chore(backend): do not store entire grant on context #911
Conversation
Make access limits specific to outgoing payment creation.
github-actions
bot
added
pkg: backend
wilsonianb
requested review from
sabineschaller,
dclipp,
mkurapov and
JoblersTune
| (!access['identifier'] || | ||
| access['identifier'] === ctx.paymentPointer.url) && | ||
| access.actions.find((tokenAction) => { | ||
| if (tokenAction == action) { |
There was a problem hiding this comment.
| if (tokenAction == action) { | |
| if (tokenAction === action) { |
I don't think a triple-equals will cause issues here, it'll be just a string comparison at runtime
same below
There was a problem hiding this comment.
Oops, I originally had this based on a branch using generated OpenAPI types where it was an issue.
I tripled the access type check but missed the actions.
| (!access['identifier'] || | ||
| access['identifier'] === ctx.paymentPointer.url) && |
There was a problem hiding this comment.
| (!access['identifier'] || | |
| access['identifier'] === ctx.paymentPointer.url) && | |
| (access.identifier === ctx.paymentPointer.url) && |
if its optional
| // Unless the relevant grant action is ReadAll/ListAll add the | ||
| // clientId to ctx for Read/List filtering |
There was a problem hiding this comment.
I'm not sure if I understand the comment fully, but it reads as though
return (
(action === AccessAction.Read &&
tokenAction == AccessAction.ReadAll) ||
(action === AccessAction.List &&
tokenAction == AccessAction.ListAll)
)should be before
if (tokenAction == action) { ... }
?
There was a problem hiding this comment.
action will never be ReadAll or ListAll
rafiki/packages/backend/src/app.ts
Lines 279 to 296 in 4db6f8e
so this should be fine, but I'll update the types to make that explicit.
There was a problem hiding this comment.
🤔 Actually this is still dependent on Read and ReadAll (and List/ListAll) being mutually exclusive, which is no longer the case (in OpenAPI)
| return new TokenInfo(options, data.key) | ||
| return data.active ? data : undefined | ||
|
|
||
| return data |
There was a problem hiding this comment.
| return data |
| @@ -282,7 +289,7 @@ export class App { | |||
| }: { | |||
| path: string | |||
| method: HttpMethod | |||
| }): AccessAction | undefined => { | |||
| }): RequestAction | undefined => { | |||
There was a problem hiding this comment.
I like the RequestAction type 👍 . I propose we call the variable also that: action -> requestAction
| import { HttpSigContext, PaymentPointerContext } from '../../app' | ||
|
|
||
| export type RequestAction = Exclude< |
There was a problem hiding this comment.
🚀 I now appreciate Exclude after my types adventure
| @@ -92,7 +98,7 @@ async function createOutgoingPayment( | |||
| deps: ServiceDependencies, | |||
| options: CreateOutgoingPaymentOptions | |||
| ): Promise<OutgoingPayment | OutgoingPaymentError> { | |||
| const grantId = options.grant ? options.grant.grant : undefined | |||
| const grantId = options.grant?.id | |||
There was a problem hiding this comment.
Will this be required in the future? i.e. will this end up throwing if there is no grant on the ctx?
There was a problem hiding this comment.
I think grant is mainly optional for creating outgoing payments via the admin api
rafiki/packages/backend/src/graphql/schema.graphql
Lines 97 to 99 in e773fb7
| @@ -32,6 +32,11 @@ import { | |||
| import { Interval } from 'luxon' | |||
| import { knex } from 'knex' | |||
|
|
|||
| export interface Grant { | |||
There was a problem hiding this comment.
Maybe this interface first better in the auth/middleware.ts file?
| expect(next).toHaveBeenCalled() | ||
| expect(ctx.grant).toEqual(tokenInfo) | ||
| if (identifierOption !== IdentifierOption.Conflicting) { | ||
| test('sets the context client info and calls next', async (): Promise<void> => { |
There was a problem hiding this comment.
More for my own understanding, why are we ok to allow tokenInfo to not have an identifier?
There was a problem hiding this comment.
but then I'm not sure why it was subsequently re-required for outgoing payments 😬
There was a problem hiding this comment.
identifier (string):
A string identifier indicating a specific resource at the RS. For example, a patient identifier for a medical API or a bank account number for a financial API.
Based on the description, this feels like it should be reference to specific sub resource, and not just a payment pointer (of how we are currently treating it). I'm ok with keeping it optional across the board, thoughts?
There was a problem hiding this comment.
🤔 Our own descriptions also seem to suggest it would refer to a specific (sub)resource...
https://github.com/interledger/open-payments/blob/main/openapi/schemas.yaml#L56-L59
description: A string identifier indicating a specific resource at the RS.
There was a problem hiding this comment.
I think we do want to be able to refer to a payment pointer, especially for create and list action grants.
If/when we switch to Adrian's grant requests to the payment pointer itself, the client will no longer need to specify the payment pointer. And he's proposed just having a paymentPointer field in the token introspection response for the grant.
| expect(next).toHaveBeenCalled() | ||
| expect(ctx.grant).toEqual(tokenInfo) | ||
| if (identifierOption !== IdentifierOption.Conflicting) { | ||
| test('sets the context client info and calls next', async (): Promise<void> => { |
There was a problem hiding this comment.
identifier (string):
A string identifier indicating a specific resource at the RS. For example, a patient identifier for a medical API or a bank account number for a financial API.
Based on the description, this feels like it should be reference to specific sub resource, and not just a payment pointer (of how we are currently treating it). I'm ok with keeping it optional across the board, thoughts?
Changes proposed in this pull request
Context
Checklist
fixes #number