Switching to new security rules
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
Fabian Stamm
@ -1,6 +1,5 @@
|
||||
import { Rules } from "./rules";
|
||||
import Settings from "../settings";
|
||||
import getLevelDB, { LevelDB, deleteLevelDB, resNull } from "../storage";
|
||||
import getLevelDB, { deleteLevelDB, resNull } from "../storage";
|
||||
import DocumentLock from "./lock";
|
||||
import {
|
||||
DocumentQuery,
|
||||
@ -14,6 +13,9 @@ import Logging from "@hibas123/nodelogging";
|
||||
import Session from "./session";
|
||||
import nanoid = require("nanoid");
|
||||
import { Observable } from "@hibas123/utils";
|
||||
import { RuleRunner } from "../rules/compile";
|
||||
import compileRule from "../rules";
|
||||
import { RuleError } from "../rules/error";
|
||||
|
||||
const ALPHABET =
|
||||
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
||||
@ -81,17 +83,27 @@ export class Database {
|
||||
return `${collectionid || ""}/${documentid || ""}`;
|
||||
}
|
||||
|
||||
private level = getLevelDB(this.name);
|
||||
#level = getLevelDB(this.name);
|
||||
|
||||
get data() {
|
||||
return this.level.data;
|
||||
return this.#level.data;
|
||||
}
|
||||
|
||||
get collections() {
|
||||
return this.level.collection;
|
||||
return this.#level.collection;
|
||||
}
|
||||
|
||||
#rules: RuleRunner;
|
||||
#rawRules?: string;
|
||||
|
||||
get rawRules() {
|
||||
return this.#rawRules;
|
||||
}
|
||||
|
||||
get rules() {
|
||||
return this.#rules;
|
||||
}
|
||||
|
||||
public rules: Rules;
|
||||
private locks = new DocumentLock();
|
||||
public collectionLocks = new DocumentLock();
|
||||
|
||||
@ -107,7 +119,7 @@ export class Database {
|
||||
name: this.name,
|
||||
accesskey: this.accesskey,
|
||||
publickey: this.publickey,
|
||||
rules: this.rules,
|
||||
rules: this.#rules,
|
||||
};
|
||||
}
|
||||
|
||||
@ -118,13 +130,36 @@ export class Database {
|
||||
public publickey?: string,
|
||||
public rootkey?: string
|
||||
) {
|
||||
if (rawRules) this.rules = new Rules(rawRules);
|
||||
if (rawRules) this.applyRules(rawRules);
|
||||
}
|
||||
|
||||
private applyRules(rawRules: string): undefined | RuleError {
|
||||
try {
|
||||
JSON.parse(rawRules);
|
||||
Logging.warning(
|
||||
"Found old rule! Replacing with a 100% permissive one!"
|
||||
);
|
||||
rawRules =
|
||||
"service realtimedb {\n match /* {\n allow read, write, list: if false; \n }\n}";
|
||||
// still json, so switching to
|
||||
} catch (err) {}
|
||||
|
||||
let { runner, error } = compileRule(rawRules);
|
||||
if (error) {
|
||||
Logging.warning("Found error in existing config!", error);
|
||||
runner = compileRule("service realtimesb {}").runner;
|
||||
}
|
||||
this.#rules = runner;
|
||||
this.#rawRules = rawRules;
|
||||
return undefined;
|
||||
}
|
||||
|
||||
async setRules(rawRules: string) {
|
||||
let rules = new Rules(rawRules);
|
||||
const { runner, error } = compileRule(rawRules);
|
||||
if (error) return error;
|
||||
await Settings.setDatabaseRules(this.name, rawRules);
|
||||
this.rules = rules;
|
||||
this.#rules = runner;
|
||||
this.#rawRules = rawRules;
|
||||
}
|
||||
|
||||
async setAccessKey(key: string) {
|
||||
|
||||
Reference in New Issue
Block a user