Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set juggler configs in options by default #4065

Merged
merged 2 commits into from Nov 15, 2018
Merged

Set juggler configs in options by default #4065

merged 2 commits into from Nov 15, 2018

Conversation

raymondfeng
Copy link
Member

@raymondfeng raymondfeng commented Nov 12, 2018
edited

Description

This PR allows set prohibitHiddenPropertiesInQuery, maxDepthOfQuery, and maxDepthOfData in options for CRUD operations.

Related issues

loopbackio/loopback-datasource-juggler#1662

  • connect to <link_to_referenced_issue>

Checklist

  • New tests added or existing tests modified to cover all changes
  • Code conforms with the style
    guide

jannyHou
jannyHou approved these changes Nov 12, 2018
View reviewed changes
Copy link
Contributor

@jannyHou jannyHou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LTGM 👍

bajtos
bajtos suggested changes Nov 13, 2018
View reviewed changes
Copy link
Member

@bajtos bajtos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👎

I am not a fan of leaking remoting context to juggler. Ideally, loopback-datasource-juggler should not deal with anything that's specific to REST APIs and stay focused on ORM & data access.

In particular case of loopbackio/loopback-datasource-juggler#1662, I would like us to investigate a different design that I consider as more clean and robust:

  • In juggler, we allow security related flags to be controlled for each method invocation via options object
  • In LoopBack, we modify createOptionsViaModelMethod to set these security-related flags to reasonable defaults.

One of the big benefits I see in this approach: because security-related flags are configured via options, LB app developers can easily tweak them e.g. via custom options factory (see Customize the value provided to options in our docs).

@bajtos bajtos mentioned this pull request Nov 13, 2018
Merged
2 tasks
bajtos
bajtos reviewed Nov 13, 2018
View reviewed changes
lib/model.js Outdated
@@ -492,14 +492,17 @@ module.exports = function(registry) {
}

function createOptionsViaModelMethod(ctx) {
var EMPTY_OPTIONS = {};
var REMOTE_OPTIONS = {
remotingContext: ctx,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically, my suggestion boils down to the following change in your patch:

Suggested change
remotingContext: ctx,
maxDepthOfQuery: 16,
maxDepthOfData: 32,

lib/model.js Outdated
@@ -492,14 +492,17 @@ module.exports = function(registry) {
}

function createOptionsViaModelMethod(ctx) {
var EMPTY_OPTIONS = {};
var REMOTE_OPTIONS = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
var REMOTE_OPTIONS = {
var DEFAULT_OPTIONS = {

@raymondfeng
Copy link
Member Author

I thought about setting default values for such flags in createOptionsViaModelMethod but found the following issues:

Method level options.prohibitHiddenProperties takes precedence over model/datasource level settings. As a result, we cannot override such defaults without customizing createOptionsFromRemotingContext. I think it's confusing that we cannot control such settings at model/datasource level.

One of the big benefits I see in this approach: because security-related flags are configured via options, LB app developers can easily tweak them e.g. via custom options factory (see Customize the value provided to options in our docs).

With the PR, developers can still reset such flags by overriding createOptionsFromRemotingContext, such as:

createOptionsFromRemotingContext(ctx) {
  return {prohibitHiddenProperties: true};
}

I'm open to a slightly different form, for example:

const REMOTE_OPTIONS = {
  defaultJugglerSettings: {
    prohibitHiddenProperties: true
  }
}

@raymondfeng raymondfeng changed the title Set remotingContext in options by default Set juggler configs in options by default Nov 14, 2018
@raymondfeng
Copy link
Member Author

raymondfeng commented Nov 14, 2018
edited

@bajtos I reworked the patch to honor datasource/model settings and configure reasonable defaults in options. Please note that it depends on loopbackio/loopback-datasource-juggler#1662.

bajtos
bajtos approved these changes Nov 15, 2018
View reviewed changes
Copy link
Member

@bajtos bajtos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏

lib/model.js
// Default to `12` for the max depth of a query object
maxDepthOfQuery: ModelCtor._getMaxDepthOfQuery({}, 12),
// Default to `32` for the max depth of a data object
maxDepthOfData: ModelCtor._getMaxDepthOfData({}, 32),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lovely 👍

test/model.test.js
@@ -1028,7 +1062,6 @@ describe.onServer('Remote Methods', function() {
return User.login(CREDENTIALS);
}).then(function(token) {
accessToken = token;
userId = token.userId;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change seems rather unrelated, could you please remove it (revert this line)?

@raymondfeng
3.24.0
81d1f74 
 * Set juggler options for remote calls (Raymond Feng)
 * Speed up ACL tests by reducing saltWorkFactor (Miroslav Bajtoš)
@raymondfeng raymondfeng merged commit aad97c2 into master Nov 15, 2018
@raymondfeng raymondfeng deleted the set-default-remote-options branch November 15, 2018 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bajtos bajtos bajtos approved these changes

@jannyHou jannyHou jannyHou approved these changes

@clark0x clark0x Awaiting requested review from clark0x

@ebarault ebarault Awaiting requested review from ebarault ebarault is a code owner

@fabien fabien Awaiting requested review from fabien fabien is a code owner

@zbarbuto zbarbuto Awaiting requested review from zbarbuto zbarbuto is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@raymondfeng @bajtos @jannyHou