super-graph/serv/prepare.go

package serv

import (
	"bytes"
	"context"
	"fmt"
	"io"

	"github.com/dosco/super-graph/qcode"
	"github.com/jackc/pgconn"
	"github.com/jackc/pgx/v4"
	"github.com/valyala/fasttemplate"
)

type preparedItem struct {
	sd      *pgconn.StatementDescription
	args    [][]byte
	st      stmt
	roleArg bool
}

var (
	_preparedList map[string]*preparedItem
)

func initPreparedList() {
	_preparedList = make(map[string]*preparedItem)

	tx, err := db.Begin(context.Background())
	if err != nil {
		errlog.Fatal().Err(err).Send()
	}
	defer tx.Rollback(context.Background()) //nolint: errcheck

	err = prepareRoleStmt(tx)
	if err != nil {
		errlog.Fatal().Err(err).Msg("failed to prepare get role statement")
	}

	if err := tx.Commit(context.Background()); err != nil {
		errlog.Fatal().Err(err).Send()
	}

	success := 0

	for _, v := range _allowList.list {
		if len(v.gql) == 0 {
			continue
		}

		err := prepareStmt(v.gql, v.vars)
		if err == nil {
			success++
			continue
		}

		if len(v.vars) == 0 {
			logger.Warn().Err(err).Msg(v.gql)
		} else {
			logger.Warn().Err(err).Msgf("%s %s", v.vars, v.gql)
		}
	}

	logger.Info().
		Msgf("Registered %d of %d queries from allow.list as prepared statements",
			success, len(_allowList.list))
}

func prepareStmt(gql string, vars []byte) error {
	qt := qcode.GetQType(gql)
	q := []byte(gql)

	if len(vars) == 0 {
		logger.Debug().Msgf("Prepared statement:\n%s\n", gql)
	} else {
		logger.Debug().Msgf("Prepared statement:\n%s\n%s\n", vars, gql)
	}

	tx, err := db.Begin(context.Background())
	if err != nil {
		return err
	}
	defer tx.Rollback(context.Background()) //nolint: errcheck

	switch qt {
	case qcode.QTQuery:
		var stmts1 []stmt
		var err error

		if conf.isABACEnabled() {
			stmts1, err = buildMultiStmt(q, vars)
		} else {
			stmts1, err = buildRoleStmt(q, vars, "user")
		}

		if err != nil {
			return err
		}

		logger.Debug().Msg("Prepared statement role: user")

		err = prepare(tx, stmts1, gqlHash(gql, vars, "user"))
		if err != nil {
			return err
		}

		if conf.isAnonRoleDefined() {
			logger.Debug().Msg("Prepared statement for role: anon")

			stmts2, err := buildRoleStmt(q, vars, "anon")
			if err != nil {
				return err
			}

			err = prepare(tx, stmts2, gqlHash(gql, vars, "anon"))
			if err != nil {
				return err
			}
		}

	case qcode.QTMutation:
		for _, role := range conf.Roles {
			logger.Debug().Msgf("Prepared statement for role: %s", role.Name)

			stmts, err := buildRoleStmt(q, vars, role.Name)
			if err != nil {
				return err
			}

			err = prepare(tx, stmts, gqlHash(gql, vars, role.Name))
			if err != nil {
				return err
			}
		}
	}

	if err := tx.Commit(context.Background()); err != nil {
		return err
	}

	return nil
}

func prepare(tx pgx.Tx, st []stmt, key string) error {
	finalSQL, am := processTemplate(st[0].sql)

	sd, err := tx.Prepare(context.Background(), "", finalSQL)
	if err != nil {
		return err
	}

	_preparedList[key] = &preparedItem{
		sd:      sd,
		args:    am,
		st:      st[0],
		roleArg: len(st) > 1,
	}
	return nil
}

// nolint: errcheck
func prepareRoleStmt(tx pgx.Tx) error {
	if !conf.isABACEnabled() {
		return nil
	}

	w := &bytes.Buffer{}

	io.WriteString(w, `SELECT (CASE WHEN EXISTS (`)
	io.WriteString(w, conf.RolesQuery)
	io.WriteString(w, `) THEN `)

	io.WriteString(w, `(SELECT (CASE`)
	for _, role := range conf.Roles {
		if len(role.Match) == 0 {
			continue
		}
		io.WriteString(w, ` WHEN `)
		io.WriteString(w, role.Match)
		io.WriteString(w, ` THEN '`)
		io.WriteString(w, role.Name)
		io.WriteString(w, `'`)
	}

	io.WriteString(w, ` ELSE {{role}} END) FROM (`)
	io.WriteString(w, conf.RolesQuery)
	io.WriteString(w, `) AS "_sg_auth_roles_query" LIMIT 1) `)
	io.WriteString(w, `ELSE 'anon' END) FROM (VALUES (1)) AS "_sg_auth_filler" LIMIT 1; `)

	roleSQL, _ := processTemplate(w.String())

	_, err := tx.Prepare(context.Background(), "_sg_get_role", roleSQL)
	if err != nil {
		return err
	}

	return nil
}

func processTemplate(tmpl string) (string, [][]byte) {
	st := struct {
		vmap map[string]int
		am   [][]byte
		i    int
	}{
		vmap: make(map[string]int),
		am:   make([][]byte, 0, 5),
		i:    0,
	}

	execFunc := func(w io.Writer, tag string) (int, error) {
		if n, ok := st.vmap[tag]; ok {
			return w.Write([]byte(fmt.Sprintf("$%d", n)))
		}
		st.am = append(st.am, []byte(tag))
		st.i++
		st.vmap[tag] = st.i
		return w.Write([]byte(fmt.Sprintf("$%d", st.i)))
	}

	t1 := fasttemplate.New(tmpl, `'{{`, `}}'`)
	ts1 := t1.ExecuteFuncString(execFunc)

	t2 := fasttemplate.New(ts1, `{{`, `}}`)
	ts2 := t2.ExecuteFuncString(execFunc)

	return ts2, st.am
}
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`package serv`

			`import (`
			`"bytes"`
Add migrate command 2019-09-26 06:35:31 +02:00			`"context"`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`"fmt"`
			`"io"`

			`"github.com/dosco/super-graph/qcode"`
Add migrate command 2019-09-26 06:35:31 +02:00			`"github.com/jackc/pgconn"`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`"github.com/jackc/pgx/v4"`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`"github.com/valyala/fasttemplate"`
			`)`

			`type preparedItem struct {`
Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`sd *pgconn.StatementDescription`
			`args [][]byte`
			`st stmt`
			`roleArg bool`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`}`

			`var (`
			`_preparedList map[string]*preparedItem`
			`)`

			`func initPreparedList() {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`_preparedList = make(map[string]*preparedItem)`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`tx, err := db.Begin(context.Background())`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`if err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Err(err).Send()`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`}`
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`defer tx.Rollback(context.Background()) //nolint: errcheck`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`err = prepareRoleStmt(tx)`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if err != nil {`
			`errlog.Fatal().Err(err).Msg("failed to prepare get role statement")`
			`}`
Add support for prepared statements 2019-07-29 07:13:33 +02:00
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`if err := tx.Commit(context.Background()); err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Err(err).Send()`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`}`

Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`success := 0`

Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`for _, v := range _allowList.list {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if len(v.gql) == 0 {`
			`continue`
			`}`

Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`err := prepareStmt(v.gql, v.vars)`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if err == nil {`
			`success++`
			`continue`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`}`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if len(v.vars) == 0 {`
			`logger.Warn().Err(err).Msg(v.gql)`
			`} else {`
			`logger.Warn().Err(err).Msgf("%s %s", v.vars, v.gql)`
			`}`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`}`

Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`logger.Info().`
			`Msgf("Registered %d of %d queries from allow.list as prepared statements",`
			`success, len(_allowList.list))`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`}`

Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`func prepareStmt(gql string, vars []byte) error {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`qt := qcode.GetQType(gql)`
			`q := []byte(gql)`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00
Add nested mutations 2019-12-25 07:24:30 +01:00			`if len(vars) == 0 {`
			`logger.Debug().Msgf("Prepared statement:\n%s\n", gql)`
			`} else {`
			`logger.Debug().Msgf("Prepared statement:\n%s\n%s\n", vars, gql)`
			`}`

Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`tx, err := db.Begin(context.Background())`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`if err != nil {`
			`return err`
			`}`
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`defer tx.Rollback(context.Background()) //nolint: errcheck`
Add support for prepared statements 2019-07-29 07:13:33 +02:00
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`switch qt {`
			`case qcode.QTQuery:`
Add config driven custom table relationships 2019-12-09 07:48:18 +01:00			`var stmts1 []stmt`
			`var err error`

Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`if conf.isABACEnabled() {`
Add config driven custom table relationships 2019-12-09 07:48:18 +01:00			`stmts1, err = buildMultiStmt(q, vars)`
			`} else {`
			`stmts1, err = buildRoleStmt(q, vars, "user")`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`}`

			`if err != nil {`
			`return err`
			`}`
Add support for prepared statements 2019-07-29 07:13:33 +02:00
Add nested mutations 2019-12-25 07:24:30 +01:00			`logger.Debug().Msg("Prepared statement role: user")`

Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`err = prepare(tx, stmts1, gqlHash(gql, vars, "user"))`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if err != nil {`
			`return err`
			`}`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00
Add config driven custom table relationships 2019-12-09 07:48:18 +01:00			`if conf.isAnonRoleDefined() {`
Add nested mutations 2019-12-25 07:24:30 +01:00			`logger.Debug().Msg("Prepared statement for role: anon")`

Add config driven custom table relationships 2019-12-09 07:48:18 +01:00			`stmts2, err := buildRoleStmt(q, vars, "anon")`
			`if err != nil {`
			`return err`
			`}`

Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`err = prepare(tx, stmts2, gqlHash(gql, vars, "anon"))`
Add config driven custom table relationships 2019-12-09 07:48:18 +01:00			`if err != nil {`
			`return err`
			`}`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`}`

Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`case qcode.QTMutation:`
			`for _, role := range conf.Roles {`
Add nested mutations 2019-12-25 07:24:30 +01:00			`logger.Debug().Msgf("Prepared statement for role: %s", role.Name)`

Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`stmts, err := buildRoleStmt(q, vars, role.Name)`
			`if err != nil {`
			`return err`
			`}`

Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`err = prepare(tx, stmts, gqlHash(gql, vars, role.Name))`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if err != nil {`
			`return err`
			`}`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`}`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`}`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`if err := tx.Commit(context.Background()); err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`return err`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`}`

Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`return nil`
			`}`
Add support for prepared statements 2019-07-29 07:13:33 +02:00
Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`func prepare(tx pgx.Tx, st []stmt, key string) error {`
			`finalSQL, am := processTemplate(st[0].sql)`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`sd, err := tx.Prepare(context.Background(), "", finalSQL)`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`if err != nil {`
			`return err`
			`}`

			`_preparedList[key] = &preparedItem{`
Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`sd: sd,`
			`args: am,`
			`st: st[0],`
			`roleArg: len(st) > 1,`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`}`
			`return nil`
			`}`

Move license from MIT to Apache 2.0. Add Makefile 2019-11-28 07:25:46 +01:00			`// nolint: errcheck`
Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`func prepareRoleStmt(tx pgx.Tx) error {`
Fix documentation for DB relationships 2019-12-10 06:03:44 +01:00			`if !conf.isABACEnabled() {`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`return nil`
			`}`
Add support for prepared statements 2019-07-29 07:13:33 +02:00
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`w := &bytes.Buffer{}`

Add nested mutations 2019-12-25 07:24:30 +01:00			io.WriteString(w, `SELECT (CASE WHEN EXISTS (`)
			`io.WriteString(w, conf.RolesQuery)`
			io.WriteString(w, `) THEN `)

			io.WriteString(w, `(SELECT (CASE`)
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`for _, role := range conf.Roles {`
			`if len(role.Match) == 0 {`
			`continue`
			`}`
			io.WriteString(w, ` WHEN `)
			`io.WriteString(w, role.Match)`
			io.WriteString(w, ` THEN '`)
			`io.WriteString(w, role.Name)`
			io.WriteString(w, `'`)
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`}`

Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			io.WriteString(w, ` ELSE {{role}} END) FROM (`)
			`io.WriteString(w, conf.RolesQuery)`
Add nested mutations 2019-12-25 07:24:30 +01:00			io.WriteString(w, `) AS "_sg_auth_roles_query" LIMIT 1) `)
			io.WriteString(w, `ELSE 'anon' END) FROM (VALUES (1)) AS "_sg_auth_filler" LIMIT 1; `)
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00
			`roleSQL, _ := processTemplate(w.String())`

Add support for `websearch_to_tsquery` in PG 11 2019-12-02 16:52:22 +01:00			`_, err := tx.Prepare(context.Background(), "_sg_get_role", roleSQL)`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`if err != nil {`
			`return err`
			`}`

Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`return nil`
			`}`
Add support for prepared statements 2019-07-29 07:13:33 +02:00
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`func processTemplate(tmpl string) (string, [][]byte) {`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`st := struct {`
			`vmap map[string]int`
			`am [][]byte`
			`i int`
			`}{`
			`vmap: make(map[string]int),`
			`am: make([][]byte, 0, 5),`
			`i: 0,`
			`}`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`execFunc := func(w io.Writer, tag string) (int, error) {`
			`if n, ok := st.vmap[tag]; ok {`
Get RBAC working for queries and mutations 2019-10-24 08:07:42 +02:00			`return w.Write([]byte(fmt.Sprintf("$%d", n)))`
			`}`
Optimize db queries limit use of transactions 2019-11-21 08:14:12 +01:00			`st.am = append(st.am, []byte(tag))`
			`st.i++`
			`st.vmap[tag] = st.i`
			`return w.Write([]byte(fmt.Sprintf("$%d", st.i)))`
			`}`

			t1 := fasttemplate.New(tmpl, `'{{`, `}}'`)
			`ts1 := t1.ExecuteFuncString(execFunc)`

			t2 := fasttemplate.New(ts1, `{{`, `}}`)
			`ts2 := t2.ExecuteFuncString(execFunc)`

			`return ts2, st.am`
Add support for prepared statements 2019-07-29 07:13:33 +02:00			`}`