From 294a5682a8c48220bee4783aebffd06020ad5147 Mon Sep 17 00:00:00 2001 From: Anand Chowdhary Date: Wed, 2 Sep 2020 21:50:49 +0530 Subject: [PATCH] :bug: Use integer IDs, not TWTs, in casbin policy --- src/_staart/helpers/authorization.ts | 58 ++++++++++++++++++++-------- src/_staart/helpers/utils.ts | 6 +-- 2 files changed, 45 insertions(+), 19 deletions(-) diff --git a/src/_staart/helpers/authorization.ts b/src/_staart/helpers/authorization.ts index 9a50a783c..9d00b4463 100644 --- a/src/_staart/helpers/authorization.ts +++ b/src/_staart/helpers/authorization.ts @@ -3,7 +3,7 @@ import { AccessTokenResponse, ApiKeyResponse } from "./jwt"; import { newEnforcer, Model, StringAdapter } from "casbin"; import { prisma } from "./prisma"; import { ScopesUser, ScopesGroup, ScopesAdmin } from "../../config"; -import { readFileSync } from "fs-extra"; +import { twtToId } from "./utils"; import { join } from "path"; /** @@ -49,44 +49,70 @@ export const BaseScopesAdmin = { const getPolicyForUser = async (userId: number) => { let policy = ""; Object.values(ScopesUser).forEach((scope) => { - policy += `p, user-${userId}, user-${userId}, ${Acts.READ}${scope}\n`; - policy += `p, user-${userId}, user-${userId}, ${Acts.WRITE}${scope}\n`; + policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${ + Acts.READ + }${scope}\n`; + policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${ + Acts.WRITE + }${scope}\n`; }); - policy += `p, user-${userId}, user-${userId}, ${Acts.DELETE}\n`; + policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${ + Acts.DELETE + }\n`; const memberships = await prisma.memberships.findMany({ where: { userId }, }); for await (const membership of memberships) { - policy += `p, user-${userId}, membership-${membership.id}, ${Acts.READ}\n`; - policy += `p, user-${userId}, membership-${membership.id}, ${Acts.WRITE}\n`; - policy += `p, user-${userId}, membership-${membership.id}, ${Acts.DELETE}\n`; + policy += `p, user-${twtToId(userId)}, membership-${twtToId( + membership.id + )}, ${Acts.READ}\n`; + policy += `p, user-${twtToId(userId)}, membership-${twtToId( + membership.id + )}, ${Acts.WRITE}\n`; + policy += `p, user-${twtToId(userId)}, membership-${twtToId( + membership.id + )}, ${Acts.DELETE}\n`; if (membership.role === "ADMIN" || membership.role === "OWNER") { const groupMemberships = await prisma.memberships.findMany({ where: { groupId: membership.groupId }, }); - policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.DELETE}\n`; + policy += `p, user-${twtToId(userId)}, group-${twtToId( + membership.groupId + )}, ${Acts.DELETE}\n`; groupMemberships.forEach((groupMembership) => { - policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.READ}\n`; + policy += `p, user-${twtToId(userId)}, membership-${twtToId( + groupMembership.id + )}, ${Acts.READ}\n`; if (groupMembership.role !== "OWNER") { - policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.WRITE}\n`; - policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.DELETE}\n`; + policy += `p, user-${twtToId(userId)}, membership-${twtToId( + groupMembership.id + )}, ${Acts.WRITE}\n`; + policy += `p, user-${twtToId(userId)}, membership-${twtToId( + groupMembership.id + )}, ${Acts.DELETE}\n`; } }); } Object.values(ScopesGroup).forEach((scope) => { if (membership.role === "ADMIN" || membership.role === "OWNER") { - policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.READ}${scope}\n`; - policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.WRITE}${scope}\n`; + policy += `p, user-${twtToId(userId)}, group-${twtToId( + membership.groupId + )}, ${Acts.READ}${scope}\n`; + policy += `p, user-${twtToId(userId)}, group-${twtToId( + membership.groupId + )}, ${Acts.WRITE}${scope}\n`; } else { - policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.READ}${scope}\n`; + policy += `p, user-${twtToId(userId)}, group-${twtToId( + membership.groupId + )}, ${Acts.READ}${scope}\n`; } }); } const userDetails = await getUserById(userId); if (userDetails.role === "SUDO") { Object.values(ScopesAdmin).forEach((scope) => { - policy += `p, user-${userId}, ${Acts.READ}, ${scope}\n`; - policy += `p, user-${userId}, ${Acts.WRITE}, ${scope}\n`; + policy += `p, user-${twtToId(userId)}, ${Acts.READ}, ${scope}\n`; + policy += `p, user-${twtToId(userId)}, ${Acts.WRITE}, ${scope}\n`; }); } console.log(policy); diff --git a/src/_staart/helpers/utils.ts b/src/_staart/helpers/utils.ts index 370877beb..5a0998374 100644 --- a/src/_staart/helpers/utils.ts +++ b/src/_staart/helpers/utils.ts @@ -14,11 +14,11 @@ import { ApiKeyResponse } from "./jwt"; */ export type PartialBy = Omit & Partial>; -export const twtToId = (twt: string, userId?: string) => { - if (twt.length < 10 && twt !== "me") return parseInt(twt); +export const twtToId = (twt: string | number, userId?: string) => { + if (String(twt).length < 10 && twt !== "me") return parseInt(String(twt)); return twt === "me" && userId ? parseInt(verify(userId, config("twtSecret"), 10), 10) - : parseInt(verify(twt, config("twtSecret"), 10), 10); + : parseInt(verify(String(twt), config("twtSecret"), 10), 10); }; /**