Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor and move security validations #804

Merged
merged 40 commits into from Nov 14, 2019
Merged

Refactor and move security validations #804

merged 40 commits into from Nov 14, 2019

Conversation

XVincentX
Copy link
Contributor

@XVincentX XVincentX commented Nov 13, 2019
edited

This PR will address most of the technical debt we had in the security validations. In particular:

  • Moves the HTTP security validations to the HTTP package and not keep them in core. They didn't make sense since in the core package we do not know if we're handling HTTP stuff. This allowed me to remove a lot of unknown and weird lodash.get calls and use precise types
  • Validate Security is now standardised and uses the same ValidatorFn shape we're using for valdidateInput and validateOutput
  • The "securityHandler" look up function has been replaced with a static one which is type safer and probably even faster. The runtime option didn't make sense.
  • Removed useless parameters that were not used, as well some optional that, well, were not optional
  • Narrowed the types; security is only checking security, we do not need to pass the whole HTTP Request
  • Tests and some minor bugs have been fixed because of the more precise typing

There are some other internal refactors that need to be done (although not urgent) because the current code is really hard to reason about. I'll tame this beast in the next airplane (tomorrow)

@XVincentX
refactor: resource is not undefined
6835d87
@XVincentX
refactor: put a type so TypeScript does not come out with any
223e05a
@XVincentX
refactor: no probably undefined
8c7f59d
@XVincentX
refactor: use pipe
d3b91b0
@XVincentX
refactor: avoid function call
13e12ab
@XVincentX
refactor: no undefined
beab622
@XVincentX
refactor: simplify the function
31cc3d4
@XVincentX
refactor: reuse function
0bc083e
@XVincentX
refactor: no undefined
d1d0947
@XVincentX
refactor: correctly propagate stuff
a30b4bb
@XVincentX
refactor: move http specific security to http package
aba73db
@XVincentX
refactor: validate security is coming from the validator
ea5e30c
@XVincentX
refactor: specify types instead of undefineds
d12497b
@XVincentX
refactor: re-export validateSecurity
11c6baa
@XVincentX
refactor: use precise types
784569a
@XVincentX
refactor: use precise types
09c20c0
@XVincentX
test: add required mock
5eb7031
@XVincentX
refactor: precise types
c9ca7e9
@XVincentX
Merge branch 'master' into feat/security-
5c6399e
@XVincentX
refactor: make sure validateSecurity conforms to the signature
e983a21
@XVincentX
refactor: put types in order
cd5ab95
@XVincentX
refactor: kill custom type
7901de9
@XVincentX
refactor: use precise types
1b270b6
@XVincentX
refactor: use correct types
8361674
@XVincentX
feat: update to latest types
2d9be81
@XVincentX
refactor: use precise types
fba233a
@XVincentX XVincentX force-pushed the feat/security- branch 2 times, most recently from 6124d1b to 12538e9 Compare November 13, 2019 18:20
@XVincentX XVincentX marked this pull request as ready for review November 14, 2019 10:48
@XVincentX XVincentX force-pushed the feat/security- branch 2 times, most recently from d4d731f to f689fd3 Compare November 14, 2019 11:17
karol-maciaszek
karol-maciaszek suggested changes Nov 14, 2019
View reviewed changes
Copy link
Contributor

@karol-maciaszek karol-maciaszek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, yet another piece of code is polished 👍

Couple minor comments added.

packages/http/src/validator/validators/security/handlers/bearer.ts Show resolved Hide resolved
packages/http/src/validator/validators/security/handlers/index.ts Outdated Show resolved Hide resolved
packages/http/src/validator/validators/security/handlers/index.ts Outdated Show resolved Hide resolved
packages/http/src/validator/validators/security/handlers/index.ts Outdated Show resolved Hide resolved
packages/http/src/validator/validators/security/handlers/utils.ts Outdated Show resolved Hide resolved
karol-maciaszek
karol-maciaszek approved these changes Nov 14, 2019
View reviewed changes
Copy link
Contributor

@karol-maciaszek karol-maciaszek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@XVincentX XVincentX merged commit 0969677 into master Nov 14, 2019
@XVincentX XVincentX deleted the feat/security- branch November 14, 2019 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karol-maciaszek karol-maciaszek karol-maciaszek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@XVincentX @karol-maciaszek