Skip to content

Commit 3d89b8d

Browse files
KSDaemonKSDaemon
committed
feat(api-gateway)!: Move '/v1/sql' to new sql API Scope
1 parent 452633c commit 3d89b8d

File tree

3 files changed

+34
-18
lines changed

3 files changed

+34
-18
lines changed

packages/cubejs-api-gateway/src/gateway.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ class ApiGateway {
153153
public readonly contextToApiScopesFn: ContextToApiScopesFn;
154154

155155
public readonly contextToApiScopesDefFn: ContextToApiScopesFn =
156-
async () => ['graphql', 'meta', 'data'];
156+
async () => ['graphql', 'meta', 'data', 'sql'];
157157

158158
protected readonly requestLoggerMiddleware: RequestLoggerMiddlewareFn;
159159

@@ -1309,7 +1309,7 @@ class ApiGateway {
13091309
res,
13101310
}: {query: string, disablePostProcessing: boolean} & BaseRequest) {
13111311
try {
1312-
await this.assertApiScope('data', context.securityContext);
1312+
await this.assertApiScope('sql', context.securityContext);
13131313

13141314
const result = await this.sqlServer.sql4sql(query, disablePostProcessing, context.securityContext);
13151315
res({ sql: result });
@@ -1337,7 +1337,7 @@ class ApiGateway {
13371337
const requestStarted = new Date();
13381338

13391339
try {
1340-
await this.assertApiScope('data', context.securityContext);
1340+
await this.assertApiScope('sql', context.securityContext);
13411341

13421342
const [queryType, normalizedQueries] =
13431343
await this.getNormalizedQueries(query, context, disableLimitEnforcing, memberExpressions);
@@ -2413,7 +2413,7 @@ class ApiGateway {
24132413
);
24142414
} else {
24152415
scopes.forEach((p) => {
2416-
if (['graphql', 'meta', 'data', 'jobs'].indexOf(p) === -1) {
2416+
if (['graphql', 'meta', 'data', 'sql', 'jobs'].indexOf(p) === -1) {
24172417
throw new Error(
24182418
`A user-defined contextToApiScopes function returns a wrong scope: ${p}`
24192419
);

packages/cubejs-api-gateway/src/types/strings.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,7 @@ type ApiScopes =
107107
'graphql' |
108108
'meta' |
109109
'data' |
110+
'sql' |
110111
'jobs';
111112

112113
export {

packages/cubejs-api-gateway/test/permissions.test.ts

Lines changed: 29 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,13 @@ describe('Gateway Api Scopes', () => {
6262
expect(res.body && res.body.error)
6363
.toStrictEqual('API scope is missing: data');
6464

65+
res = await request(app)
66+
.get('/cubejs-api/v1/sql')
67+
.set('Authorization', AUTH_TOKEN)
68+
.expect(403);
69+
expect(res.body && res.body.error)
70+
.toStrictEqual('API scope is missing: sql');
71+
6572
res = await request(app)
6673
.post('/cubejs-api/v1/pre-aggregations/jobs')
6774
.set('Authorization', AUTH_TOKEN)
@@ -175,39 +182,47 @@ describe('Gateway Api Scopes', () => {
175182
expect(res3.body && res3.body.error)
176183
.toStrictEqual('API scope is missing: data');
177184

178-
const res4 = await request(app)
179-
.get('/cubejs-api/v1/sql')
185+
const res6 = await request(app)
186+
.get('/cubejs-api/v1/dry-run')
180187
.set('Authorization', AUTH_TOKEN)
181188
.expect(403);
182189

183-
expect(res4.body && res4.body.error)
190+
expect(res6.body && res6.body.error)
184191
.toStrictEqual('API scope is missing: data');
185192

186-
const res5 = await request(app)
187-
.post('/cubejs-api/v1/sql')
193+
const res7 = await request(app)
194+
.post('/cubejs-api/v1/dry-run')
188195
.set('Content-type', 'application/json')
189196
.set('Authorization', AUTH_TOKEN)
190197
.expect(403);
191198

192-
expect(res5.body && res5.body.error)
199+
expect(res7.body && res7.body.error)
193200
.toStrictEqual('API scope is missing: data');
194201

195-
const res6 = await request(app)
196-
.get('/cubejs-api/v1/dry-run')
202+
apiGateway.release();
203+
});
204+
205+
test('Sql declined', async () => {
206+
const { app, apiGateway } = createApiGateway({
207+
contextToApiScopes: async () => ['graphql', 'meta', 'jobs', 'data'],
208+
});
209+
210+
const res1 = await request(app)
211+
.get('/cubejs-api/v1/sql')
197212
.set('Authorization', AUTH_TOKEN)
198213
.expect(403);
199214

200-
expect(res6.body && res6.body.error)
201-
.toStrictEqual('API scope is missing: data');
215+
expect(res1.body && res1.body.error)
216+
.toStrictEqual('API scope is missing: sql');
202217

203-
const res7 = await request(app)
204-
.post('/cubejs-api/v1/dry-run')
218+
const res2 = await request(app)
219+
.post('/cubejs-api/v1/sql')
205220
.set('Content-type', 'application/json')
206221
.set('Authorization', AUTH_TOKEN)
207222
.expect(403);
208223

209-
expect(res7.body && res7.body.error)
210-
.toStrictEqual('API scope is missing: data');
224+
expect(res2.body && res2.body.error)
225+
.toStrictEqual('API scope is missing: sql');
211226

212227
apiGateway.release();
213228
});

0 commit comments

Comments
 (0)