querysub 0.2.0

package/src/4-querysub/permissions.ts

@@ -0,0 +1,289 @@
+import { cache, cacheLimited } from "socket-function/src/caching";
+import { measureFnc, measureWrap, nameFunction } from "socket-function/src/profiling/measure";
+import { getPathSuffix, getPathDepth, trimPathStrToDepth, getPathFromStr, rootPathStr, getPathIndex, getPathStr1, joinPathStres, appendToPathStr, getPathStr } from "../path";
+import { atomic, atomicObjectRead, isSynced, proxyWatcher } from "../2-proxy/PathValueProxyWatcher";
+import { SchemaObject, getSchemaObject, hasWildcardMatch, getWildcardMatches, PERMISSIONS_FUNCTION_ID, PermissionsCheckResult } from "../3-path-functions/syncSchema";
+import { getModuleFromConfig } from "../3-path-functions/pathFunctionLoader";
+import { getSchemaPartsFromPath, functionSchema, DEPTH_TO_DATA, overrideCurrentCall, CallSpec, FunctionSpec, DOMAIN_INDEX, MODULE_INDEX } from "../3-path-functions/PathFunctionRunner";
+import debugbreak from "debugbreak";
+import { blue, red, yellow } from "socket-function/src/formatting/logColors";
+import { ignoreErrors } from "../errors";
+import { epochTime } from "../0-path-value-core/pathValueCore";
+import { isClient } from "../config2";
+import { sort } from "socket-function/src/misc";
+import { Querysub } from "./QuerysubController";
+import { CALL_PERMISSIONS_KEY } from "./permissionsShared";
+
+function watchModule(config: FunctionSpec): NodeJS.Module | undefined {
+    let module = getModuleFromConfig(config);
+    if (module && typeof module === "object" && module instanceof Promise) {
+        // NOTE: The errors should throw correctly when proxyWatch is triggered (which will be immediately
+        //  after our ignore handler runs), because the underlying implementation should convert promises
+        //  to throws (or undefined, if errors are ignored).
+        ignoreErrors(module);
+        proxyWatcher.triggerOnPromiseFinish(module, { waitReason: "waitForModuleToLoad" });
+        return undefined;
+    }
+    return module;
+}
+
+const callPermissionsPath = getPathStr1(CALL_PERMISSIONS_KEY);
+
+/** NOTE: This can only be used synchronously, and must be recreated after the current
+ *      synchronous code is finished.
+ */
+export class PermissionsCheck {
+    private dead = false;
+    public static skippingChecks = false;
+
+    public static DEBUG = false;
+
+    constructor(private callerConfig: { callerMachineId: string; callerIP: string; }) {
+        setImmediate(() => this.dead = true);
+    }
+
+    private perSchema = cache((schema: SchemaObject) => {
+        return new PermissionsCheckSchema({ machineID: this.callerConfig.callerMachineId, IP: this.callerConfig.callerIP }, schema);
+    });
+
+    private getModulePermissions = cache((domainName: string) => {
+        return cache((moduleId: string) => {
+            let functionConfigProxy = PermissionsCheck.skipPermissionsChecks(() =>
+                functionSchema()[domainName].PathFunctionRunner[moduleId].Sources[PERMISSIONS_FUNCTION_ID],
+            );
+            const functionConfig = PermissionsCheck.skipPermissionsChecks(() => atomic(functionConfigProxy));
+            if (!functionConfig) {
+                if (isSynced(functionConfigProxy)) {
+                    console.warn(red(`Missing path to permissions. You might need to rerun "yarn deploy", ensuring all schemas are imported in a file called "/deploy.ts". Path ${domainName}.${moduleId}.${PERMISSIONS_FUNCTION_ID}`));
+                }
+                return undefined;
+            }
+            let module: NodeJS.Module | undefined;
+            try {
+                module = watchModule(functionConfig);
+            } catch (e: any) {
+                console.warn(yellow(`Rejecting permissions due to error when loading module ${functionConfig.gitURL}#${functionConfig.gitRef}:${functionConfig.FilePath}\n${e.stack}`));
+                return undefined;
+            }
+
+            if (!module) return undefined;
+            return getSchemaObject(module);
+        });
+    });
+
+    pathPartsCache = new Map<string, {
+        domainName: string;
+        moduleId: string;
+        pathPrefix: string;
+        rootKey: string;
+        callExamplePath: string;
+        emptyKeyPath: string;
+    }>();
+    // IMPORTANT! This function USED TO BE a major hotspot for function evaluation, and so is heavily optimized.
+    public checkPermissions(path: string): { permissionsPath: string; allowed: boolean; } {
+        if (this.dead) throw new Error("PermissionsCheck MUST be used synchronously, after which it cannot be reused");
+        if (PermissionsCheck.skippingChecks) return { permissionsPath: rootPathStr, allowed: true };
+
+        let pathPrefix = trimPathStrToDepth(path, DEPTH_TO_DATA);
+        let pathParts = this.pathPartsCache.get(pathPrefix);
+        if (!pathParts) {
+            const domainName = getPathIndex(path, DOMAIN_INDEX) || "";
+            const moduleId = getPathIndex(path, MODULE_INDEX) || "";
+            let rootKey = getPathIndex(path, DEPTH_TO_DATA - 1) || "";
+
+            pathParts = {
+                domainName,
+                moduleId,
+                pathPrefix,
+                rootKey,
+                callExamplePath: appendToPathStr(pathPrefix, "ExampleCallId"),
+                emptyKeyPath: appendToPathStr(pathPrefix, ""),
+            };
+            this.pathPartsCache.set(pathPrefix, pathParts);
+        }
+
+        if (!pathParts.domainName) return { permissionsPath: trimPathStrToDepth(path, DOMAIN_INDEX + 1), allowed: false };
+        if (!pathParts.moduleId) return { permissionsPath: trimPathStrToDepth(path, MODULE_INDEX + 1), allowed: false };
+        if (!pathParts.rootKey) return { permissionsPath: trimPathStrToDepth(path, DEPTH_TO_DATA), allowed: false };
+
+        const schema = this.getModulePermissions(pathParts.domainName)(pathParts.moduleId);
+        if (!schema) return { permissionsPath: trimPathStrToDepth(path, MODULE_INDEX + 1), allowed: false };
+
+        let instance = this.perSchema(schema);
+        instance.pathPrefix = pathPrefix;
+
+        const rootKey = pathParts.rootKey;
+
+        if (rootKey === "Module" || rootKey === "Sources") {
+            return instance.checkPermissionsBase(callPermissionsPath);
+        }
+        if (rootKey === "Calls" || rootKey === "Results") {
+            // Don't allow "" call to be read, as this would allow running Object.values() to read all calls.
+            if (path === pathParts.emptyKeyPath) return { permissionsPath: path, allowed: false };
+            // NOTE: A lot of the time, anyone will technically be able to read calls, as we don't inspect the call.
+            //  However... they would need to know the id, which will be very hard to guess.
+            //  - Also inspecting the call adds a lot of call overhead, so we would prefer not to do that.
+            let result = instance.checkPermissionsBase(callPermissionsPath);
+            return {
+                // Make sure the path is specific, so when we are called again callId is not undefined
+                permissionsPath: pathParts.callExamplePath,
+                allowed: result.allowed
+            };
+        }
+        if (rootKey === "Data") {
+            let dataPath = getPathSuffix(path, DEPTH_TO_DATA);
+            return instance.checkPermissionsBase(dataPath);
+        }
+        return { permissionsPath: path, allowed: false };
+    }
+
+    public static ignorePermissionsChecks = this.skipPermissionsChecks;
+    public static skipPermissionsChecks<T>(code: () => T) {
+        let prev = this.skippingChecks;
+        this.skippingChecks = true;
+        try {
+            return code();
+        } finally {
+            this.skippingChecks = prev;
+        }
+    }
+}
+class PermissionsCheckSchema {
+    public pathPrefix = rootPathStr;
+
+    constructor(private callerConfig: { machineID: string; IP: string }, private schema: SchemaObject) { }
+    private exampleCall: CallSpec = {
+        callerMachineId: this.callerConfig.machineID,
+        callerIP: this.callerConfig.IP,
+        CallId: "",
+        DomainName: "",
+        FunctionId: "",
+        ModuleId: "",
+        runAtTime: epochTime,
+        argsEncoded: "",
+    };
+
+    /** Converts a specific path to a more general path. All paths which map to this general path
+     *      will have identical permissions checks.
+     */
+    private getCachePermissionsPath(path: string): string {
+        if (this.schema.permissionsNonWildcards.has(path)) {
+            return path;
+        }
+        let depth = getPathDepth(path);
+        for (let i = depth - 1; i > 0; i--) {
+            let ancestorPath = trimPathStrToDepth(path, i);
+            if (this.schema.permissionsNonWildcards.has(ancestorPath)) {
+                return ancestorPath;
+            }
+        }
+        if (this.schema.permissionsWildcards.length > 0) {
+            let valuePath = getPathFromStr(path);
+            // Using a tree would be algorithmically faster, but... might not even be faster in practice?
+            //  (at least for a small number of checks, which there should almost always be)
+            for (let wildcardCheck of this.schema.permissionsWildcards) {
+                if (hasWildcardMatch(wildcardCheck.pathParts, valuePath)) {
+                    return trimPathStrToDepth(path, wildcardCheck.pathParts.length);
+                }
+            }
+        }
+
+        return rootPathStr;
+    }
+
+    // NOTE: For our trivial "127.0.0.1" check this cache isn't needed. But permissions checks might be A LOT slower,
+    //  so it is important to cache it based on the permissionsPath.
+    private checkCache = cacheLimited(1000 * 1000, measureWrap((permissionsPath: string) => {
+        let checks = this.getChecks(permissionsPath);
+        let allowed = overrideCurrentCall(this.exampleCall, () => {
+            // NOTE: If we read inside of a permissions check we don't want to ALSO check
+            //  permissions checks on those because:
+            //  1) It might infinitely loop
+            //  2) When checking permissions we need to be allowed to read all values!
+            return PermissionsCheck.skipPermissionsChecks(() => {
+                for (let check of checks) {
+                    try {
+                        let result = check();
+                        if (!result && PermissionsCheck.DEBUG) {
+                            let anyUnsynced = false;
+                            try {
+                                anyUnsynced = Querysub.anyUnsynced();
+                            } catch { }
+                            if (!anyUnsynced) {
+                                // NOTE: This gets loud, as it happens EVERY TIME we check permissions. We already have a check in QuerysubController,
+                                //  which should be enough.
+                                //console.log(blue(`Denied permissions for ${joinPathStres(this.pathPrefix, permissionsPath)} due to check at ${(check as any).debugName}`));
+                                check();
+                            }
+                        }
+                        if (typeof result === "object") {
+                            if (!result.allowed) {
+                                return false;
+                            }
+                            if (result.skipParentChecks) {
+                                return result.allowed;
+                            }
+                        } else if (!result) {
+                            return false;
+                        }
+                    } catch {
+                        return false;
+                    }
+                }
+                return true;
+            });
+        });
+        return { permissionsPath: joinPathStres(this.pathPrefix, permissionsPath), allowed };
+    }, "permissionsCheckInsideCache"));
+
+    public checkPermissionsBase(dataPath: string): { permissionsPath: string; allowed: boolean; } {
+        let permissionsPath = this.getCachePermissionsPath(dataPath);
+        return this.checkCache(permissionsPath);
+    }
+    // NOTE: We don't cache the result of a permissions check, because it might change while
+    //  a function is evaluating. If they need to be skipped for the purposes of speed (which is hard
+    //  to believe, considering all the other sources of overhead we have), skipPermissionsChecks
+    //  can be used to quickly skip them.
+    private getChecks = cacheLimited(1000 * 1000, ((path: string): (() => PermissionsCheckResult)[] => {
+        let checks: {
+            check: () => PermissionsCheckResult;
+            path: string;
+        }[] = [];
+        let depth = getPathDepth(path);
+        for (let i = depth; i >= 0; i--) {
+            let ancestorPath = trimPathStrToDepth(path, i);
+            const permissions = this.schema.permissionsNonWildcards.get(ancestorPath);
+            if (permissions) {
+                let check = () => permissions({
+                    callerMachineId: this.callerConfig.machineID,
+                    matchedPath: ancestorPath,
+                    pathWildcards: [],
+                });
+                if (PermissionsCheck.DEBUG) {
+                    Object.assign(check, { debugName: ancestorPath });
+                }
+                checks.push({ check, path: ancestorPath });
+            }
+        }
+        // Using a tree would be algorithmically faster, but... might not even be faster in practice?
+        //  (at least for a small number of checks, which there should almost always be)
+        for (let wildcardCheck of this.schema.permissionsWildcards) {
+            let matches = getWildcardMatches(wildcardCheck.pathParts, getPathFromStr(path));
+            if (!matches) continue;
+            let matchedPath = trimPathStrToDepth(path, wildcardCheck.pathParts.length);
+            let check = () => wildcardCheck.callback({
+                callerMachineId: this.callerConfig.machineID,
+                matchedPath,
+                pathWildcards: matches || [],
+            });
+            if (PermissionsCheck.DEBUG) {
+                Object.assign(check, { debugName: wildcardCheck.pathParts.join(".") });
+            }
+            checks.push({ check, path: matchedPath });
+        }
+
+        sort(checks, x => -x.path.length);
+
+        return checks.map(x => x.check);
+    }));
+}

package/src/4-querysub/permissionsShared.ts

@@ -0,0 +1 @@
+export const CALL_PERMISSIONS_KEY = "CALL_PERMISSIONS_KEY" as "CALL_PERMISSIONS_KEY";