-
Notifications
You must be signed in to change notification settings - Fork 4
ACL Implementation - initial commit - still a WIP #1
Conversation
cicorias
commented
Mar 2, 2016
@@ -0,0 +1,190 @@ | |||
// Available variables which can be used inside of strings. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is any VS Code specific files necessary here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removing..
Reviewed 11 of 31 files at r1, 2 of 16 files at r2, 5 of 6 files at r3. README.md, line 2 [r1] (raw file): lib/acl-example.js, line 1 [r3] (raw file): lib/acl-schema.json, line 1 [r3] (raw file): lib/fauxton.js, line 1 [r3] (raw file): lib/index.js, line 14 [r1] (raw file): lib/index.js, line 8 [r3] (raw file): lib/index.js, line 10 [r3] (raw file): lib/index.js, line 21 [r3] (raw file): lib/index.js, line 22 [r3] (raw file): lib/index.js, line 27 [r3] (raw file): I also don't think we want to have path.role.verb because it requires us to redefine allowed verbs for every user. E.g. if both Joe and Jane have access to the same paths and verbs we have to enter them as two separate roles so their identities will match. Also having path.role.verb turns out to be difficult because it doesn't let us define all the rights for a user in one place. We have to define the splattered across the various paths. This makes adding or removing a user really painful because we have to change values in a ton of places. I would suggest a different approach. How about role.path.verb? I would also add a translation step, a group object. When we look up an identity we will submit it to the group object array that is allowed to return exactly one (or no) value. That is their role. We then look up role['pullSync'].path['/'].verb['GET']. Now we can define all the paths and verbs for a specific role in one place at one time. We can easily separate definitions for different roles. And we can add and remove users from a role by changing their value in the separate group array. lib/index.js, line 42 [r3] (raw file): Also wouldn't it simplify the code to, before calling mapIt, instead check if req.path contains a '/' as the last character and if it does then remove and then for the first time call mapIt? lib/index.js, line 48 [r3] (raw file): lib/index.js, line 63 [r3] (raw file): lib/index.js, line 64 [r3] (raw file): lib/indexOf.js, line 32 [r1] (raw file): lib/indexOf.js, line 33 [r1] (raw file): lib/indexOf.js, line 46 [r1] (raw file): lib/pouchdb.js, line 1 [r3] (raw file): lib/pouchdb.js, line 11 [r3] (raw file): Comments from the review on Reviewable.io |
@cicorias some initial comments to chew on. Please assign the bug back to me when it's ready for final review. |
Review status: 7 of 41 files reviewed at latest revision, 21 unresolved discussions. LICENSE, line 3 [r1] (raw file): lib/acl-schema.json, line 1 [r3] (raw file): lib/index.js, line 14 [r1] (raw file): lib/index.js, line 8 [r3] (raw file): lib/index.js, line 10 [r3] (raw file): lib/index.js, line 21 [r3] (raw file): lib/index.js, line 22 [r3] (raw file): lib/index.js, line 27 [r3] (raw file): So, the simplest configuration that i came up with is 'path.role.verb. And there would be "1" per DB. As for Identity vs. Role - the use of the term Identity is something that carries forward from PskIdentity. However, our permission model is seems categorizes into 3 (really 2 for this add-in) "buckets". So, identities would really map to a "role" - and that's how the permission is articulated. If it were Identity, there would be a far larger dataset of ACLs. As for adding a group object, again, until we fully integrate and validate it won't work, then we can address. For your example of "pullSync" - not sure what that applies from. A "PullSync" would actually entail GET/PUT/POST - which is how at the layer we're at, the PouchDB client talks to the PouchDB server. If we go to "pullSync" - well, that would break out into the verbs as they are now. So, they have to be represented somewhere. To move forward on this, i' going to need better articulated acceptance testing as the initial discussion was with PouchDB replication as the acceptance test. lib/index.js, line 42 [r3] (raw file): lib/index.js, line 48 [r3] (raw file): lib/index.js, line 63 [r3] (raw file): lib/index.js, line 64 [r3] (raw file): lib/indexOf.js, line 32 [r1] (raw file): i've removed it. lib/indexOf.js, line 33 [r1] (raw file): lib/indexOf.js, line 46 [r1] (raw file): lib/acl-example.js, line 1 [r3] (raw file): lib/fauxton.js, line 1 [r3] (raw file): Comments from the review on Reviewable.io |
updated and pushed. Review status: 7 of 41 files reviewed at latest revision, 6 unresolved discussions. Comments from the review on Reviewable.io |
My assumption is that we don't need test-old so I'm not reviewing it. Please let me know if my assumption is wrong. Reviewed 5 of 41 files at r1, 10 of 18 files at r2, 1 of 6 files at r3, 8 of 13 files at r4, 2 of 4 files at r5, 1 of 19 files at r6, 1 of 2 files at r8, 2 of 24 files at r9, 3 of 7 files at r10, 1 of 6 files at r12, 11 of 11 files at r14. newtests.txt, line 2 [r14] (raw file): lib/index.1.js, line 1 [r14] (raw file): lib/index.js, line 13 [r14] (raw file): lib/index.js, line 16 [r14] (raw file): if (NOTFOUND === pathExists) {
return false;
} That way the rest of the code can be out-dented? lib/index.js, line 37 [r14] (raw file): lib/index.js, line 68 [r14] (raw file): lib/index.js, line 119 [r14] (raw file): lib/index.js, line 121 [r14] (raw file): lib/index.js, line 122 [r14] (raw file): lib/indexOf.js, line 39 [r6] (raw file): lib/indexOf.js, line 47 [r14] (raw file): sample/acl-example.js, line 11 [r14] (raw file): sample/fauxton.js, line 86 [r14] (raw file): sample/key-cert.pem, line 1 [r14] (raw file): sample/key.pem, line 1 [r14] (raw file): sample/package.json, line 12 [r14] (raw file): sample/pouchdb.js, line 38 [r14] (raw file): sample/server.js, line 37 [r14] (raw file): sample/app/validate.js, line 36 [r14] (raw file): test/acl-block.1.js, line 6 [r14] (raw file): test/acl-get-multipleusers.js, line 1 [r14] (raw file): test/acl-get-user.js, line 1 [r14] (raw file): test/acl-path-types.js, line 1 [r14] (raw file): test/handlers.js, line 7 [r14] (raw file): test/jshint.spec.js, line 1 [r14] (raw file): test/template.js, line 1 [r14] (raw file): test/test-core-resources-local.js, line 15 [r14] (raw file): test/test-core-resources-local.js, line 15 [r14] (raw file): That way we could have a single test rig that read in the object and ran all the tests. It would also make it much easier to see exactly what the test was doing. test/test-core-resources-local.js, line 25 [r14] (raw file): test/test-core-resources.js, line 42 [r14] (raw file): test/test-noaclfile.js, line 37 [r14] (raw file): test/test-noaclfile.js, line 58 [r14] (raw file): test/test-parmchecks.js, line 5 [r14] (raw file): test/test-parmchecks.js, line 11 [r14] (raw file): test/test-parmchecks.js, line 13 [r14] (raw file): Comments from Reviewable |
Reviewed 3 of 41 files at r1, 3 of 18 files at r2, 1 of 24 files at r9. newtests.txt, line 2 [r14] (raw file): lib/index.js, line 42 [r5] (raw file): lib/index.js, line 13 [r14] (raw file): lib/index.js, line 16 [r14] (raw file): lib/index.js, line 37 [r14] (raw file): lib/index.js, line 68 [r14] (raw file): lib/index.js, line 119 [r14] (raw file): lib/index.js, line 121 [r14] (raw file): lib/index.js, line 122 [r14] (raw file): The ACL for lib/indexOf.js, line 39 [r6] (raw file): lib/indexOf.js, line 47 [r14] (raw file): sample/acl-example.js, line 11 [r14] (raw file): sample/fauxton.js, line 86 [r14] (raw file): sample/key-cert.pem, line 1 [r14] (raw file): sample/key.pem, line 1 [r14] (raw file): sample/package.json, line 12 [r14] (raw file): sample/pouchdb.js, line 38 [r14] (raw file): sample/server.js, line 37 [r14] (raw file): sample/app/validate.js, line 36 [r14] (raw file): test/acl-block.1.js, line 6 [r14] (raw file): test/acl-get-multipleusers.js, line 1 [r14] (raw file): test/acl-get-user.js, line 1 [r14] (raw file): test/acl-path-types.js, line 1 [r14] (raw file): test/handlers.js, line 7 [r14] (raw file): test/jshint.spec.js, line 1 [r14] (raw file): test/template.js, line 1 [r14] (raw file): test/test-core-resources-local.js, line 15 [r14] (raw file): test/test-core-resources-local.js, line 15 [r14] (raw file): test/test-core-resources-local.js, line 25 [r14] (raw file): test/test-core-resources.js, line 42 [r14] (raw file): test/test-noaclfile.js, line 37 [r14] (raw file): test/test-noaclfile.js, line 58 [r14] (raw file): test/test-parmchecks.js, line 5 [r14] (raw file): test/test-parmchecks.js, line 11 [r14] (raw file): test/test-parmchecks.js, line 13 [r14] (raw file): Comments from Reviewable |
Changes Unknown when pulling 258beec on initial into * on master*. |
Reviewed 1 of 13 files at r4, 1 of 2 files at r8, 2 of 11 files at r14, 20 of 29 files at r15. lib/index.js, line 16 [r14] (raw file): lib/index.js, line 119 [r14] (raw file): validateThaliLocal(publicKeyHash, pskIdentifier) which would then return a Boolean. If false then the request is rejected. If true then it is accepted. The first argument would be the ID minus the thali_ prefix (this should be a base 64 URL safe encoded hash of the callers public key) and the second value is req.connection.pskIdentifier. With those two inputs it is the job of the function to either return true if the pskIdentifier value matches the base 64 URL encoded public key hash in the ID or not. So basically this all boils down to adding a new argument to the SALTI constructor that takes this function and putting in a call when you get to this part of the code (e.g. local) and determine that the submitted ID value begins with the characters 'thali'. You would then call the argument in the function with the two values I specified and it would return true if you should continue or false if you should return a 401. (Note, not that it matters since this is invisible to the SALTI code but inside of the callback function passed to the constructor will be a call to thaliNotificationServer.getPskIdToPublicKey which will translate the pskIdentifier argument to a public key Buffer. We then will pass that buffer through thaliNotificationBeacons.createPublicKeyHash which will then be passed through the urlsafe-base64 NPM package. The resulting string will then be compared to the value you passed in with the content after thali_. If the two strings match then true will be returned, otherwise false.) lib/index.js, line 122 [r14] (raw file): lib/indexOf.js, line 39 [r6] (raw file): sample/acl-example.js, line 11 [r14] (raw file): sample/fauxton.js, line 86 [r14] (raw file): sample/package.json, line 12 [r14] (raw file): test/acl-block.1.js, line 6 [r14] (raw file): test/test-core-resources-local.js, line 25 [r14] (raw file): test/test-core-resources.js, line 42 [r14] (raw file): test/test-noaclfile.js, line 37 [r14] (raw file): Comments from Reviewable |
Reviewed 1 of 18 files at r2, 1 of 13 files at r4, 1 of 4 files at r5, 1 of 29 files at r15. lib/index.js, line 16 [r14] (raw file): lib/indexOf.js, line 39 [r6] (raw file): sample/acl-example.js, line 11 [r14] (raw file): sample/fauxton.js, line 86 [r14] (raw file): sample/package.json, line 12 [r14] (raw file): test/test-core-resources.js, line 42 [r14] (raw file): test/test-noaclfile.js, line 37 [r14] (raw file): Comments from Reviewable |
Review status: all files reviewed at latest revision, 8 unresolved discussions. a discussion (no related file): lib/index.1.js, line 1 [r14] (raw file): Comments from Reviewable |
Changes Unknown when pulling 2f69b90 on initial into * on master*. |
Reviewed 5 of 6 files at r16. Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions. Comments from Reviewable |
Review status: all files reviewed at latest revision, 1 unresolved discussion. .vscode/tasks.json, line 1 [r1] (raw file): Comments from Reviewable |
Review status: all files reviewed at latest revision, 1 unresolved discussion. .vscode/tasks.json, line 1 [r1] (raw file): Comments from Reviewable |