Introduce experimental new internal authz API#1617
Open
alilleybrinker wants to merge 11 commits intodevfrom
Open
Introduce experimental new internal authz API#1617alilleybrinker wants to merge 11 commits intodevfrom
alilleybrinker wants to merge 11 commits intodevfrom
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
alilleybrinker
force-pushed
the
alilleybrinker/authz-refactor
branch
5 times, most recently
from
2546ff3 to
967269f
Compare
alilleybrinker
force-pushed
the
alilleybrinker/authz-refactor
branch
from
967269f to
8ffd904
Compare
alilleybrinker
force-pushed
the
alilleybrinker/authz-refactor
branch
6 times, most recently
from
12e5717 to
7c0a9c8
Compare
This introduces a new "npm run" command: "test:integration-local" which is equivalent to "test:integration" except that it uses the proper connection string to connect to a local instance of MongoDB during development. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This makes sure we explicitly specify the MongoDB connection string in `action:coverage` to address an issue I observed in CI for the action would sometimes fail to connect. It also modifies the `action:coverage` command to delegate to the `test` command, so that any future updates to how tests are run is automatically picked up by the coverage checker. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This bumps the version of the ECMAScript standard used by eslint to a newer version, so eslint doesn't throw up its hands when some newer idioms are used. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This modifies the script `populate.js` to be an ECMAScript module (`.mjs`), and updates `package.json` accordingly. This is done to ensure predictable "await" behavior within the script, including explicit support for top-level "await". See the MDN docs on modules for more [1]. [1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
Previously, some logging calls would stringify a JSON structure before writing it to the log. This is incorrect, and makes for some awkward logs when reaching. Instead, if you include a message field in your struct, then it will get printed while the other fields are printed as structured information in the log. So this updates logging calls throughout the application to do the correct thing. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
Fixes a small bug where we had an `await` call on a function that doesn't return a `Promise`. Technically this is fine, because Node will basically "promisify" the value, but it isn't necessary and creates some extra work for the runtime. Specifically, in this situation, Node will wrap the value in a Promise implicitly and pause execution of the surrounding `async` function to queue up that Promise for resolution. So removing it is semantically equivalent, but improves runtime behavior by eliminating this extra work. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This is step 1 of adopting "jsdoc" for documentation, which *only* introduces the dependency, updates the .gitignore, and applies basic configuration so we can use Markdown in jsdoc comments. This includes no actual documentation, which will be added next. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This adopts jsdoc as cve-services' mechanism for internal API documentation. This mostly means annotating modules, but not actually writing documentation for them, except for the new authz middleware which is the initial test case. One of the challenges I've had since joining the CVE Services team has been discovering and understanding the internal structure of the codebase, and this is in part my attempt to help ease that problem for others. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
The integration test APIs include some constants, used for setting request headers, which this commit renames for clarity. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This replaces the existing `helpers.js` file with a new `api.js` file, intended to be the starting point for a better integration testing structure. To start with, the functions contained therein are renamed to be clearer at the callsite, and lightly refactored to not perform any testing on their own, but instead to provide just a unified mechanism for making requests to the CVE Services API. In the future, the goal would be to move all API calls into this module, so that the test files merely *use* this API to make their CVE Services calls, and then perform the test assertions necessary to validate the expected behavior. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
This adds a new API for authorization, defined in `src/middleware/authz.js`, which is centered around two key functions: `authz` and `authzLevel`. Each returns a middleware function which applies the requested authorization checks. For `authz`, if the authorization checks fail, then the request fails. For `authzLevel`, if the authorization checks fail, then the request continues but without an authorization level being set on the request context. In addition to these top-level APIs, this introduces a set of pre-defined checks, plus two check combinators, which collectively will enable CVE Services endpoints to define the authorization checks they require, all in one place. This is intended to replace the combination of existing authorization middleware functions and ad-hoc authorization checks performed throughout a number of endpoints. This commit *does not* include any replacement of existing authorization checks, only the introduction of the new API. We also shim the method Set.prototype.intersection. The Set.prototype.intersection method was added to the Set type in Node.js version 22. Currently, CVE Services uses an older version of Node and so we need this shim to ensure the API runs. We are planning to upgrade to Node 24 soon, in which case this shim will become unecessary. This also includes initial, bare-bones tests for the new authz API. As we continue to work to integrate the new API into more endpoints, we'll expand the testing here to be more thorough. Mocha doesn't isolate tests in their own process, which means when the tests are running they're actually all sharing a singleton instance of the Express app. This is a problem for the authz testing specifically, because it modifies a piece of global state (`useNewAuthzApi`) to select at runtime whether to use the old or new versions of the authorization API. To deal with this, this commit also ensures that authz tests are isolated in their own, separate run of Mocha. Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>
alilleybrinker
force-pushed
the
alilleybrinker/authz-refactor
branch
from
7c0a9c8 to
866bc0d
Compare
Collaborator
Author
|
@david-rocca got everything rebased. There are some tests failing, but they appear to be completely independent of changes I've made and in fact occur on the first commit in the branch which only introduces a new (Also, for code review, I highly recommend reviewing commit-by-commit instead of using GitHub's "full PR" diff) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This introduces a new experimental authorization API and begins the process of testing it. It also includes refactors to the integration test suite, and the introduction of a new
test:integration-localtask to run the integration test suite fully locally.This is best reviewed commit-by-commit.