Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: implement access control lists #448

Merged
merged 5 commits into from
Mar 1, 2018
Merged

feature: implement access control lists #448

merged 5 commits into from
Mar 1, 2018

Conversation

sbender9
Copy link
Member

@sbender9 sbender9 commented Feb 10, 2018
edited
Loading

  • Fine grained access control lists (see SECURITY.md)
  • Moved the simple token security code into the server
  • We now send all of the latest deltas out to ws connections when the connection is made

TODO:

  • implement tests for acls with ws
  • implement tests for acls with rest
  • implement source based acls
  • implement tests for source based acls
  • prune delta cache

@sbender9 sbender9 requested review from fabdrol and tkurki February 11, 2018 03:56
@sbender9 sbender9 changed the title [WIP] feature: implement access control lists feature: implement access control lists Feb 13, 2018
@tkurki tkurki changed the title feature: implement access control lists [WIP] feature: implement access control lists Feb 19, 2018
tkurki
tkurki reviewed Feb 19, 2018
View reviewed changes
lib/tokensecurity.js Outdated
@@ -546,6 +562,19 @@ module.exports = function (app, config) {
return false
}

strategy.isDummy = () => {
return false
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If your function is a oneline that returns a value you do it like () => false, without the curly braces to save a few lines

@sbender9
Copy link
Member Author

I'm thinking we could make the defaults handling a separate effort. That's going to be a big job I think.

This currently provides the same functionality with defaults as master since defaults with be in the REST calls.

@sbender9 sbender9 force-pushed the access-control-lists branch from 306d3eb to d87720d Compare February 27, 2018 21:48
@sbender9 sbender9 changed the title [WIP] feature: implement access control lists feature: implement access control lists Feb 28, 2018
@sbender9 sbender9 changed the title feature: implement access control lists [WIP] feature: implement access control lists Feb 28, 2018
@tkurki tkurki force-pushed the access-control-lists branch 2 times, most recently from ad7c2ca to 4ce828d Compare February 28, 2018 18:51
@tkurki tkurki force-pushed the access-control-lists branch from 4ce828d to 552479c Compare February 28, 2018 19:14
@sbender9 sbender9 changed the title [WIP] feature: implement access control lists feature: implement access control lists Mar 1, 2018
@sbender9
feature: implement acls with deltacache
39c322f 
Implement acls by using normalized deltas, which are single
delta data with all related fields. Subscription/ws deltas
are built from normalised deltas. Latest values per path per
source are kept in deltacache and full responses are built on
the fly checking access control rules in the process.
@sbender9 sbender9 force-pushed the access-control-lists branch from f426de5 to 39c322f Compare March 1, 2018 01:39
@sbender9
fix: rest requests that go beyond the "leaf" fail
c692971 
For example. /signalk/v1/api/vessels/self/navigation/position/value
@sbender9 sbender9 merged commit 7eba734 into master Mar 1, 2018
@sbender9 sbender9 deleted the access-control-lists branch March 1, 2018 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tkurki tkurki tkurki left review comments

@fabdrol fabdrol Awaiting requested review from fabdrol

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sbender9 @tkurki