@teamkeel/functions-runtime 0.362.0 → 0.363.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/handleJob.js +2 -1
- package/src/tryExecuteJob.js +25 -0
package/package.json
CHANGED
package/src/handleJob.js
CHANGED
|
@@ -9,6 +9,7 @@ const { errorToJSONRPCResponse, RuntimeErrors } = require("./errors");
|
|
|
9
9
|
const opentelemetry = require("@opentelemetry/api");
|
|
10
10
|
const { withSpan } = require("./tracing");
|
|
11
11
|
const { PROTO_ACTION_TYPES } = require("./consts");
|
|
12
|
+
const { tryExecuteJob } = require("./tryExecuteJob");
|
|
12
13
|
|
|
13
14
|
// Generic handler function that is agnostic to runtime environment (local or lambda)
|
|
14
15
|
// to execute a job function based on the contents of a jsonrpc-2.0 payload object.
|
|
@@ -58,7 +59,7 @@ async function handleJob(request, config) {
|
|
|
58
59
|
// Jobs will have no permission functions yet.
|
|
59
60
|
permissionFns[request.method] = [];
|
|
60
61
|
|
|
61
|
-
|
|
62
|
+
await tryExecuteJob(
|
|
62
63
|
{ request, ctx, permissionFns, permitted, db, actionType },
|
|
63
64
|
async () => {
|
|
64
65
|
// Return the job function to the containing tryExecuteFunction block
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
const { withDatabase } = require("./database");
|
|
2
|
+
const {
|
|
3
|
+
withPermissions,
|
|
4
|
+
PERMISSION_STATE,
|
|
5
|
+
PermissionError,
|
|
6
|
+
} = require("./permissions");
|
|
7
|
+
|
|
8
|
+
// tryExecuteJob will create a new database transaction around a function call
|
|
9
|
+
// and handle any permissions checks. If a permission check fails, then an Error will be thrown and the catch block will be hit.
|
|
10
|
+
function tryExecuteJob({ db, permitted, actionType, request }, cb) {
|
|
11
|
+
return withPermissions(permitted, async ({ getPermissionState }) => {
|
|
12
|
+
return withDatabase(db, actionType, async ({ transaction }) => {
|
|
13
|
+
await cb();
|
|
14
|
+
|
|
15
|
+
// api.permissions maintains an internal state of whether the current operation has been *explicitly* permitted/denied by the user in the course of their custom function, or if execution has already been permitted by a role based permission (evaluated in the main runtime).
|
|
16
|
+
// we need to check that the final state is permitted or unpermitted. if it's not, then it means that the user has taken no explicit action to permit/deny
|
|
17
|
+
// and therefore we default to checking the permissions defined in the schema automatically.
|
|
18
|
+
if (getPermissionState() === PERMISSION_STATE.UNPERMITTED) {
|
|
19
|
+
throw new PermissionError(`Not permitted to access ${request.method}`);
|
|
20
|
+
}
|
|
21
|
+
});
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
module.exports.tryExecuteJob = tryExecuteJob;
|