@oneuptime/common 7.0.3129 → 7.0.3140

package/Server/Utils/APIKey/AccessPermission.ts

@@ -0,0 +1,111 @@
+import APIKeyPermission from "../../../Models/DatabaseModels/ApiKeyPermission";
+import Label from "../../../Models/DatabaseModels/Label";
+import LIMIT_MAX from "../../../Types/Database/LimitMax";
+import ObjectID from "../../../Types/ObjectID";
+import Permission, {
+  UserGlobalAccessPermission,
+  UserPermission,
+  UserTenantAccessPermission,
+} from "../../../Types/Permission";
+import ApiKeyPermissionService from "../../Services/ApiKeyPermissionService";
+import UserPermissionUtil from "../UserPermission/UserPermission";
+
+export default class APIKeyAccessPermission {
+  public static async getDefaultApiGlobalPermission(
+    projectId: ObjectID,
+  ): Promise<UserGlobalAccessPermission> {
+    return {
+      projectIds: [projectId],
+      globalPermissions: [
+        Permission.Public,
+        Permission.User,
+        Permission.CurrentUser,
+      ],
+      _type: "UserGlobalAccessPermission",
+    };
+  }
+
+  public static async getMasterKeyApiGlobalPermission(
+    projectId: ObjectID,
+  ): Promise<UserGlobalAccessPermission> {
+    return {
+      projectIds: [projectId],
+      globalPermissions: [
+        Permission.Public,
+        Permission.User,
+        Permission.CurrentUser,
+        Permission.ProjectOwner,
+      ],
+      _type: "UserGlobalAccessPermission",
+    };
+  }
+
+  public static async getMasterApiTenantAccessPermission(
+    projectId: ObjectID,
+  ): Promise<UserTenantAccessPermission> {
+    const userPermissions: Array<UserPermission> = [];
+
+    userPermissions.push({
+      permission: Permission.ProjectOwner,
+      labelIds: [],
+      _type: "UserPermission",
+    });
+
+    const permission: UserTenantAccessPermission =
+      UserPermissionUtil.getDefaultUserTenantAccessPermission(projectId);
+
+    permission.permissions = permission.permissions.concat(userPermissions);
+
+    return permission;
+  }
+
+  public static async getApiTenantAccessPermission(
+    projectId: ObjectID,
+    apiKeyId: ObjectID,
+  ): Promise<UserTenantAccessPermission> {
+    // get team permissions.
+    const apiKeyPermission: Array<APIKeyPermission> =
+      await ApiKeyPermissionService.findBy({
+        query: {
+          apiKeyId: apiKeyId,
+        },
+        select: {
+          permission: true,
+          labels: {
+            _id: true,
+          },
+          isBlockPermission: true,
+        },
+
+        limit: LIMIT_MAX,
+        skip: 0,
+        props: {
+          isRoot: true,
+        },
+      });
+
+    const userPermissions: Array<UserPermission> = [];
+
+    for (const apiPermission of apiKeyPermission) {
+      if (!apiPermission.labels) {
+        apiPermission.labels = [];
+      }
+
+      userPermissions.push({
+        permission: apiPermission.permission!,
+        labelIds: apiPermission.labels.map((label: Label) => {
+          return label.id!;
+        }),
+        isBlockPermission: apiPermission.isBlockPermission,
+        _type: "UserPermission",
+      });
+    }
+
+    const permission: UserTenantAccessPermission =
+      UserPermissionUtil.getDefaultUserTenantAccessPermission(projectId);
+
+    permission.permissions = permission.permissions.concat(userPermissions);
+
+    return permission;
+  }
+}

package/Server/Utils/Cookie.ts

@@ -11,6 +11,20 @@ import CookieName from "Common/Types/CookieName";
 export default class CookieUtil {
   // set cookie with express response
 
+  public static getCookiesFromCookieString(
+    cookieString: string,
+  ): Dictionary<string> {
+    const cookies: Dictionary<string> = {};
+    cookieString.split(";").forEach((cookie: string) => {
+      const parts: string[] = cookie.split("=");
+      const key: string = (parts[0] as string).trim() as string;
+      const value: string = parts[1] as string;
+      cookies[key] = value;
+    });
+
+    return cookies;
+  }
+
   public static setSSOCookie(data: {
     user: User;
     projectId: ObjectID;
@@ -141,7 +155,7 @@ export default class CookieUtil {
 
   // get cookie with express request
 
-  public static getCookie(
+  public static getCookieFromExpressRequest(
     req: ExpressRequest,
     name: string,
   ): string | undefined {

package/Server/Utils/Monitor/MonitorResource.ts

@@ -237,11 +237,16 @@ export default class MonitorResourceUtil {
       `${dataToProcess.monitorId.toString()} - Saving monitor metrics`,
     );
 
-    await this.saveMonitorMetrics({
-      monitorId: monitor.id!,
-      projectId: monitor.projectId!,
-      dataToProcess: dataToProcess,
-    });
+    try {
+      await this.saveMonitorMetrics({
+        monitorId: monitor.id!,
+        projectId: monitor.projectId!,
+        dataToProcess: dataToProcess,
+      });
+    } catch (err) {
+      logger.error("Unable to save metrics");
+      logger.error(err);
+    }
 
     logger.debug(
       `${dataToProcess.monitorId.toString()} - Monitor metrics saved`,
@@ -751,42 +756,71 @@ export default class MonitorResourceUtil {
   }): Promise<void> {
     // criteria filters are met, now process the actions.
 
+    const lastMonitorStatusTimeline: MonitorStatusTimeline | null =
+      await MonitorStatusTimelineService.findOneBy({
+        query: {
+          monitorId: input.monitor.id!,
+          projectId: input.monitor.projectId!,
+        },
+        select: {
+          _id: true,
+          monitorStatusId: true,
+        },
+        sort: {
+          startsAt: SortOrder.Descending,
+        },
+        props: {
+          isRoot: true,
+        },
+      });
+
+    let shouldUpdateStatus: boolean = false;
+
+    if (!lastMonitorStatusTimeline) {
+      // if monitor does not have any status timeline, then create one.
+      shouldUpdateStatus = true;
+    }
+
+    if (
+      input.criteriaInstance.data?.changeMonitorStatus &&
+      input.criteriaInstance.data?.monitorStatusId &&
+      input.criteriaInstance.data?.monitorStatusId.toString() !==
+        lastMonitorStatusTimeline?.id?.toString()
+    ) {
+      // if monitor status is changed, then create a new status timeline.
+      shouldUpdateStatus = true;
+    }
+
+    // check if the current status is same as the last status.
+
     if (
       input.criteriaInstance.data?.changeMonitorStatus &&
       input.criteriaInstance.data?.monitorStatusId &&
       input.criteriaInstance.data?.monitorStatusId.toString() !==
         input.monitor.currentMonitorStatusId?.toString()
     ) {
+      // if monitor status is changed, then create a new status timeline.
+      shouldUpdateStatus = true;
+    }
+
+    if (shouldUpdateStatus) {
       logger.debug(
-        `${input.monitor.id?.toString()} - Change monitor status to ${input.criteriaInstance.data?.monitorStatusId.toString()}`,
+        `${input.monitor.id?.toString()} - Change monitor status to ${input.criteriaInstance.data?.monitorStatusId?.toString()}`,
       );
       // change monitor status
 
       const monitorStatusId: ObjectID | undefined =
         input.criteriaInstance.data?.monitorStatusId;
 
+      if (!monitorStatusId) {
+        throw new BadDataException("Monitor status is not defined.");
+      }
+
       //change monitor status.
 
       // get last status of this monitor.
 
       // get last monitor status timeline.
-      const lastMonitorStatusTimeline: MonitorStatusTimeline | null =
-        await MonitorStatusTimelineService.findOneBy({
-          query: {
-            monitorId: input.monitor.id!,
-            projectId: input.monitor.projectId!,
-          },
-          select: {
-            _id: true,
-            monitorStatusId: true,
-          },
-          sort: {
-            startsAt: SortOrder.Descending,
-          },
-          props: {
-            isRoot: true,
-          },
-        });
 
       if (
         lastMonitorStatusTimeline &&

package/Server/Utils/Realtime.ts

@@ -1,78 +1,78 @@
 import IO, { Socket, SocketServer } from "../Infrastructure/SocketIO";
 import logger from "./Logger";
-import AnalyticsBaseModel, {
-  AnalyticsBaseModelType,
-} from "Common/Models/AnalyticsModels/AnalyticsBaseModel/AnalyticsBaseModel";
-import BaseModel, {
-  DatabaseBaseModelType,
-} from "Common/Models/DatabaseModels/DatabaseBaseModel/DatabaseBaseModel";
+import AnalyticsBaseModel from "Common/Models/AnalyticsModels/AnalyticsBaseModel/AnalyticsBaseModel";
+import BaseModel from "Common/Models/DatabaseModels/DatabaseBaseModel/DatabaseBaseModel";
 import DatabaseType from "Common/Types/BaseDatabase/DatabaseType";
 import BadDataException from "Common/Types/Exception/BadDataException";
 import { JSONObject } from "Common/Types/JSON";
-import JSONFunctions from "Common/Types/JSONFunctions";
 import ObjectID from "Common/Types/ObjectID";
-import RealtimeUtil, {
-  EventName,
-  ListenToModelEventJSON,
-  ModelEventType,
-} from "Common/Utils/Realtime";
+import RealtimeUtil from "Common/Utils/Realtime";
+import JSONWebTokenData from "../../Types/JsonWebTokenData";
+import JSONWebToken from "./JsonWebToken";
+import Permission, {
+  UserGlobalAccessPermission,
+  UserTenantAccessPermission,
+} from "../../Types/Permission";
+import { getModelTypeByName } from "../../Models/DatabaseModels/Index";
+import { getModelTypeByName as getAnalyticsModelTypeByname } from "../../Models/AnalyticsModels/Index";
+import DatabaseRequestType from "../Types/BaseDatabase/DatabaseRequestType";
+import ModelPermission from "../../Types/BaseDatabase/ModelPermission";
+import ModelEventType from "../../Types/Realtime/ModelEventType";
+import ListenToModelEventJSON from "../../Types/Realtime/ListenToModelEventJSON";
+import EventName from "../../Types/Realtime/EventName";
+import CookieUtil from "./Cookie";
+import Dictionary from "../../Types/Dictionary";
+import UserPermissionUtil from "./UserPermission/UserPermission";
 
 export default abstract class Realtime {
   private static socketServer: SocketServer | null = null;
 
   public static isInitialized(): boolean {
-    return this.socketServer !== null;
+    logger.debug("Checking if socket server is initialized");
+    const isInitialized: boolean = this.socketServer !== null;
+    logger.debug(`Socket server is initialized: ${isInitialized}`);
+    return isInitialized;
   }
 
   public static async init(): Promise<SocketServer | null> {
     if (!this.socketServer) {
+      logger.debug("Initializing socket server");
       this.socketServer = IO.getSocketServer();
       logger.debug("Realtime socket server initialized");
-    }
 
-    this.socketServer!.on("connection", (socket: Socket) => {
-      socket.on(EventName.ListenToModalEvent, async (data: JSONObject) => {
-        // TODO: validate if this soocket has access to this tenant
-
-        // TODO: validate if this socket has access to this model
-
-        // TODO: validate if this socket has access to this event type
-
-        // TODO: validate if this socket has access to this query
-
-        // TODO: validate if this socket has access to this select
-
-        // validate data
-
-        if (typeof data["eventType"] !== "string") {
-          throw new BadDataException("eventType is not a string");
-        }
-        if (typeof data["modelType"] !== "string") {
-          throw new BadDataException("modelType is not a string");
-        }
-        if (typeof data["modelName"] !== "string") {
-          throw new BadDataException("modelName is not a string");
-        }
-        if (typeof data["query"] !== "object") {
-          throw new BadDataException("query is not an object");
-        }
-        if (typeof data["tenantId"] !== "string") {
-          throw new BadDataException("tenantId is not a string");
-        }
-        if (typeof data["select"] !== "object") {
-          throw new BadDataException("select is not an object");
-        }
-
-        await Realtime.listenToModelEvent(socket, {
-          eventType: data["eventType"] as ModelEventType,
-          modelType: data["modelType"] as DatabaseType,
-          modelName: data["modelName"] as string,
-          query: JSONFunctions.deserialize(data["query"] as JSONObject),
-          tenantId: data["tenantId"] as string,
-          select: JSONFunctions.deserialize(data["select"] as JSONObject),
+      this.socketServer!.on("connection", (socket: Socket) => {
+        logger.debug("New socket connection established");
+
+        socket.on(EventName.ListenToModalEvent, async (data: JSONObject) => {
+          logger.debug("Received ListenToModalEvent with data:");
+          logger.debug(data);
+
+          if (typeof data["eventType"] !== "string") {
+            logger.error("eventType is not a string");
+            throw new BadDataException("eventType is not a string");
+          }
+          if (typeof data["modelType"] !== "string") {
+            logger.error("modelType is not a string");
+            throw new BadDataException("modelType is not a string");
+          }
+          if (typeof data["modelName"] !== "string") {
+            logger.error("modelName is not a string");
+            throw new BadDataException("modelName is not a string");
+          }
+          if (typeof data["tenantId"] !== "string") {
+            logger.error("tenantId is not a string");
+            throw new BadDataException("tenantId is not a string");
+          }
+
+          await Realtime.listenToModelEvent(socket, {
+            eventType: data["eventType"] as ModelEventType,
+            modelType: data["modelType"] as DatabaseType,
+            modelName: data["modelName"] as string,
+            tenantId: data["tenantId"] as string,
+          });
         });
       });
-    });
+    }
 
     return this.socketServer;
   }
@@ -81,66 +81,275 @@ export default abstract class Realtime {
     socket: Socket,
     data: ListenToModelEventJSON,
   ): Promise<void> {
+    logger.debug("Listening to model event with data:");
+    logger.debug(data);
+
     if (!this.socketServer) {
+      logger.debug("Socket server not initialized, initializing now");
       await this.init();
     }
 
-    const roomId: string = RealtimeUtil.getRoomId(
-      data.tenantId,
-      data.modelName,
-      data.eventType,
-    );
+    // before joining room check the user token and check if the user has access to this tenant
+    // and to this model and to this event type
+
+    logger.debug("Extracting user access token from socket");
+    const userAccessToken: string | undefined =
+      this.getAccessTokenFromSocket(socket);
+
+    if (!userAccessToken) {
+      logger.debug(
+        "User access token not found in socket, aborting joining room",
+      );
+      return;
+    }
+
+    logger.debug("Decoding user access token");
+    const userAuthorizationData: JSONWebTokenData =
+      JSONWebToken.decode(userAccessToken);
+
+    if (!userAuthorizationData) {
+      logger.debug(
+        "User authorization data not found in socket, aborting joining room",
+      );
+      return;
+    }
+
+    if (!userAuthorizationData.userId) {
+      logger.debug("User ID not found in socket, aborting joining room");
+      return;
+    }
+
+    logger.debug("Checking user access permissions");
+    let hasAccess: boolean = false;
+
+    if (userAuthorizationData.isMasterAdmin) {
+      logger.debug("User is a master admin, granting access");
+      hasAccess = true;
+    }
+
+    logger.debug("Fetching user global access permissions");
+    const userGlobalAccessPermission: UserGlobalAccessPermission | null =
+      await UserPermissionUtil.getUserGlobalAccessPermissionFromCache(
+        userAuthorizationData.userId,
+      );
+
+    // check if the user has access to this tenant
+    if (userGlobalAccessPermission && !hasAccess) {
+      logger.debug("Checking if user has access to the tenant");
+      const hasAccessToProjectId: boolean =
+        userGlobalAccessPermission.projectIds.some((projectId: ObjectID) => {
+          return projectId.toString() === data.tenantId.toString();
+        });
+
+      if (!hasAccessToProjectId) {
+        logger.debug(
+          "User does not have access to this tenant, aborting joining room",
+        );
+        return;
+      }
+
+      logger.debug("User has access to the tenant, checking model access");
+      const userId: ObjectID = new ObjectID(
+        userAuthorizationData.userId.toString(),
+      );
+      const projectId: ObjectID = new ObjectID(data.tenantId.toString());
+
+      // if it has the access to the tenant, check if it has access to the model
+      const userTenantAccessPermission: UserTenantAccessPermission | null =
+        await UserPermissionUtil.getUserTenantAccessPermissionFromCache(
+          userId,
+          projectId,
+        );
+
+      let databaseRequestType: DatabaseRequestType = DatabaseRequestType.Read;
+
+      if (data.eventType === ModelEventType.Create) {
+        logger.debug("Event type is Create, setting request type to Create");
+        databaseRequestType = DatabaseRequestType.Create;
+      }
+
+      if (data.eventType === ModelEventType.Update) {
+        logger.debug("Event type is Update, setting request type to Update");
+        databaseRequestType = DatabaseRequestType.Update;
+      }
+
+      if (data.eventType === ModelEventType.Delete) {
+        logger.debug("Event type is Delete, setting request type to Delete");
+        databaseRequestType = DatabaseRequestType.Delete;
+      }
+
+      // check if the user has access to this model
+      if (
+        userTenantAccessPermission &&
+        this.hasPermissionsByModelName(
+          userTenantAccessPermission,
+          data.modelName,
+          databaseRequestType,
+        )
+      ) {
+        logger.debug("User has access to the model, granting access");
+        hasAccess = true;
+      }
+    }
+
+    if (!hasAccess) {
+      logger.debug(
+        "User does not have access to this tenant, aborting joining room",
+      );
+      return;
+    }
+
+    if (data.modelId) {
+      const modelRoomId: string = RealtimeUtil.getRoomId(
+        data.tenantId,
+        data.modelName,
+        ModelEventType.Create,
+        data.modelId,
+      );
 
-    // join the room.
-    await socket.join(roomId);
+      logger.debug(`Joining room with ID: ${modelRoomId}`);
+      // join the room.
+      await socket.join(modelRoomId);
+    } else {
+      const roomId: string = RealtimeUtil.getRoomId(
+        data.tenantId,
+        data.modelName,
+        data.eventType,
+      );
+
+      logger.debug(`Joining room with ID: ${roomId}`);
+      // join the room.
+      await socket.join(roomId);
+    }
   }
 
   public static async stopListeningToModelEvent(
     socket: Socket,
     data: ListenToModelEventJSON,
   ): Promise<void> {
+    logger.debug("Stopping listening to model event with data:");
+    logger.debug(data);
+
     if (!this.socketServer) {
+      logger.debug("Socket server not initialized, initializing now");
       await this.init();
     }
 
-    // leave this room.
-    await socket.leave(
-      RealtimeUtil.getRoomId(data.tenantId, data.modelName, data.eventType),
+    const roomId: string = RealtimeUtil.getRoomId(
+      data.tenantId,
+      data.modelName,
+      data.eventType,
+      data.modelId,
     );
+
+    logger.debug(`Leaving room with ID: ${roomId}`);
+    // leave this room.
+    await socket.leave(roomId);
   }
 
   public static async emitModelEvent(data: {
     tenantId: string | ObjectID;
     eventType: ModelEventType;
-    model: BaseModel | AnalyticsBaseModel;
+    modelId: ObjectID;
     modelType: { new (): BaseModel | AnalyticsBaseModel };
   }): Promise<void> {
+    logger.debug("Emitting model event with data:");
+    logger.debug(`Tenant ID: ${data.tenantId}`);
+    logger.debug(`Event Type: ${data.eventType}`);
+    logger.debug(`Model ID: ${data.modelId}`);
+
     if (!this.socketServer) {
+      logger.debug("Socket server not initialized, initializing now");
       await this.init();
     }
 
-    let jsonObject: JSONObject = {};
+    const jsonObject: JSONObject = {
+      modelId: data.modelId.toString(),
+    };
 
-    if (data.model instanceof BaseModel) {
-      jsonObject = BaseModel.toJSON(
-        data.model,
-        data.modelType as DatabaseBaseModelType,
-      );
-    }
+    const model: BaseModel | AnalyticsBaseModel = new data.modelType();
 
-    if (data.model instanceof AnalyticsBaseModel) {
-      jsonObject = AnalyticsBaseModel.toJSON(
-        data.model,
-        data.modelType as AnalyticsBaseModelType,
-      );
+    if (!model.tableName) {
+      logger.warn("Model does not have a tableName, aborting emit");
+      return;
     }
 
     const roomId: string = RealtimeUtil.getRoomId(
       data.tenantId,
-      data.model.tableName!,
+      model.tableName!,
       data.eventType,
     );
 
+    const modelRoomId: string = RealtimeUtil.getRoomId(
+      data.tenantId,
+      model.tableName!,
+      ModelEventType.Create,
+      data.modelId,
+    );
+
+    logger.debug(`Emitting event to room with ID: ${roomId}`);
+    logger.debug(jsonObject);
+
     this.socketServer!.to(roomId).emit(roomId, jsonObject);
+    this.socketServer!.to(modelRoomId).emit(modelRoomId, jsonObject);
+  }
+
+  public static hasPermissionsByModelName(
+    userProjectPermissions: UserTenantAccessPermission | Array<Permission>,
+    modelName: string,
+    requestType: DatabaseRequestType,
+  ): boolean {
+    let modelPermissions: Array<Permission> = [];
+
+    let modelType:
+      | { new (): BaseModel }
+      | { new (): AnalyticsBaseModel }
+      | null = getModelTypeByName(modelName);
+
+    if (!modelType) {
+      // check if it is an analytics model
+      modelType = getAnalyticsModelTypeByname(modelName);
+
+      if (!modelType) {
+        return false;
+      }
+    }
+
+    if (requestType === DatabaseRequestType.Create) {
+      modelPermissions = new modelType().getCreatePermissions();
+    }
+
+    if (requestType === DatabaseRequestType.Read) {
+      modelPermissions = new modelType().getReadPermissions();
+    }
+
+    if (requestType === DatabaseRequestType.Update) {
+      modelPermissions = new modelType().getUpdatePermissions();
+    }
+
+    if (requestType === DatabaseRequestType.Delete) {
+      modelPermissions = new modelType().getDeletePermissions();
+    }
+
+    return ModelPermission.hasPermissions(
+      userProjectPermissions,
+      modelPermissions,
+    );
+  }
+
+  public static getAccessTokenFromSocket(socket: Socket): string | undefined {
+    let accessToken: string | undefined = undefined;
+
+    if (socket.handshake.headers.cookie) {
+      const cookies: Dictionary<string> = CookieUtil.getCookiesFromCookieString(
+        socket.handshake.headers.cookie,
+      );
+
+      if (cookies[CookieUtil.getUserTokenKey()]) {
+        accessToken = cookies[CookieUtil.getUserTokenKey()];
+      }
+    }
+
+    return accessToken;
   }
 }