diff --git a/packages/fileimport-service/src/daemon.js b/packages/fileimport-service/src/daemon.js index bfe9e3baa..11b041982 100644 --- a/packages/fileimport-service/src/daemon.js +++ b/packages/fileimport-service/src/daemon.js @@ -17,6 +17,7 @@ const { spawn } = require('child_process') const ServerAPI = require('../ifc/api') const objDependencies = require('./objDependencies') const { logger } = require('../observability/logging') +const { Scopes } = require('@speckle/shared') const HEALTHCHECK_FILE_PATH = '/tmp/last_successful_query' @@ -97,7 +98,7 @@ async function doTask(task) { const { token } = await serverApi.createToken({ userId: info.userId, name: 'temp upload token', - scopes: ['streams:write', 'streams:read'], + scopes: ['streams:write', Scopes.Streams.Read], lifespan: 1000000 }) tempUserToken = token diff --git a/packages/server/modules/activitystream/tests/activity.spec.js b/packages/server/modules/activitystream/tests/activity.spec.js index c4b9d9211..b3b1c05bf 100644 --- a/packages/server/modules/activitystream/tests/activity.spec.js +++ b/packages/server/modules/activitystream/tests/activity.spec.js @@ -11,7 +11,7 @@ const { noErrors } = require('@/test/helpers') const { addOrUpdateStreamCollaborator } = require('@/modules/core/services/streams/streamAccessService') -const { Roles } = require('@/modules/core/helpers/mainConstants') +const { Roles, Scopes } = require('@speckle/shared') let sendRequest @@ -79,7 +79,7 @@ describe('Activity @activity', () => { ;({ sendRequest } = await initializeTestServer(server, app)) const normalScopesList = [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -106,7 +106,7 @@ describe('Activity @activity', () => { (token) => (userCr.token = `Bearer ${token}`) ), createPersonalAccessToken(userX.id, 'no users:read test token', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write' ]).then((token) => (userX.token = `Bearer ${token}`)) // streams diff --git a/packages/server/modules/auth/tests/appsGrapql.spec.js b/packages/server/modules/auth/tests/appsGrapql.spec.js index b88de762d..76f307119 100644 --- a/packages/server/modules/auth/tests/appsGrapql.spec.js +++ b/packages/server/modules/auth/tests/appsGrapql.spec.js @@ -11,6 +11,7 @@ const { createAuthorizationCode, createAppTokenFromAccessCode } = require('../services/apps') +const { Scopes } = require('@speckle/shared') let sendRequest let server @@ -67,7 +68,7 @@ describe('GraphQL @apps-api', () => { name: 'Test App', public: true, description: 'Test App Description', - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], redirectUrl: 'lol://what' } } @@ -88,7 +89,7 @@ describe('GraphQL @apps-api', () => { myApp: { name: 'Test App', description: 'Test App Description', - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], redirectUrl: 'lol://what' } } @@ -160,7 +161,7 @@ describe('GraphQL @apps-api', () => { id: testAppId, name: 'Updated Test App', description: 'Test App Description', - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], redirectUrl: 'lol://what' } } @@ -192,7 +193,7 @@ describe('GraphQL @apps-api', () => { name: 'Another Test App', public: false, description: 'Test App Description', - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], redirectUrl: 'lol://what' } } @@ -203,7 +204,7 @@ describe('GraphQL @apps-api', () => { name: 'The n-th Test App', public: false, description: 'Test App Description', - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], redirectUrl: 'lol://what' } } diff --git a/packages/server/modules/core/rest/authUtils.js b/packages/server/modules/core/rest/authUtils.js index 9937c1deb..f2b503648 100644 --- a/packages/server/modules/core/rest/authUtils.js +++ b/packages/server/modules/core/rest/authUtils.js @@ -6,7 +6,7 @@ const { } = require('@/modules/shared') const { getStream } = require('../services/streams') -const { Roles } = require('@speckle/shared') +const { Roles, Scopes } = require('@speckle/shared') module.exports = { async validatePermissionsReadStream(streamId, req) { @@ -27,7 +27,7 @@ module.exports = { if (!stream.isPublic) { try { - await validateScopes(req.context.scopes, 'streams:read') + await validateScopes(req.context.scopes, Scopes.Streams.Read) } catch (err) { return { result: false, status: 401 } } diff --git a/packages/server/modules/core/tests/generic.spec.js b/packages/server/modules/core/tests/generic.spec.js index 4763af0fc..2c4bb95f6 100644 --- a/packages/server/modules/core/tests/generic.spec.js +++ b/packages/server/modules/core/tests/generic.spec.js @@ -20,7 +20,7 @@ const { } = require('@/modules/shared') const { buildContext } = require('@/modules/shared/middleware') const { ForbiddenError } = require('apollo-server-express') -const { Roles } = require('@speckle/shared') +const { Roles, Scopes } = require('@speckle/shared') describe('Generic AuthN & AuthZ controller tests', () => { before(async () => { @@ -99,7 +99,7 @@ describe('Generic AuthN & AuthZ controller tests', () => { .catch((err) => expect('Unknown role: bar').to.equal(err.message)) // this caught me out, but streams:read is not a valid role for now - await authorizeResolver('foo', 'bar', 'streams:read') + await authorizeResolver('foo', 'bar', Scopes.Streams.Read) .then(() => { throw new Error('This should have been rejected') }) diff --git a/packages/server/modules/core/tests/graph.spec.js b/packages/server/modules/core/tests/graph.spec.js index 2da700ff8..299d27064 100644 --- a/packages/server/modules/core/tests/graph.spec.js +++ b/packages/server/modules/core/tests/graph.spec.js @@ -11,7 +11,7 @@ const { addOrUpdateStreamCollaborator, removeStreamCollaborator } = require('@/modules/core/services/streams/streamAccessService') -const { Roles } = require('@speckle/shared') +const { Roles, Scopes } = require('@speckle/shared') let app let server @@ -44,8 +44,8 @@ describe('GraphQL API Core @core-api', () => { userA.id, 'test token user A', [ - 'server:setup', - 'streams:read', + Scopes.Server.Setup, + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -60,7 +60,7 @@ describe('GraphQL API Core @core-api', () => { userB.id, 'test token user B', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -75,7 +75,7 @@ describe('GraphQL API Core @core-api', () => { userC.id, 'test token user B', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -243,7 +243,7 @@ describe('GraphQL API Core @core-api', () => { userDelete.id, 'fail token user del', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -271,7 +271,7 @@ describe('GraphQL API Core @core-api', () => { userDelete.id, 'test token user del', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -1693,7 +1693,7 @@ describe('GraphQL API Core @core-api', () => { archivedUser.id, 'this will be archived', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -1735,7 +1735,7 @@ describe('GraphQL API Core @core-api', () => { query, variables: { tokenInput: { - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], name: 'thisWillNotBeCreated', lifespan: 1000000 } @@ -1840,7 +1840,7 @@ describe('GraphQL API Core @core-api', () => { name: 'Test App', public: true, description: 'Test App Description', - scopes: ['streams:read'], + scopes: [Scopes.Streams.Read], redirectUrl: 'lol://what' } } diff --git a/packages/server/modules/core/tests/graphSubs.spec.js b/packages/server/modules/core/tests/graphSubs.spec.js index 57cfa61ce..4ebb659ff 100644 --- a/packages/server/modules/core/tests/graphSubs.spec.js +++ b/packages/server/modules/core/tests/graphSubs.spec.js @@ -17,7 +17,7 @@ const { packageRoot } = require('@/bootstrap') const { addOrUpdateStreamCollaborator } = require('@/modules/core/services/streams/streamAccessService') -const { Roles } = require('@/modules/core/helpers/mainConstants') +const { Roles, Scopes } = require('@speckle/shared') const { getFreeServerPort } = require('@/test/serverHelper') let addr @@ -100,7 +100,7 @@ describe('GraphQL API Subscriptions @gql-subscriptions', () => { userA.id = await createUser(userA) const token = await createPersonalAccessToken(userA.id, 'test token user A', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -116,7 +116,7 @@ describe('GraphQL API Subscriptions @gql-subscriptions', () => { userB.id, 'test token user B', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -131,7 +131,7 @@ describe('GraphQL API Subscriptions @gql-subscriptions', () => { userC.token = `Bearer ${await createPersonalAccessToken( userC.id, 'test token user B', - ['streams:read', 'streams:write', 'users:read', 'users:email'] + [Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email'] )}` }) diff --git a/packages/server/modules/core/tests/rest.spec.js b/packages/server/modules/core/tests/rest.spec.js index d0f17769c..916dcf5ef 100644 --- a/packages/server/modules/core/tests/rest.spec.js +++ b/packages/server/modules/core/tests/rest.spec.js @@ -11,6 +11,7 @@ const { createManyObjects } = require('@/test/helpers') const { createUser } = require('../services/users') const { createPersonalAccessToken } = require('../services/tokens') const { createStream } = require('../services/streams') +const { Scopes } = require('@speckle/shared') describe('Upload/Download Routes @api-rest', () => { const userA = { @@ -40,7 +41,7 @@ describe('Upload/Download Routes @api-rest', () => { userA.id, 'test token user A', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', @@ -56,7 +57,7 @@ describe('Upload/Download Routes @api-rest', () => { userB.id, 'test token user B', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email', diff --git a/packages/server/modules/core/tests/users.spec.js b/packages/server/modules/core/tests/users.spec.js index 915f0a94f..923ad0781 100644 --- a/packages/server/modules/core/tests/users.spec.js +++ b/packages/server/modules/core/tests/users.spec.js @@ -41,6 +41,7 @@ const { const { createObject } = require('../services/objects') const { beforeEachContext } = require('@/test/hooks') +const { Scopes } = require('@speckle/shared') describe('Actors & Tokens @user-services', () => { const myTestActor = { @@ -368,18 +369,18 @@ describe('Actors & Tokens @user-services', () => { before(async () => { pregeneratedToken = await createPersonalAccessToken(myTestActor.id, 'Whabadub', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'profile:read', 'users:email' ]) revokedToken = await createPersonalAccessToken(myTestActor.id, 'Mr. Revoked', [ - 'streams:read' + Scopes.Streams.Read ]) expireSoonToken = await createPersonalAccessToken( myTestActor.id, 'Mayfly', - ['streams:read'], + [Scopes.Streams.Read], 1 ) // 1ms lifespan }) diff --git a/packages/server/modules/previews/index.js b/packages/server/modules/previews/index.js index c3945d52f..22e6319b6 100644 --- a/packages/server/modules/previews/index.js +++ b/packages/server/modules/previews/index.js @@ -21,6 +21,7 @@ const { moduleLogger, logger } = require('@/logging/logging') const { listenForPreviewGenerationUpdates } = require('@/modules/previews/services/resultListener') +const { Scopes } = require('@speckle/shared') const httpErrorImage = (httpErrorCode) => require.resolve(`#/assets/previews/images/preview_${httpErrorCode}.png`) @@ -144,7 +145,7 @@ exports.init = (app) => { if (!stream.isPublic) { try { - await validateScopes(req.context.scopes, 'streams:read') + await validateScopes(req.context.scopes, Scopes.Streams.Read) } catch (err) { return { hasPermissions: false, httpErrorCode: 401 } } diff --git a/packages/server/modules/stats/graph/resolvers/stats.js b/packages/server/modules/stats/graph/resolvers/stats.js index e8e9fcd08..7ac09896f 100644 --- a/packages/server/modules/stats/graph/resolvers/stats.js +++ b/packages/server/modules/stats/graph/resolvers/stats.js @@ -10,13 +10,13 @@ const { getTotalObjectCount, getTotalUserCount } = require('../../services') -const { Roles } = require('@speckle/shared') +const { Roles, Scopes } = require('@speckle/shared') module.exports = { Query: { async serverStats(parent, args, context) { await validateServerRole(context, Roles.Server.Admin) - await validateScopes(context.scopes, 'server:stats') + await validateScopes(context.scopes, Scopes.Server.Stats) return {} } }, diff --git a/packages/server/modules/stats/tests/stats.spec.js b/packages/server/modules/stats/tests/stats.spec.js index 8758371f3..122ff1a50 100644 --- a/packages/server/modules/stats/tests/stats.spec.js +++ b/packages/server/modules/stats/tests/stats.spec.js @@ -20,6 +20,7 @@ const { getTotalObjectCount, getTotalUserCount } = require('../services') +const { Scopes } = require('@speckle/shared') const params = { numUsers: 25, numStreams: 30, numObjects: 100, numCommits: 100 } @@ -126,24 +127,24 @@ describe('Server stats api @stats-api', function () { adminUser.goodToken = `Bearer ${await createPersonalAccessToken( adminUser.id, 'test token user A', - ['server:stats'] + [Scopes.Server.Stats] )}` adminUser.badToken = `Bearer ${await createPersonalAccessToken( adminUser.id, 'test token user A', - ['streams:read'] + [Scopes.Streams.Read] )}` notAdminUser.id = await createUser(notAdminUser) notAdminUser.goodToken = `Bearer ${await createPersonalAccessToken( notAdminUser.id, 'test token user A', - ['server:stats'] + [Scopes.Server.Stats] )}` notAdminUser.badToken = `Bearer ${await createPersonalAccessToken( notAdminUser.id, 'test token user A', - ['streams:read'] + [Scopes.Streams.Read] )}` await seedDb(params) diff --git a/packages/server/modules/webhooks/tests/webhooks.spec.js b/packages/server/modules/webhooks/tests/webhooks.spec.js index 14ec5f62e..d160073a2 100644 --- a/packages/server/modules/webhooks/tests/webhooks.spec.js +++ b/packages/server/modules/webhooks/tests/webhooks.spec.js @@ -16,6 +16,7 @@ const { } = require('../services/webhooks') const { createUser } = require('../../core/services/users') const { createStream, grantPermissionsStream } = require('../../core/services/streams') +const { Scopes } = require('@speckle/shared') describe('Webhooks @webhooks', () => { let server, sendRequest, app @@ -139,12 +140,12 @@ describe('Webhooks @webhooks', () => { userOne.token = `Bearer ${await createPersonalAccessToken( userOne.id, 'userOne test token', - ['streams:read', 'streams:write'] + [Scopes.Streams.Read, 'streams:write'] )}` userTwo.token = `Bearer ${await createPersonalAccessToken( userTwo.id, 'userTwo test token', - ['streams:read', 'streams:write'] + [Scopes.Streams.Read, 'streams:write'] )}` await grantPermissionsStream({ streamId: streamTwo.id, diff --git a/packages/server/scripts/streamObjects.js b/packages/server/scripts/streamObjects.js index b1c6c1e53..fce314e56 100644 --- a/packages/server/scripts/streamObjects.js +++ b/packages/server/scripts/streamObjects.js @@ -9,6 +9,7 @@ const { init } = require(`@/app`) const request = require('supertest') const { exit } = require('yargs') const { logger } = require('@/logging/logging') +const { Scopes } = require('@speckle/shared') const main = async () => { const testStream = { @@ -30,7 +31,7 @@ const main = async () => { userA.id, 'test token user A', [ - 'streams:read', + Scopes.Streams.Read, 'streams:write', 'users:read', 'users:email',