Fix bugs and add new production mode

2019-11-07 02:37:24 -05:00
parent c7e63a6200
commit 605ec63466
13 changed files with 67 additions and 44 deletions
--- a/serv/allow.go
+++ b/serv/allow.go
@ -71,7 +71,7 @@ func initAllowList(cpath string) {
 	}

 	if len(_allowList.filepath) == 0 {
-		if conf.UseAllowList {
+		if conf.Production {
 			logger.Fatal().Msg("allow.list not found")
 		}

--- a/serv/cmd_seed.go
+++ b/serv/cmd_seed.go
@ -21,7 +21,7 @@ func cmdDBSeed(cmd *cobra.Command, args []string) {
 		logger.Fatal().Err(err).Msg("failed to read config")
 	}

-	conf.UseAllowList = false
+	conf.Production = false

 	db, err = initDBPool(conf)
 	if err != nil {
--- a/serv/config.go
+++ b/serv/config.go
@ -23,6 +23,7 @@ type config struct {
 	LogLevel       string `mapstructure:"log_level"`
 	EnableTracing  bool   `mapstructure:"enable_tracing"`
 	UseAllowList   bool   `mapstructure:"use_allow_list"`
+	Production     bool
 	WatchAndReload bool   `mapstructure:"reload_on_config_change"`
 	AuthFailBlock  bool   `mapstructure:"auth_fail_block"`
 	SeedFile       string `mapstructure:"seed_file"`
@ -142,9 +143,10 @@ type configRoleTable struct {
 }

 type configRole struct {
-	Name   string
-	Match  string
-	Tables []configRoleTable
+	Name      string
+	Match     string
+	Tables    []configRoleTable
+	tablesMap map[string]*configRoleTable
 }

 func newConfig(name string) *viper.Viper {
@ -195,6 +197,10 @@ func (c *config) Init(vi *viper.Viper) error {
 		c.Tables = c.DB.Tables
 	}

+	if c.UseAllowList {
+		c.Production = true
+	}
+
 	for k, v := range c.Inflections {
 		flect.AddPlural(k, v)
 	}
@ -219,13 +225,19 @@ func (c *config) Init(vi *viper.Viper) error {
 	rolesMap := make(map[string]struct{})

 	for i := range c.Roles {
-		role := c.Roles[i]
+		role := &c.Roles[i]

 		if _, ok := rolesMap[role.Name]; ok {
 			logger.Fatal().Msgf("duplicate role '%s' found", role.Name)
 		}
 		role.Name = sanitize(role.Name)
 		role.Match = sanitize(role.Match)
+		role.tablesMap = make(map[string]*configRoleTable)
+
+		for n, table := range role.Tables {
+			role.tablesMap[table.Name] = &role.Tables[n]
+		}
+
 		rolesMap[role.Name] = struct{}{}
 	}

--- a/serv/core.go
+++ b/serv/core.go
@ -54,7 +54,7 @@ func (c *coreContext) execQuery() ([]byte, error) {

 	logger.Debug().Str("role", c.req.role).Msg(c.req.Query)

-	if conf.UseAllowList {
+	if conf.Production {
 		var ps *preparedItem

 		data, ps, err = c.resolvePreparedSQL()
@ -256,7 +256,7 @@ func (c *coreContext) resolveSQL() ([]byte, uint32, error) {
 			stime)
 	}

-	if conf.UseAllowList == false {
+	if conf.Production == false {
 		_allowList.add(&c.req)
 	}

--- a/serv/core_build.go
+++ b/serv/core_build.go
@ -41,17 +41,22 @@ func (c *coreContext) buildStmt() ([]stmt, error) {
 	mutation := (qc.Type != qcode.QTQuery)
 	w := &bytes.Buffer{}

-	for i := range conf.Roles {
+	for i := 1; i < len(conf.Roles); i++ {
 		role := &conf.Roles[i]

+		// For mutations only render sql for a single role from the request
 		if mutation && len(c.req.role) != 0 && role.Name != c.req.role {
 			continue
 		}

-		if i > 0 {
-			qc, err = qcompile.Compile(gql, role.Name)
-			if err != nil {
-				return nil, err
+		qc, err = qcompile.Compile(gql, role.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		if conf.Production && role.Name == "anon" {
+			if _, ok := role.tablesMap[qc.Selects[0].Table]; !ok {
+				continue
 			}
 		}

--- a/serv/reload.go
+++ b/serv/reload.go
@ -108,7 +108,7 @@ func Do(log func(string, ...interface{}), additional ...dir) error {
 				// Ensure that we use the correct events, as they are not uniform across
 				// platforms. See https://github.com/fsnotify/fsnotify/issues/74

-				if conf.UseAllowList == false && strings.HasSuffix(event.Name, "/allow.list") {
+				if conf.Production == false && strings.HasSuffix(event.Name, "/allow.list") {
 					continue
 				}