- support metadata injection.

zbryikt · zbryikt · commit 8f07add606f3 · 2022-07-06T03:42:33.000+08:00
- remove `id` from `access` function in readSnapshots for multi-snapsthos scenario
 - support `submit` hook for access checking
 - support `metadata` called with `commit` hook.
 - refind document for `access` and `metadata` parameters.
 - bump version
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Change Logs
 
+## v0.0.9
+
+ - support metadata injection.
+ - remove `id` from `access` function in readSnapshots for multi-snapsthos scenario
+ - support `submit` hook for access checking
+ - support `metadata` called with `commit` hook.
+ - refind document for `access` and `metadata` parameters.
+
+
 ## v0.0.8
 
  - support immediately reconnect option
diff --git a/README.md b/README.md
@@ -91,6 +91,49 @@ use `http` and `ws` module to create a WebSocket server ( use `express` as examp
     });
 
 
+### Metadata
+
+If `metadata(opt)` function is provided, it will be called when `commit` hook is triggered with an object including following parameters:
+
+ - `m`: the metadata object from sharedb op.
+ - `type`: either `readSnapshots` or `submit`.
+ - `collection`: target collection.
+ - `id`: target doc id. This will be null if there are multiple doc ids - in this case, check `snapshots` instead.
+ - `req`: the express request object.
+ - `session`: shorthand for `req.session` from `express-session`.
+ - `user`: shorthand for `session.user` from `passport`.
+
+edit the `m` field directly to inject necessary metadata. For example, add user id:
+
+    metadata = ({m, user, session, collection, id, snaptshos}) -> m.user = (if user? => user.key else 0)
+
+
+### Access Control
+
+If `access` is function provided, it will be called in following hooks:
+
+ - `readSnapshots`
+ - `submit`
+
+`access(opt)` is called with an object containing following paramters:
+
+ - `type`: either `readSnapshots` or `submit`.
+ - `collection`: target collection.
+ - `id`: target doc id. This will be null if there are multiple doc ids - in this case, check `snapshots` instead.
+ - `snapshots`: array of snapshots. Only provided when called by `readSnapshots` hook.
+ - `req`: the express request object.
+ - `session`: shorthand for `req.session` from `express-session`.
+ - `user`: shorthand for `session.user` from `passport`.
+
+`access(opt)` should return a Promise which only resolve when access is granted. By default the returned promise reject a lderror id 1012 error when access is denied.
+
+Here is an example to prevent new document creation: 
+
+    access = ({snapshots}) ->
+      if snapshots and !(snapshots.0.id) => return Promise.reject(new Error("") <<< {name: 'lderror', id: 1012});
+      return Promise.resolve!
+
+
 ## License
 
 MIT
diff --git a/dist/sdb-server.js b/dist/sdb-server.js
@@ -8,8 +8,8 @@
   websocketJsonStream = require('websocket-json-stream');
   ews = require("./index");
   sdbServer = function(opt){
-    var app, io, session, access, milestoneDb, wss, server, mdb, backend, connect, ret;
-    app = opt.app, io = opt.io, session = opt.session, access = opt.access, milestoneDb = opt.milestoneDb, wss = opt.wss;
+    var app, io, session, access, milestoneDb, wss, metadata, server, mdb, backend, connect, ret;
+    app = opt.app, io = opt.io, session = opt.session, access = opt.access, milestoneDb = opt.milestoneDb, wss = opt.wss, metadata = opt.metadata;
     server = null;
     mdb = milestoneDb && milestoneDb.enabled ? new sharedbPgMdb({
       ioPg: io,
@@ -54,59 +54,67 @@
         return cb();
       }
       session = req.session;
-      user = session && session.passport && session.passport.user;
+      user = (session && session.passport && session.passport.user) || {};
       ref$ = agent.custom;
       ref$.req = req;
       ref$.session = session;
       ref$.user = user;
       return cb();
     });
-    backend.use('readSnapshots', function(arg$, cb){
-      var collection, snapshots, agent, ref$, req, session, user, id;
-      collection = arg$.collection, snapshots = arg$.snapshots, agent = arg$.agent;
-      if (!agent.stream.ws) {
+    if (metadata != null) {
+      backend.use('commit', function(arg$, cb){
+        var collection, agent, snapshot, op, id, ref$, req, session, user;
+        collection = arg$.collection, agent = arg$.agent, snapshot = arg$.snapshot, op = arg$.op, id = arg$.id;
+        if (!agent.stream.ws) {
+          return cb();
+        }
+        ref$ = agent.custom, req = ref$.req, session = ref$.session, user = ref$.user;
+        metadata(import$({
+          m: op.m
+        }, agent.custom));
         return cb();
-      }
-      ref$ = agent.custom, req = ref$.req, session = ref$.session, user = ref$.user;
-      id = (snapshots[0] || {}).id;
-      return (access != null
-        ? access({
-          user: user,
-          session: session,
-          collection: collection,
+      });
+    }
+    if (access != null) {
+      backend.use('readSnapshots', function(arg$, cb){
+        var agent, collection, snapshots, id;
+        agent = arg$.agent, collection = arg$.collection, snapshots = arg$.snapshots;
+        if (!agent.stream.ws) {
+          return cb();
+        }
+        id = snapshots.length > 1
+          ? null
+          : snapshots[0].id;
+        return access(import$({
           id: id,
+          collection: collection,
           snapshots: snapshots,
           type: 'readSnapshots'
-        })
-        : Promise.resolve()).then(function(){
-        return cb();
-      })['catch'](function(e){
-        var ref$;
-        return cb(e || (ref$ = new Error(), ref$.name = 'lderror', ref$.id = 1012, ref$));
+        }, agent.custom)).then(function(){
+          return cb();
+        })['catch'](function(e){
+          var ref$;
+          return cb(e || (ref$ = new Error(), ref$.name = 'lderror', ref$.id = 1012, ref$));
+        });
       });
-    });
-    backend.use('reply', function(arg$, cb){
-      var collection, agent, reply, ref$, req, session, user, act, id;
-      collection = arg$.collection, agent = arg$.agent, reply = arg$.reply;
-      if (!agent.stream.ws) {
-        return cb();
-      }
-      ref$ = agent.custom, req = ref$.req, session = ref$.session, user = ref$.user;
-      act = reply.a;
-      id = reply.d;
-      return cb();
-    });
-    backend.use('receive', function(arg$, cb){
-      var collection, agent, data, ref$, req, session, user, act, id;
-      collection = arg$.collection, agent = arg$.agent, data = arg$.data;
-      if (!agent.stream.ws) {
-        return cb();
-      }
-      ref$ = agent.custom, req = ref$.req, session = ref$.session, user = ref$.user;
-      act = data.a;
-      id = data.d;
-      return cb();
-    });
+      backend.use('submit', function(arg$, cb){
+        var collection, agent, id;
+        collection = arg$.collection, agent = arg$.agent, id = arg$.id;
+        if (!agent.stream.ws) {
+          return cb();
+        }
+        return access(import$({
+          id: id,
+          collection: collection,
+          type: 'submit'
+        }, agent.custom)).then(function(){
+          return cb();
+        })['catch'](function(e){
+          var ref$;
+          return cb(e || (ref$ = new Error(), ref$.name = 'lderror', ref$.id = 1012, ref$));
+        });
+      });
+    }
     return ret = {
       server: server,
       sdb: backend,
@@ -115,4 +123,9 @@
     };
   };
   module.exports = sdbServer;
+  function import$(obj, src){
+    var own = {}.hasOwnProperty;
+    for (var key in src) if (own.call(src, key)) obj[key] = src[key];
+    return obj;
+  }
 }).call(this);
diff --git a/dist/sdb-server.min.js b/dist/sdb-server.min.js
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@plotdb/ews",
-  "version": "0.0.8",
+  "version": "0.0.9",
   "description": "elastic websocket",
   "main": "dist/index.min.js",
   "browser": "dist/index.min.js",
diff --git a/src/sdb-server.ls b/src/sdb-server.ls
@@ -2,7 +2,7 @@ require! <[sharedb @plotdb/sharedb-postgres sharedb-pg-mdb ws http websocket-jso
 ews = require "./index"
 
 sdb-server = (opt) ->
-  {app, io, session, access, milestone-db, wss} = opt
+  {app, io, session, access, milestone-db, wss, metadata} = opt
 
   server = null
   mdb = if (milestone-db and milestone-db.enabled) =>
@@ -59,40 +59,33 @@ sdb-server = (opt) ->
   backend.use \connect, ({agent, req, stream}, cb) ->
     if !req or !stream.ws => return cb!
     session = req.session
-    user = session and session.passport and session.passport.user
+    user = (session and session.passport and session.passport.user) or {}
     agent.custom <<< {req, session, user}
     cb!
 
-  # 4. Backend handle readSnapshot request
-  #    Decide if an user can get access to certain doc.
-  backend.use \readSnapshots, ({collection, snapshots, agent}, cb) ->
-    # no websocket - it's server stream
-    if !agent.stream.ws => return cb!
-    {req, session, user} = agent.custom
-    id = (snapshots.0 or {}).id
-    (if access? => access({user, session, collection, id, snapshots, type: \readSnapshots}) else Promise.resolve!)
-      .then -> cb!
-      .catch (e) -> cb(e or (new Error! <<< {name: \lderror, id: 1012}))
+  # 4.a Backend handle metadata request
+  if metadata? =>
+    backend.use \commit, ({collection, agent, snapshot, op, id}, cb) ->
+      if !agent.stream.ws => return cb!
+      {req, session, user} = agent.custom
+      metadata({m: op.m} <<< agent.custom)
+      cb!
 
-  # access control in both reply and receive middleware
-  backend.use \reply, ({collection, agent, reply}, cb) ->
-    if !agent.stream.ws => return cb!
-    {req, session, user} = agent.custom
-    act = reply.a
-    id = reply.d
-    cb!
-    #(if act != \hs and access? => access({user, session, collection, id, type: \reply}) else Promise.resolve!)
-    #  .then -> cb!
-    #  .catch (e) -> cb(e or (new Error! <<< {name: \lderror, id: 1012}))
-  backend.use \receive, ({collection, agent, data}, cb) ->
-    if !agent.stream.ws => return cb!
-    {req, session, user} = agent.custom
-    act = data.a
-    id = data.d
-    cb!
-    #(if act != \hs and access? => access({user, session, collection, id, data, type: \receive}) else Promise.resolve!)
-    #  .then -> cb!
-    #  .catch -> cb(e or (new Error! <<< {name: \lderror, id: 1012}))
+  # 4.b Backend handle readSnapshot request
+  #     Decide if an user can get access to certain doc.
+  if access? =>
+    backend.use \readSnapshots, ({agent, collection, snapshots}, cb) ->
+      # no websocket - it's server stream
+      if !agent.stream.ws => return cb!
+      id = if snapshots.length > 1 => null else snapshots.0.id
+      access({id, collection, snapshots, type: \readSnapshots} <<< agent.custom)
+        .then -> cb!
+        .catch (e) -> cb(e or (new Error! <<< {name: \lderror, id: 1012}))
+    backend.use \submit, ({collection, agent, id}, cb) ->
+      if !agent.stream.ws => return cb!
+      access({id, collection, type: \submit} <<< agent.custom)
+        .then -> cb!
+        .catch (e) -> cb(e or (new Error! <<< {name: \lderror, id: 1012}))
 
   ret = { server, sdb: backend, connect, wss }
 
diff --git a/web/server.ls b/web/server.ls
@@ -8,11 +8,11 @@ root = path.join(path.dirname(fs.realpathSync __filename.replace(/\(js\)$/,'')),
 config = do
   pg: do
     uri: "postgres://grantdash:pg@#{process.env.DB_HOST or \localhost}/pg"
-    database: "xinmeti"
-    user: "xinmeti"
-    password: "itemnix"
+    database: "pg"
+    user: "pg"
+    password: "pg"
     host: "#{process.env.DB_HOST or \localhost}"
-    port: "#{process.env.DB_PORT or 5432}"
+    port: "#{process.env.DB_PORT or 15432}"
 
 server = do
   init: ->
@@ -21,7 +21,10 @@ server = do
 
     server = http.create-server app
     wss = new ws.Server { server: server }
-    {sdb,connect} = sharedb-wrapper {app, io: config.pg, wss}
+
+    access = ({user, session}) -> Promise.resolve!
+    metadata = ({m, user, session}) -> m.user = 1
+    {sdb,connect} = sharedb-wrapper {app, io: config.pg, wss, access, metadata}
 
     wss.on \connection, (ws, req) ->
       myws = new ews {ws}

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@plotdb/ews",`
`3`		`- "version": "0.0.8",`
	`3`	`+ "version": "0.0.9",`
`4`	`4`	`"description": "elastic websocket",`
`5`	`5`	`"main": "dist/index.min.js",`
`6`	`6`	`"browser": "dist/index.min.js",`