npm - @autofleet/zehut - Versions diffs - 1.8.1 → 1.8.2 - Mend

@autofleet/zehut 1.8.1 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/user/ApiUser.d.ts +2 -3
package/lib/user/ApiUser.js +24 -13
package/lib/user/api-user-flows.test.js +21 -10
package/package.json +2 -1

package/lib/user/ApiUser.d.ts CHANGED Viewed

@@ -21,15 +21,13 @@ export declare type CustomPermissionLoader = (string: any) => Promise<UserPayloa
 export default class ApiUser {
     id: string | undefined;
     privatePermissions: UserPayload | undefined;
-    privateElevatedPermissions: PartialUserPayload | undefined;
+    privateElevatedPermissionsHash: Map<string, PartialUserPayload | undefined>;
     privatePermissionsLegacy: any;
     appPermission: {
         [key: string]: any;
     };
     emptyUser: boolean;
     accountType: AccountType | undefined;
-    elevationCallsCounter: number;
-    elevationInitialState: PartialUserPayload | undefined;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload);
     getUserPermissions(): Promise<UserPayload>;
     useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
@@ -37,6 +35,7 @@ export default class ApiUser {
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
     getUserProperty(key: any): string[] | undefined;
+    get elevatedPermissions(): UserPayload;
     get permissions(): UserPayload | undefined;
     elevatePermissions(addedPermissions: PartialUserPayload): () => void;
     getUserPermissionsLegacy(): Promise<any>;

package/lib/user/ApiUser.js CHANGED Viewed

@@ -15,6 +15,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ELEVATED_PERMISSIONS_HEADER = void 0;
 /* eslint-disable consistent-return */
 const node_cache_1 = __importDefault(require("node-cache"));
+const merge_deep_1 = __importDefault(require("merge-deep"));
+const uuid_1 = require("uuid");
 const outbreak_1 = require("@autofleet/outbreak");
 const services_1 = require("../services");
 exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
@@ -24,9 +26,10 @@ class ApiUser {
         this.id = id;
         this.emptyUser = !!id;
         this.appPermission = {};
-        this.elevationCallsCounter = 0;
-        this.privateElevatedPermissions = elevatedPermissions;
-        this.elevationInitialState = elevatedPermissions;
+        this.privateElevatedPermissionsHash = new Map();
+        if (elevatedPermissions) {
+            this.privateElevatedPermissionsHash.set('initial', elevatedPermissions);
+        }
         if (accountType) {
             this.accountType = accountType;
         }
@@ -79,29 +82,37 @@ class ApiUser {
         }
         return Object.keys(this.privatePermissions[key] || {});
     }
+    get elevatedPermissions() {
+        let permissions = {
+            fleets: {},
+            businessModels: {},
+            demandSources: {},
+        };
+        [...this.privateElevatedPermissionsHash.values()].forEach((p) => {
+            permissions = merge_deep_1.default(permissions, p);
+        });
+        return permissions;
+    }
     get permissions() {
         if (!this.privatePermissions) {
             throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
         }
-        return Object.assign(Object.assign({}, this.privatePermissions), this.privateElevatedPermissions);
+        const permissions = merge_deep_1.default(this.privatePermissions, this.elevatedPermissions);
+        return permissions;
     }
     elevatePermissions(addedPermissions) {
-        if (this.elevationCallsCounter > 1) {
-            throw new Error('Maximum one elvation call in parallel is allowed');
-        }
+        const elevationId = uuid_1.v4();
         const currentUserTrace = outbreak_1.getCurrentContext();
         if (!currentUserTrace) {
             throw new Error('Cannot find current user cross services trace');
         }
         const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
-        this.elevationInitialState = currentElevation;
         const newElevation = Object.assign(currentElevation, addedPermissions);
-        this.privateElevatedPermissions = newElevation;
-        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(newElevation));
-        this.elevationCallsCounter += 1;
+        this.privateElevatedPermissionsHash.set(elevationId, newElevation);
+        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
         return () => {
-            this.elevationCallsCounter -= 1;
-            this.privateElevatedPermissions = this.elevationInitialState;
+            this.privateElevatedPermissionsHash.delete(elevationId);
+            currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
         };
     }
     getUserPermissionsLegacy() {

package/lib/user/api-user-flows.test.js CHANGED Viewed

@@ -31,6 +31,7 @@ const generateApp = (addEndpoints, port) => __awaiter(void 0, void 0, void 0, fu
 describe('E2E', () => {
     it('Basic functionality', () => __awaiter(void 0, void 0, void 0, function* () {
         let server2TraceId = null;
+        const [uuid1, uuid2] = [uuid_1.v4(), uuid_1.v4()];
         index_1.enableTracing({
             outbreakOptions: {
                 headersPrefix: 'x-af-',
@@ -40,17 +41,24 @@ describe('E2E', () => {
             app.use(index_2.middleware());
             app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
                 const user = index_1.getUser();
-                const closeElevation = user.elevatePermissions({
+                const closeElevation1 = user.elevatePermissions({
                     businessModels: {
-                        [uuid_1.v4()]: ['vehicle:write'],
+                        [uuid1]: ['vehicle:write'],
+                    },
+                });
+                const closeElevation2 = user.elevatePermissions({
+                    businessModels: {
+                        [uuid2]: ['vehicle:write'],
                     },
                 });
                 const { data: res1 } = yield axios_1.default.post('http://localhost:8082');
-                closeElevation();
-                res.json(res1);
+                closeElevation1();
+                const { data: res2 } = yield axios_1.default.post('http://localhost:8082');
+                closeElevation2();
+                res.json([res1, res2]);
             }));
-        }, 8081);
-        let server2NumberOfPermissions = 0;
+        }, 8089);
+        const server2NumberOfPermissions = [];
         const closeServer2 = yield generateApp((app) => {
             app.use(index_2.middleware());
             app.post('/', (req, res) => {
@@ -60,7 +68,7 @@ describe('E2E', () => {
                     fleets: {},
                     demandSources: {},
                 };
-                server2NumberOfPermissions = Object.keys(user.permissions.businessModels).length;
+                server2NumberOfPermissions.push(Object.keys(user.permissions.businessModels).length);
                 server2TraceId = req.headers['x-trace-id'];
                 res.json({
                     value: req.headers['x-af-header'],
@@ -69,7 +77,7 @@ describe('E2E', () => {
                 });
             });
         }, 8082);
-        const { data: res1, headers } = yield axios_1.default.get('http://localhost:8081', {
+        const { data: [res1, res2], headers } = yield axios_1.default.get('http://localhost:8089', {
             headers: {
                 'x-af-header': 'testHeader',
                 'x-af-id': 'my-wakanda-id',
@@ -78,10 +86,13 @@ describe('E2E', () => {
         });
         closeServer1();
         closeServer2();
-        expect(server2NumberOfPermissions).toEqual(1);
+        expect(server2NumberOfPermissions).toEqual([2, 1]);
         expect(headers['x-trace-id']).toEqual(server2TraceId);
         expect(res1.value).toEqual('testHeader');
         expect(res1.wkanda).toEqual('my-wakanda-id');
-        expect(JSON.parse(res1.addedPermissions).businessModels).toBeDefined();
+        expect(JSON.parse(res1.addedPermissions).businessModels[uuid1]).toBeDefined();
+        expect(JSON.parse(res1.addedPermissions).businessModels[uuid2]).toBeDefined();
+        expect(JSON.parse(res2.addedPermissions).businessModels[uuid1]).not.toBeDefined();
+        expect(JSON.parse(res2.addedPermissions).businessModels[uuid2]).toBeDefined();
     }));
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@autofleet/zehut",
-  "version": "1.8.1",
+  "version": "1.8.2",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -33,6 +33,7 @@
     "axios": "^0.27.2",
     "express": "^4.18.1",
     "jsonwebtoken": "^8.5.1",
+    "merge-deep": "^3.0.3",
     "moment": "^2.29.1",
     "node-cache": "^5.1.2",
     "uuid": "^8.3.2"