@autofleet/zehut 1.8.3 → 2.0.1-alpha

package/lib/user/ApiUser.d.ts

@@ -21,13 +21,15 @@ export declare type CustomPermissionLoader = (string: any) => Promise<UserPayloa
 export default class ApiUser {
     id: string | undefined;
     privatePermissions: UserPayload | undefined;
-    privateElevatedPermissionsHash: Map<string, PartialUserPayload | undefined>;
+    privateElevatedPermissions: PartialUserPayload | undefined;
     privatePermissionsLegacy: any;
     appPermission: {
         [key: string]: any;
     };
     emptyUser: boolean;
     accountType: AccountType | undefined;
+    elevationCallsCounter: number;
+    elevationInitialState: PartialUserPayload | undefined;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload);
     getUserPermissions(): Promise<UserPayload>;
     useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
@@ -35,7 +37,6 @@ export default class ApiUser {
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
     getUserProperty(key: any): string[] | undefined;
-    get elevatedPermissions(): UserPayload;
     get permissions(): UserPayload | undefined;
     elevatePermissions(addedPermissions: PartialUserPayload): () => void;
     getUserPermissionsLegacy(): Promise<any>;

package/lib/user/ApiUser.js

@@ -15,8 +15,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ELEVATED_PERMISSIONS_HEADER = void 0;
 /* eslint-disable consistent-return */
 const node_cache_1 = __importDefault(require("node-cache"));
-const merge_deep_1 = __importDefault(require("merge-deep"));
-const uuid_1 = require("uuid");
 const outbreak_1 = require("@autofleet/outbreak");
 const services_1 = require("../services");
 exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
@@ -26,10 +24,9 @@ class ApiUser {
         this.id = id;
         this.emptyUser = !!id;
         this.appPermission = {};
-        this.privateElevatedPermissionsHash = new Map();
-        if (elevatedPermissions) {
-            this.privateElevatedPermissionsHash.set('initial', elevatedPermissions);
-        }
+        this.elevationCallsCounter = 0;
+        this.privateElevatedPermissions = elevatedPermissions;
+        this.elevationInitialState = elevatedPermissions;
         if (accountType) {
             this.accountType = accountType;
         }
@@ -82,37 +79,29 @@ class ApiUser {
         }
         return Object.keys(this.privatePermissions[key] || {});
     }
-    get elevatedPermissions() {
-        let permissions = {
-            fleets: {},
-            businessModels: {},
-            demandSources: {},
-        };
-        [...this.privateElevatedPermissionsHash.values()].forEach((p) => {
-            permissions = merge_deep_1.default(permissions, p);
-        });
-        return permissions;
-    }
     get permissions() {
         if (!this.privatePermissions) {
             throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
         }
-        const permissions = merge_deep_1.default(this.privatePermissions, this.elevatedPermissions);
-        return permissions;
+        return Object.assign(Object.assign({}, this.privatePermissions), this.privateElevatedPermissions);
     }
     elevatePermissions(addedPermissions) {
-        const elevationId = uuid_1.v4();
+        if (this.elevationCallsCounter > 1) {
+            throw new Error('Maximum one elvation call in parallel is allowed');
+        }
         const currentUserTrace = outbreak_1.getCurrentContext();
         if (!currentUserTrace) {
             throw new Error('Cannot find current user cross services trace');
         }
         const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
+        this.elevationInitialState = currentElevation;
         const newElevation = Object.assign(currentElevation, addedPermissions);
-        this.privateElevatedPermissionsHash.set(elevationId, newElevation);
-        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
+        this.privateElevatedPermissions = newElevation;
+        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(newElevation));
+        this.elevationCallsCounter += 1;
         return () => {
-            this.privateElevatedPermissionsHash.delete(elevationId);
-            currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
+            this.elevationCallsCounter -= 1;
+            this.privateElevatedPermissions = this.elevationInitialState;
         };
     }
     getUserPermissionsLegacy() {

package/lib/user/api-user-flows.test.js

@@ -31,7 +31,6 @@ const generateApp = (addEndpoints, port) => __awaiter(void 0, void 0, void 0, fu
 describe('E2E', () => {
     it('Basic functionality', () => __awaiter(void 0, void 0, void 0, function* () {
         let server2TraceId = null;
-        const [uuid1, uuid2] = [uuid_1.v4(), uuid_1.v4()];
         index_1.enableTracing({
             outbreakOptions: {
                 headersPrefix: 'x-af-',
@@ -41,24 +40,17 @@ describe('E2E', () => {
             app.use(index_2.middleware());
             app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
                 const user = index_1.getUser();
-                const closeElevation1 = user.elevatePermissions({
+                const closeElevation = user.elevatePermissions({
                     businessModels: {
-                        [uuid1]: ['vehicle:write'],
-                    },
-                });
-                const closeElevation2 = user.elevatePermissions({
-                    businessModels: {
-                        [uuid2]: ['vehicle:write'],
+                        [uuid_1.v4()]: ['vehicle:write'],
                     },
                 });
                 const { data: res1 } = yield axios_1.default.post('http://localhost:8082');
-                closeElevation1();
-                const { data: res2 } = yield axios_1.default.post('http://localhost:8082');
-                closeElevation2();
-                res.json([res1, res2]);
+                closeElevation();
+                res.json(res1);
             }));
-        }, 8089);
-        const server2NumberOfPermissions = [];
+        }, 8081);
+        let server2NumberOfPermissions = 0;
         const closeServer2 = yield generateApp((app) => {
             app.use(index_2.middleware());
             app.post('/', (req, res) => {
@@ -68,7 +60,7 @@ describe('E2E', () => {
                     fleets: {},
                     demandSources: {},
                 };
-                server2NumberOfPermissions.push(Object.keys(user.permissions.businessModels).length);
+                server2NumberOfPermissions = Object.keys(user.permissions.businessModels).length;
                 server2TraceId = req.headers['x-trace-id'];
                 res.json({
                     value: req.headers['x-af-header'],
@@ -77,7 +69,7 @@ describe('E2E', () => {
                 });
             });
         }, 8082);
-        const { data: [res1, res2], headers } = yield axios_1.default.get('http://localhost:8089', {
+        const { data: res1, headers } = yield axios_1.default.get('http://localhost:8081', {
             headers: {
                 'x-af-header': 'testHeader',
                 'x-af-id': 'my-wakanda-id',
@@ -86,13 +78,10 @@ describe('E2E', () => {
         });
         closeServer1();
         closeServer2();
-        expect(server2NumberOfPermissions).toEqual([2, 1]);
+        expect(server2NumberOfPermissions).toEqual(1);
         expect(headers['x-trace-id']).toEqual(server2TraceId);
         expect(res1.value).toEqual('testHeader');
         expect(res1.wkanda).toEqual('my-wakanda-id');
-        expect(JSON.parse(res1.addedPermissions).businessModels[uuid1]).toBeDefined();
-        expect(JSON.parse(res1.addedPermissions).businessModels[uuid2]).toBeDefined();
-        expect(JSON.parse(res2.addedPermissions).businessModels[uuid1]).not.toBeDefined();
-        expect(JSON.parse(res2.addedPermissions).businessModels[uuid2]).toBeDefined();
+        expect(JSON.parse(res1.addedPermissions).businessModels).toBeDefined();
     }));
 });

package/lib/user/index.js

@@ -34,40 +34,32 @@ const ApiUser_1 = __importStar(require("./ApiUser"));
 const utils_1 = require("../utils");
 const tracer_1 = require("../tracer");
 exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
-        const userId = req.headers['x-af-user-id'];
-        const trace = tracer_1.newTrace('userPayload');
-        if (!userId) {
-            return next();
-        }
-        const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
-            ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
-            : {};
-        const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
-        if (eagerLoadUserPermissions) {
-            if (customPermissionLoader) {
-                yield userObject.useCustomPermissionLoader(customPermissionLoader);
-            }
-            else {
-                yield userObject.getUserPermissions();
-            }
+    const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
+    const userId = req.headers['x-af-user-id'];
+    const trace = tracer_1.newTrace('userPayload');
+    if (!userId) {
+        return next();
+    }
+    const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
+        ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
+        : {};
+    const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
+    if (eagerLoadUserPermissions) {
+        if (customPermissionLoader) {
+            yield userObject.useCustomPermissionLoader(customPermissionLoader);
         }
-        if (eagerLoadUserPermissionsLegacy) {
-            yield userObject.getUserPermissionsLegacy();
+        else {
+            yield userObject.getUserPermissions();
         }
-        req.user = userObject;
-        trace.context.set('userObject', userObject);
-        // Added in order to support outbreak.
-        req.headers['x-af-user-permissions'] = userObject;
-        return next();
     }
-    catch (e) {
-        res.status(401);
-        return res.json({
-            error: 'cannot authenticate user',
-        });
+    if (eagerLoadUserPermissionsLegacy) {
+        yield userObject.getUserPermissionsLegacy();
     }
+    req.user = userObject;
+    trace.context.set('userObject', userObject);
+    // Added in order to support outbreak.
+    req.headers['x-af-user-permissions'] = userObject;
+    return next();
 });
 exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@autofleet/zehut",
-  "version": "1.8.3",
+  "version": "2.0.1-alpha",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",