Implemented users module

fonoster · Oct 18, 2021 · e2e16aa · e2e16aa
1 parent eab2b97
commit e2e16aa
Show file tree

Hide file tree

Showing 24 changed files with 3,877 additions and 141 deletions.
diff --git a/etc/rbac.json b/etc/rbac.json
@@ -1,13 +1,23 @@
 [
   {
     "name": "USER",
-    "description": "Regular access",
+    "description": "Access to User and Project endpoints",
     "access": [
-      "/fonos.users.v1beta1.Users/CreateUser",
       "/fonos.users.v1beta1.Users/GetUser",
       "/fonos.users.v1beta1.Users/UpdateUser",
-      "/fonos.users.v1beta1.Users/DeleteUser",
-      "/fonos.auth.v1beta1.Auth/GetRole",
+      "/fonos.users.v1beta1.Users/Login",
+      "/fonos.projects.v1beta1.Projects/ListProjects",
+      "/fonos.projects.v1beta1.Projects/CreateProject",
+      "/fonos.projects.v1beta1.Projects/UpdateProject",
+      "/fonos.projects.v1beta1.Projects/GetProject",
+      "/fonos.projects.v1beta1.Projects/DeleteProject",
+      "/fonos.projects.v1beta1.Projects/RenewAccessKeySecret"
+    ]
+  },  
+  {
+    "name": "PROJECT",
+    "description": "Access to Project resources",
+    "access": [
       "/fonos.storage.v1beta1.Storage/UploadObject",
       "/fonos.storage.v1beta1.Storage/GetObjectURL",
       "/fonos.providers.v1beta1.Providers/ListProviders",
@@ -44,8 +54,7 @@
       "/fonos.funcs.v1beta1.Funcs/GetFuncLogs",
       "/fonos.secrets.v1beta1.Secrets/CreateSecret",
       "/fonos.secrets.v1beta1.Secrets/ListSecretsId",
-      "/fonos.secrets.v1beta1.Secrets/DeleteSecret",
-      "/fonos.auth.v1beta1.Auth/ValidateToken"
+      "/fonos.secrets.v1beta1.Secrets/DeleteSecret"
     ]
   },
   {
@@ -75,6 +84,10 @@
   {
     "name": "ADMIN",
     "description": "Can perform administrative task",
-    "access": ["/fonos.auth.v1beta1.Auth/CreateToken"]
+    "access": [
+      "/fonos.auth.v1beta1.Auth/CreateToken",
+      "/fonos.users.v1beta1.Users/CreateUser",
+      "/fonos.users.v1beta1.Users/DeleteUser"
+    ]
   }
 ]
diff --git a/mods/auth/src/auth_middleware.ts b/mods/auth/src/auth_middleware.ts
@@ -72,7 +72,7 @@ export default class AuthMiddleware {
               errorCb({
                 code: grpc.status.UNAUTHENTICATED,
                 // TODO: Improve error message
-                message: "UNAUTHENTICATED"
+                message: "invalid authentication"
               });
 
             const hasAccess = await roleHasAccess(
@@ -86,14 +86,14 @@ export default class AuthMiddleware {
               errorCb({
                 code: grpc.status.PERMISSION_DENIED,
                 // TODO: Improve error message
-                message: "PERMISSION_DENIED"
+                message: "permission denied"
               });
             }
           } else {
             errorCb({
               code: grpc.status.UNAUTHENTICATED,
               // TODO: Improve error message
-              message: "UNAUTHENTICATED"
+              message: "invalid authentication"
             });
           }
         });

diff --git a/mods/auth/src/protos/auth.proto b/mods/auth/src/protos/auth.proto
@@ -20,14 +20,14 @@ service Auth {
   rpc GetRole (GetRoleRequest) returns (Role) {
     option (google.api.http) = { get: "/v1beta1/auth/role/{name}" };
   };
-  // Verifies if a token was issue by Fonos or the same private key
+  // Verifies if a token was issue by Fonos
   rpc ValidateToken (ValidateTokenRequest) returns (ValidateTokenResponse) {
     option (google.api.http) = { get: "/v1beta1/auth/token/{token}" };
   }
   // Creates a new token for a given accessKeyId
   rpc CreateToken (CreateTokenRequest) returns (CreateTokenResponse) {
     option (google.api.http) = { 
-      put: "/v1beta1/auth/token"
+      get: "/v1beta1/auth/token"
       body: "*" 
     };
   }

diff --git a/mods/auth/src/service/auth.ts b/mods/auth/src/service/auth.ts
@@ -53,7 +53,7 @@ class AuthServer implements IAuthServer {
     call: grpc.ServerUnaryCall<CreateTokenRequest, CreateTokenResponse>,
     callback: grpc.sendUnaryData<CreateTokenResponse>
   ) {
-    // WARNING: We need to validate the token and verify
+    // TODO: We need to validate the token and verify
     // it has permissions to create token since the auth module
     // doesnt pass thru the auth middleware.
     logger.verbose(
@@ -75,7 +75,7 @@ class AuthServer implements IAuthServer {
     call: grpc.ServerUnaryCall<CreateTokenRequest, CreateTokenResponse>,
     callback: grpc.sendUnaryData<CreateTokenResponse>
   ) {
-    // WARNING: We need to validate the token and verify
+    // TODO: We need to validate the token and verify
     // it has permissions to create token since the auth module
     // doesnt pass thru the auth middleware.
     logger.verbose(
@@ -84,7 +84,6 @@ class AuthServer implements IAuthServer {
     const result = await authenticator.createToken(
       call.request.getAccessKeyId(),
       AUTH_ISS,
-      // WARNING: Harcoded value
       "NO_ACCESS",
       getSalt(),
       "1d"

diff --git a/mods/auth/src/service/protos/auth_grpc_pb.js b/mods/auth/src/service/protos/auth_grpc_pb.js
@@ -94,7 +94,7 @@ getRole: {
     responseSerialize: serialize_fonos_auth_v1beta1_Role,
     responseDeserialize: deserialize_fonos_auth_v1beta1_Role,
   },
-  // Verifies if a token was issue by Fonos or the same private key
+  // Verifies if a token was issue by Fonos
 validateToken: {
     path: '/fonos.auth.v1beta1.Auth/ValidateToken',
     requestStream: false,

diff --git a/mods/errors/src/codes.ts b/mods/errors/src/codes.ts
@@ -1,19 +1,23 @@
 const UNAUTHENTICATED = 16;
+const PERMISSION_DENIED = 7;
 const UNKNOWN = 2;
 const FAILED_PRECONDITION = 9;
 const INVALID_ARGUMENT = 3;
 const INTERNAL = 13;
 const ENTITY_ALREADY_EXIST = 6;
 const UNIMPLEMENTED = 12;
 const NOT_FOUND = 5;
+const ALREADY_EXISTS = 6;
 
 export {
   UNAUTHENTICATED,
+  PERMISSION_DENIED,
   UNKNOWN,
   FAILED_PRECONDITION,
   INVALID_ARGUMENT,
   INTERNAL,
   ENTITY_ALREADY_EXIST,
   UNIMPLEMENTED,
-  NOT_FOUND
+  NOT_FOUND,
+  ALREADY_EXISTS
 };
diff --git a/mods/numbers/src/service/create_number.ts b/mods/numbers/src/service/create_number.ts
@@ -4,14 +4,11 @@ import {
   ResourceBuilder,
   Kind,
   routr,
-  getAccessKeyId,
-  getRedisConnection
+  getAccessKeyId
 } from "@fonos/core";
 import numberDecoder from "./decoder";
 import {assertHasAorLinkOrIngressInfo, assertIsE164} from "../utils/assertions";
 
-const redis = getRedisConnection();
-
 export default async function createNumber(
   number: NumbersPB.Number,
   call: any
@@ -29,7 +26,6 @@ export default async function createNumber(
       number.getAorLink()
     );
   } else {
-    // TODO: Perhaps I should place this in a ENV
     encoder = encoder
       .withLocation(`tel:${number.getE164Number()}`, process.env.MS_ENDPOINT)
       .withMetadata({