Skip to content
This repository was archived by the owner on Apr 19, 2023. It is now read-only.

Commit 294a568

Browse files
AnandChowdharyAnandChowdhary
committed
🐛 Use integer IDs, not TWTs, in casbin policy
1 parent b3f2f9b commit 294a568

2 files changed

Lines changed: 45 additions & 19 deletions

File tree

src/_staart/helpers/authorization.ts

Lines changed: 42 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ import { AccessTokenResponse, ApiKeyResponse } from "./jwt";
33
import { newEnforcer, Model, StringAdapter } from "casbin";
44
import { prisma } from "./prisma";
55
import { ScopesUser, ScopesGroup, ScopesAdmin } from "../../config";
6-
import { readFileSync } from "fs-extra";
6+
import { twtToId } from "./utils";
77
import { join } from "path";
88

99
/**
@@ -49,44 +49,70 @@ export const BaseScopesAdmin = {
4949
const getPolicyForUser = async (userId: number) => {
5050
let policy = "";
5151
Object.values(ScopesUser).forEach((scope) => {
52-
policy += `p, user-${userId}, user-${userId}, ${Acts.READ}${scope}\n`;
53-
policy += `p, user-${userId}, user-${userId}, ${Acts.WRITE}${scope}\n`;
52+
policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${
53+
Acts.READ
54+
}${scope}\n`;
55+
policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${
56+
Acts.WRITE
57+
}${scope}\n`;
5458
});
55-
policy += `p, user-${userId}, user-${userId}, ${Acts.DELETE}\n`;
59+
policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${
60+
Acts.DELETE
61+
}\n`;
5662
const memberships = await prisma.memberships.findMany({
5763
where: { userId },
5864
});
5965
for await (const membership of memberships) {
60-
policy += `p, user-${userId}, membership-${membership.id}, ${Acts.READ}\n`;
61-
policy += `p, user-${userId}, membership-${membership.id}, ${Acts.WRITE}\n`;
62-
policy += `p, user-${userId}, membership-${membership.id}, ${Acts.DELETE}\n`;
66+
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
67+
membership.id
68+
)}, ${Acts.READ}\n`;
69+
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
70+
membership.id
71+
)}, ${Acts.WRITE}\n`;
72+
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
73+
membership.id
74+
)}, ${Acts.DELETE}\n`;
6375
if (membership.role === "ADMIN" || membership.role === "OWNER") {
6476
const groupMemberships = await prisma.memberships.findMany({
6577
where: { groupId: membership.groupId },
6678
});
67-
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.DELETE}\n`;
79+
policy += `p, user-${twtToId(userId)}, group-${twtToId(
80+
membership.groupId
81+
)}, ${Acts.DELETE}\n`;
6882
groupMemberships.forEach((groupMembership) => {
69-
policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.READ}\n`;
83+
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
84+
groupMembership.id
85+
)}, ${Acts.READ}\n`;
7086
if (groupMembership.role !== "OWNER") {
71-
policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.WRITE}\n`;
72-
policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.DELETE}\n`;
87+
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
88+
groupMembership.id
89+
)}, ${Acts.WRITE}\n`;
90+
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
91+
groupMembership.id
92+
)}, ${Acts.DELETE}\n`;
7393
}
7494
});
7595
}
7696
Object.values(ScopesGroup).forEach((scope) => {
7797
if (membership.role === "ADMIN" || membership.role === "OWNER") {
78-
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.READ}${scope}\n`;
79-
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.WRITE}${scope}\n`;
98+
policy += `p, user-${twtToId(userId)}, group-${twtToId(
99+
membership.groupId
100+
)}, ${Acts.READ}${scope}\n`;
101+
policy += `p, user-${twtToId(userId)}, group-${twtToId(
102+
membership.groupId
103+
)}, ${Acts.WRITE}${scope}\n`;
80104
} else {
81-
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.READ}${scope}\n`;
105+
policy += `p, user-${twtToId(userId)}, group-${twtToId(
106+
membership.groupId
107+
)}, ${Acts.READ}${scope}\n`;
82108
}
83109
});
84110
}
85111
const userDetails = await getUserById(userId);
86112
if (userDetails.role === "SUDO") {
87113
Object.values(ScopesAdmin).forEach((scope) => {
88-
policy += `p, user-${userId}, ${Acts.READ}, ${scope}\n`;
89-
policy += `p, user-${userId}, ${Acts.WRITE}, ${scope}\n`;
114+
policy += `p, user-${twtToId(userId)}, ${Acts.READ}, ${scope}\n`;
115+
policy += `p, user-${twtToId(userId)}, ${Acts.WRITE}, ${scope}\n`;
90116
});
91117
}
92118
console.log(policy);

src/_staart/helpers/utils.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ import { ApiKeyResponse } from "./jwt";
1414
*/
1515
export type PartialBy<T, K extends keyof T> = Omit<T, K> & Partial<Pick<T, K>>;
1616

17-
export const twtToId = (twt: string, userId?: string) => {
18-
if (twt.length < 10 && twt !== "me") return parseInt(twt);
17+
export const twtToId = (twt: string | number, userId?: string) => {
18+
if (String(twt).length < 10 && twt !== "me") return parseInt(String(twt));
1919
return twt === "me" && userId
2020
? parseInt(verify(userId, config("twtSecret"), 10), 10)
21-
: parseInt(verify(twt, config("twtSecret"), 10), 10);
21+
: parseInt(verify(String(twt), config("twtSecret"), 10), 10);
2222
};
2323

2424
/**

0 commit comments

Comments
 (0)