description: 'Test App Description',
scopes: ['streams:read'],
scopes: [Scopes.Streams.Read],
redirectUrl: 'lol://what'
}
}
packages/server/modules/core/tests/graphSubs.spec.js
+4 -4
View File
@@ -17,7 +17,7 @@ const { packageRoot } = require('@/bootstrap')
const {
addOrUpdateStreamCollaborator
} = require('@/modules/core/services/streams/streamAccessService')
const { Roles } = require('@/modules/core/helpers/mainConstants')
const { Roles, Scopes } = require('@speckle/shared')
const { getFreeServerPort } = require('@/test/serverHelper')
let addr
@@ -100,7 +100,7 @@ describe('GraphQL API Subscriptions @gql-subscriptions', () => {
userA.id = await createUser(userA)
const token = await createPersonalAccessToken(userA.id, 'test token user A', [
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -116,7 +116,7 @@ describe('GraphQL API Subscriptions @gql-subscriptions', () => {
userB.id,
'test token user B',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -131,7 +131,7 @@ describe('GraphQL API Subscriptions @gql-subscriptions', () => {
userC.token = `Bearer ${await createPersonalAccessToken(
userC.id,
'test token user B',
['streams:read', 'streams:write', 'users:read', 'users:email']
[Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email']
)}`
})
packages/server/modules/core/tests/rest.spec.js
+3 -2
View File
@@ -11,6 +11,7 @@ const { createManyObjects } = require('@/test/helpers')
const { createUser } = require('../services/users')
const { createPersonalAccessToken } = require('../services/tokens')
const { createStream } = require('../services/streams')
const { Scopes } = require('@speckle/shared')
describe('Upload/Download Routes @api-rest', () => {
const userA = {
@@ -40,7 +41,7 @@ describe('Upload/Download Routes @api-rest', () => {
userA.id,
'test token user A',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
@@ -56,7 +57,7 @@ describe('Upload/Download Routes @api-rest', () => {
userB.id,
'test token user B',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',
packages/server/modules/core/tests/users.spec.js
+4 -3
View File
@@ -41,6 +41,7 @@ const {
const { createObject } = require('../services/objects')
const { beforeEachContext } = require('@/test/hooks')
const { Scopes } = require('@speckle/shared')
describe('Actors & Tokens @user-services', () => {
const myTestActor = {
@@ -368,18 +369,18 @@ describe('Actors & Tokens @user-services', () => {
before(async () => {
pregeneratedToken = await createPersonalAccessToken(myTestActor.id, 'Whabadub', [
'streams:read',
Scopes.Streams.Read,
'streams:write',
'profile:read',
'users:email'
])
revokedToken = await createPersonalAccessToken(myTestActor.id, 'Mr. Revoked', [
'streams:read'
Scopes.Streams.Read
])
expireSoonToken = await createPersonalAccessToken(
myTestActor.id,
'Mayfly',
['streams:read'],
[Scopes.Streams.Read],
1
) // 1ms lifespan
})
packages/server/modules/previews/index.js
+2 -1
View File
@@ -21,6 +21,7 @@ const { moduleLogger, logger } = require('@/logging/logging')
const {
listenForPreviewGenerationUpdates
} = require('@/modules/previews/services/resultListener')
const { Scopes } = require('@speckle/shared')
const httpErrorImage = (httpErrorCode) =>
require.resolve(`#/assets/previews/images/preview_${httpErrorCode}.png`)
@@ -144,7 +145,7 @@ exports.init = (app) => {
if (!stream.isPublic) {
try {
await validateScopes(req.context.scopes, 'streams:read')
await validateScopes(req.context.scopes, Scopes.Streams.Read)
} catch (err) {
return { hasPermissions: false, httpErrorCode: 401 }
}
packages/server/modules/stats/graph/resolvers/stats.js
+2 -2
View File
@@ -10,13 +10,13 @@ const {
getTotalObjectCount,
getTotalUserCount
} = require('../../services')
const { Roles } = require('@speckle/shared')
const { Roles, Scopes } = require('@speckle/shared')
module.exports = {
Query: {
async serverStats(parent, args, context) {
await validateServerRole(context, Roles.Server.Admin)
await validateScopes(context.scopes, 'server:stats')
await validateScopes(context.scopes, Scopes.Server.Stats)
return {}
}
},
packages/server/modules/stats/tests/stats.spec.js
+5 -4
View File
@@ -20,6 +20,7 @@ const {
getTotalObjectCount,
getTotalUserCount
} = require('../services')
const { Scopes } = require('@speckle/shared')
const params = { numUsers: 25, numStreams: 30, numObjects: 100, numCommits: 100 }
@@ -126,24 +127,24 @@ describe('Server stats api @stats-api', function () {
adminUser.goodToken = `Bearer ${await createPersonalAccessToken(
adminUser.id,
'test token user A',
['server:stats']
[Scopes.Server.Stats]
)}`
adminUser.badToken = `Bearer ${await createPersonalAccessToken(
adminUser.id,
'test token user A',
['streams:read']
[Scopes.Streams.Read]
)}`
notAdminUser.id = await createUser(notAdminUser)
notAdminUser.goodToken = `Bearer ${await createPersonalAccessToken(
notAdminUser.id,
'test token user A',
['server:stats']
[Scopes.Server.Stats]
)}`
notAdminUser.badToken = `Bearer ${await createPersonalAccessToken(
notAdminUser.id,
'test token user A',
['streams:read']
[Scopes.Streams.Read]
)}`
await seedDb(params)
packages/server/modules/webhooks/tests/webhooks.spec.js
+3 -2
View File
@@ -16,6 +16,7 @@ const {
} = require('../services/webhooks')
const { createUser } = require('../../core/services/users')
const { createStream, grantPermissionsStream } = require('../../core/services/streams')
const { Scopes } = require('@speckle/shared')
describe('Webhooks @webhooks', () => {
let server, sendRequest, app
@@ -139,12 +140,12 @@ describe('Webhooks @webhooks', () => {
userOne.token = `Bearer ${await createPersonalAccessToken(
userOne.id,
'userOne test token',
['streams:read', 'streams:write']
[Scopes.Streams.Read, 'streams:write']
)}`
userTwo.token = `Bearer ${await createPersonalAccessToken(
userTwo.id,
'userTwo test token',
['streams:read', 'streams:write']
[Scopes.Streams.Read, 'streams:write']
)}`
await grantPermissionsStream({
streamId: streamTwo.id,
packages/server/scripts/streamObjects.js
+2 -1
View File
@@ -9,6 +9,7 @@ const { init } = require(`@/app`)
const request = require('supertest')
const { exit } = require('yargs')
const { logger } = require('@/logging/logging')
const { Scopes } = require('@speckle/shared')
const main = async () => {
const testStream = {
@@ -30,7 +31,7 @@ const main = async () => {
userA.id,
'test token user A',
[
'streams:read',
Scopes.Streams.Read,
'streams:write',
'users:read',
'users:email',