Add pagination using opaque cursors
This commit is contained in:
Vikram Rangnekar
20
serv/cmd.go
20
serv/cmd.go
@ -29,15 +29,17 @@ var (
|
||||
)
|
||||
|
||||
var (
|
||||
logger zerolog.Logger // logger for everything but errors
|
||||
errlog zerolog.Logger // logger for errors includes line numbers
|
||||
conf *config // parsed config
|
||||
confPath string // path to the config file
|
||||
db *pgxpool.Pool // database connection pool
|
||||
schema *psql.DBSchema // database tables, columns and relationships
|
||||
allowList *allow.List // allow.list is contains queries allowed in production
|
||||
qcompile *qcode.Compiler // qcode compiler
|
||||
pcompile *psql.Compiler // postgres sql compiler
|
||||
logger zerolog.Logger // logger for everything but errors
|
||||
errlog zerolog.Logger // logger for errors includes line numbers
|
||||
conf *config // parsed config
|
||||
confPath string // path to the config file
|
||||
db *pgxpool.Pool // database connection pool
|
||||
schema *psql.DBSchema // database tables, columns and relationships
|
||||
allowList *allow.List // allow.list is contains queries allowed in production
|
||||
qcompile *qcode.Compiler // qcode compiler
|
||||
pcompile *psql.Compiler // postgres sql compiler
|
||||
secretKey [32]byte // encryption key
|
||||
internalKey [32]byte // encryption key used for internal needs
|
||||
)
|
||||
|
||||
func Cmd() {
|
||||
|
||||
@ -19,6 +19,7 @@ func cmdServ(cmd *cobra.Command, args []string) {
|
||||
fatalInProd(err, "failed to connect to database")
|
||||
}
|
||||
|
||||
initCrypto()
|
||||
initCompiler()
|
||||
initResolvers()
|
||||
initAllowList(confPath)
|
||||
|
||||
@ -30,6 +30,7 @@ type config struct {
|
||||
AuthFailBlock bool `mapstructure:"auth_fail_block"`
|
||||
SeedFile string `mapstructure:"seed_file"`
|
||||
MigrationsPath string `mapstructure:"migrations_path"`
|
||||
SecretKey string `mapstructure:"secret_key"`
|
||||
|
||||
Inflections map[string]string
|
||||
|
||||
|
||||
@ -13,6 +13,7 @@ import (
|
||||
"github.com/cespare/xxhash/v2"
|
||||
"github.com/dosco/super-graph/allow"
|
||||
"github.com/dosco/super-graph/qcode"
|
||||
|
||||
"github.com/jackc/pgx/v4"
|
||||
"github.com/valyala/fasttemplate"
|
||||
)
|
||||
@ -241,6 +242,10 @@ func (c *coreContext) resolveSQL() ([]byte, *stmt, error) {
|
||||
}
|
||||
}
|
||||
|
||||
if root, err = encryptCursor(st.qc, root); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
if allowList.IsPersist() {
|
||||
if err := allowList.Set(c.req.Vars, c.req.Query, c.req.ref); err != nil {
|
||||
return nil, nil, err
|
||||
|
||||
67
serv/cursor.go
Normal file
67
serv/cursor.go
Normal file
@ -0,0 +1,67 @@
|
||||
package serv
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/base64"
|
||||
|
||||
"github.com/dosco/super-graph/crypto"
|
||||
"github.com/dosco/super-graph/jsn"
|
||||
"github.com/dosco/super-graph/qcode"
|
||||
)
|
||||
|
||||
func encryptCursor(qc *qcode.QCode, data []byte) ([]byte, error) {
|
||||
var keys [][]byte
|
||||
|
||||
for _, s := range qc.Selects {
|
||||
if s.Paging.Type != qcode.PtOffset {
|
||||
var buf bytes.Buffer
|
||||
|
||||
buf.WriteString(s.FieldName)
|
||||
buf.WriteString("_cursor")
|
||||
keys = append(keys, buf.Bytes())
|
||||
}
|
||||
}
|
||||
|
||||
if len(keys) == 0 {
|
||||
return data, nil
|
||||
}
|
||||
|
||||
from := jsn.Get(data, keys)
|
||||
to := make([]jsn.Field, len(from))
|
||||
|
||||
for i, f := range from {
|
||||
to[i].Key = f.Key
|
||||
|
||||
if f.Value[0] < '0' || f.Value[0] > '9' {
|
||||
continue
|
||||
}
|
||||
|
||||
v, err := crypto.Encrypt(f.Value, &internalKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
buf.WriteByte('"')
|
||||
buf.WriteString(base64.StdEncoding.EncodeToString(v))
|
||||
buf.WriteByte('"')
|
||||
|
||||
to[i].Value = buf.Bytes()
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
|
||||
if err := jsn.Replace(&buf, data, from, to); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return buf.Bytes(), nil
|
||||
}
|
||||
|
||||
func decrypt(data string) ([]byte, error) {
|
||||
v, err := base64.StdEncoding.DecodeString(data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return crypto.Decrypt(v, &internalKey)
|
||||
}
|
||||
13
serv/init.go
13
serv/init.go
@ -2,10 +2,12 @@ package serv
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/dosco/super-graph/allow"
|
||||
"github.com/dosco/super-graph/crypto"
|
||||
"github.com/jackc/pgx/v4"
|
||||
"github.com/jackc/pgx/v4/pgxpool"
|
||||
"github.com/rs/zerolog"
|
||||
@ -163,3 +165,14 @@ func initAllowList(cpath string) {
|
||||
errlog.Fatal().Err(err).Msg("failed to initialize allow list")
|
||||
}
|
||||
}
|
||||
|
||||
func initCrypto() {
|
||||
if len(conf.SecretKey) != 0 {
|
||||
secretKey = sha256.Sum256([]byte(conf.SecretKey))
|
||||
conf.SecretKey = ""
|
||||
internalKey = secretKey
|
||||
|
||||
} else {
|
||||
internalKey = crypto.NewEncryptionKey()
|
||||
}
|
||||
}
|
||||
|
||||
@ -46,8 +46,9 @@ func initCompilers(c *config) (*qcode.Compiler, *psql.Compiler, error) {
|
||||
}
|
||||
|
||||
pc := psql.NewCompiler(psql.Config{
|
||||
Schema: schema,
|
||||
Vars: c.DB.Vars,
|
||||
Schema: schema,
|
||||
Decryptor: decrypt,
|
||||
Vars: c.DB.Vars,
|
||||
})
|
||||
|
||||
return qc, pc, nil
|
||||
|
||||
Reference in New Issue
Block a user