Skip to content

Refactor auth flow #425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 29, 2023
Merged

Refactor auth flow #425

merged 5 commits into from
May 29, 2023

Conversation

trueleo
Copy link
Contributor

@trueleo trueleo commented May 27, 2023
edited
Loading

Part of #250

Description

  • Authentication and Authorization are merged into single middleware.
  • Added AuthMap for better permission lookup
  • Permissions are loaded lazily into AuthMap once user is authenticated

@github-actions
Copy link
Contributor

github-actions bot commented May 27, 2023
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@trueleo
Copy link
Contributor Author

trueleo commented May 27, 2023

I have read the CLA Document and I hereby sign the CLA

github-actions bot added a commit that referenced this pull request May 27, 2023
@github-actions
@trueleo has signed the CLA in #425
c55be20
@nitisht nitisht mentioned this pull request May 27, 2023
Closed
7 tasks
nitisht
nitisht reviewed May 27, 2023
View reviewed changes
server/src/handlers/http/middleware.rs
let is_auth = creds.map(|creds| {
let (username, password) = creds;
Users.authenticate(username, password, self.action, stream)
});
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is is_auth?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The type is result of authentication and authorization. Type of creds is Result<> which i can only return in the async block down below. So have to .map for calling authenticate

Users.authenticate does both authentication and authorization.

server/src/rbac.rs
pub static USER_AUTHORIZATION_MAP: OnceCell<RwLock<UserPermMap>> = OnceCell::new();
pub static USER_MAP: OnceCell<RwLock<UserMap>> = OnceCell::new();
pub static AUTH_MAP: OnceCell<RwLock<AuthMap>> = OnceCell::new();

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the purpose of two different maps here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If any changes made to user ( password change, role update, etc.. ) it is updated in memory in the Usermap Hashmap<username, User>. The User contains password hash and role information. While AuthMap is for quick authentication and authorization, it is HashMap<(user, pass), Vec>. Any changes made to User will reset the AuthMap and upon authentication user perms is reloaded into this map

nitisht
nitisht approved these changes May 29, 2023
View reviewed changes
Copy link
Member

@nitisht nitisht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM & Tested

@nitisht nitisht merged commit 45cfe77 into parseablehq:main May 29, 2023
@github-actions github-actions bot locked and limited conversation to collaborators May 29, 2023
@trueleo trueleo deleted the auth branch June 2, 2023 07:56
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nitisht nitisht nitisht approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trueleo @nitisht