mirror of
https://github.com/EchoVault/SugarDB.git
synced 2025-10-22 15:39:24 +08:00
Removed IncludedKeys property on user. Keys that are included in both read and write keys will be considered RW
This commit is contained in:
Kelvin Clement Mwinuka
@@ -341,26 +341,15 @@ func (acl *ACL) AuthorizeConnection(conn *net.Conn, cmd []string, command utils.
|
||||
return nil
|
||||
}
|
||||
|
||||
if len(keys) > 0 {
|
||||
// 7. Check if nokeys is true
|
||||
if len(keys) > 0 && connection.User.NoKeys {
|
||||
if connection.User.NoKeys {
|
||||
return errors.New("not authorised to access any keys")
|
||||
}
|
||||
|
||||
// 8. Check if keys are in IncludedKeys
|
||||
if len(keys) > 0 && !slices.ContainsFunc(keys, func(key string) bool {
|
||||
return slices.ContainsFunc(connection.User.IncludedKeys, func(includedKeyGlob string) bool {
|
||||
if acl.GlobPatterns[includedKeyGlob].Match(key) {
|
||||
return true
|
||||
}
|
||||
notAllowed = append(notAllowed, fmt.Sprintf("%s~%s", "%RW", key))
|
||||
return false
|
||||
})
|
||||
}) {
|
||||
return fmt.Errorf("not authorised to access the following keys %+v", notAllowed)
|
||||
}
|
||||
|
||||
// 9. If @read is in the list of categories, check if keys are in IncludedReadKeys
|
||||
if len(keys) > 0 && slices.Contains(categories, utils.ReadCategory) && !slices.ContainsFunc(keys, func(key string) bool {
|
||||
// 8. If @read is in the list of categories, check if keys are in IncludedReadKeys
|
||||
if slices.Contains(categories, utils.ReadCategory) {
|
||||
if !slices.ContainsFunc(keys, func(key string) bool {
|
||||
return slices.ContainsFunc(connection.User.IncludedReadKeys, func(readKeyGlob string) bool {
|
||||
if acl.GlobPatterns[readKeyGlob].Match(key) {
|
||||
return true
|
||||
@@ -371,9 +360,11 @@ func (acl *ACL) AuthorizeConnection(conn *net.Conn, cmd []string, command utils.
|
||||
}) {
|
||||
return fmt.Errorf("not authorised to access the following keys %+v", notAllowed)
|
||||
}
|
||||
}
|
||||
|
||||
// 10. If @write is in the list of categories, check if keys are in IncludedWriteKeys
|
||||
if len(keys) > 0 && slices.Contains(categories, utils.WriteCategory) && !slices.ContainsFunc(keys, func(key string) bool {
|
||||
// 9. If @write is in the list of categories, check if keys are in IncludedWriteKeys
|
||||
if slices.Contains(categories, utils.WriteCategory) {
|
||||
if !slices.ContainsFunc(keys, func(key string) bool {
|
||||
return slices.ContainsFunc(connection.User.IncludedWriteKeys, func(writeKeyGlob string) bool {
|
||||
if acl.GlobPatterns[writeKeyGlob].Match(key) {
|
||||
return true
|
||||
@@ -384,6 +375,8 @@ func (acl *ACL) AuthorizeConnection(conn *net.Conn, cmd []string, command utils.
|
||||
}) {
|
||||
return fmt.Errorf("not authorised to access the following keys %+v", notAllowed)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -395,7 +388,6 @@ func (acl *ACL) CompileGlobs() {
|
||||
for _, user := range acl.Users {
|
||||
userGlobs = append(userGlobs, user.IncludedPubSubChannels...)
|
||||
userGlobs = append(userGlobs, user.ExcludedPubSubChannels...)
|
||||
userGlobs = append(userGlobs, user.IncludedKeys...)
|
||||
userGlobs = append(userGlobs, user.IncludedReadKeys...)
|
||||
userGlobs = append(userGlobs, user.IncludedWriteKeys...)
|
||||
for _, g := range userGlobs {
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"net"
|
||||
"os"
|
||||
"path"
|
||||
"slices"
|
||||
"strings"
|
||||
)
|
||||
|
||||
@@ -127,17 +128,25 @@ func handleGetUser(ctx context.Context, cmd []string, server utils.Server, conn
|
||||
}
|
||||
|
||||
// keys
|
||||
res = res + fmt.Sprintf("\r\n+keys\r\n*%d",
|
||||
len(user.IncludedKeys)+len(user.IncludedReadKeys)+len(user.IncludedWriteKeys))
|
||||
for _, key := range user.IncludedKeys {
|
||||
res = res + fmt.Sprintf("\r\n+%s~%s", "%RW", key)
|
||||
allKeys := user.IncludedReadKeys
|
||||
for _, key := range user.IncludedWriteKeys {
|
||||
if !slices.Contains(allKeys, key) {
|
||||
allKeys = append(allKeys, key)
|
||||
}
|
||||
}
|
||||
res = res + fmt.Sprintf("\r\n+keys\r\n*%d", len(allKeys))
|
||||
for _, key := range user.IncludedReadKeys {
|
||||
if slices.Contains(user.IncludedWriteKeys, key) {
|
||||
res = res + fmt.Sprintf("\r\n+%s~%s", "%RW", key)
|
||||
continue
|
||||
}
|
||||
res = res + fmt.Sprintf("\r\n+%s~%s", "%R", key)
|
||||
}
|
||||
for _, key := range user.IncludedWriteKeys {
|
||||
if !slices.Contains(user.IncludedReadKeys, key) {
|
||||
res = res + fmt.Sprintf("\r\n+%s~%s", "%W", key)
|
||||
}
|
||||
}
|
||||
|
||||
// channels
|
||||
res = res + fmt.Sprintf("\r\n+channels\r\n*%d",
|
||||
@@ -149,9 +158,6 @@ func handleGetUser(ctx context.Context, cmd []string, server utils.Server, conn
|
||||
res = res + fmt.Sprintf("\r\n+-&%s", channel)
|
||||
}
|
||||
|
||||
// Test arrays to remove later
|
||||
res = res + fmt.Sprintf("\r\n")
|
||||
|
||||
res += "\r\n\r\n"
|
||||
|
||||
return []byte(res), nil
|
||||
@@ -331,18 +337,20 @@ func handleList(ctx context.Context, cmd []string, server utils.Server, conn *ne
|
||||
}
|
||||
s += fmt.Sprintf(" -%s", command)
|
||||
}
|
||||
// Included keys
|
||||
for _, key := range user.IncludedKeys {
|
||||
s += fmt.Sprintf(" %s~%s", "%RW", key)
|
||||
}
|
||||
// Included read keys
|
||||
for _, key := range user.IncludedReadKeys {
|
||||
if slices.Contains(user.IncludedWriteKeys, key) {
|
||||
s += fmt.Sprintf(" %s~%s", "%RW", key)
|
||||
continue
|
||||
}
|
||||
s += fmt.Sprintf(" %s~%s", "%R", key)
|
||||
}
|
||||
// Included write keys
|
||||
for _, key := range user.IncludedReadKeys {
|
||||
if !slices.Contains(user.IncludedReadKeys, key) {
|
||||
s += fmt.Sprintf(" %s~%s", "%W", key)
|
||||
}
|
||||
}
|
||||
// Included Pub/Sub channels
|
||||
for _, channel := range user.IncludedPubSubChannels {
|
||||
s += fmt.Sprintf(" +&%s", channel)
|
||||
|
||||
@@ -25,7 +25,6 @@ type User struct {
|
||||
IncludedCommands []string `json:"IncludedCommands" yaml:"IncludedCommands"`
|
||||
ExcludedCommands []string `json:"ExcludedCommands" yaml:"ExcludedCommands"`
|
||||
|
||||
IncludedKeys []string `json:"IncludedKeys" yaml:"IncludedKeys"`
|
||||
IncludedReadKeys []string `json:"IncludedReadKeys" yaml:"IncludedReadKeys"`
|
||||
IncludedWriteKeys []string `json:"IncludedWriteKeys" yaml:"IncludedWriteKeys"`
|
||||
|
||||
@@ -49,10 +48,6 @@ func (user *User) Normalise() {
|
||||
user.IncludedCommands = []string{}
|
||||
}
|
||||
|
||||
user.IncludedKeys = RemoveDuplicateEntries(user.IncludedKeys, "allKeys")
|
||||
if len(user.IncludedKeys) == 0 && !user.NoKeys {
|
||||
user.IncludedKeys = []string{"*"}
|
||||
}
|
||||
user.IncludedReadKeys = RemoveDuplicateEntries(user.IncludedReadKeys, "allKeys")
|
||||
if len(user.IncludedReadKeys) == 0 && !user.NoKeys {
|
||||
user.IncludedReadKeys = []string{"*"}
|
||||
@@ -149,19 +144,15 @@ func (user *User) UpdateUser(cmd []string) error {
|
||||
}
|
||||
// Parse keys
|
||||
if strings.EqualFold(str, "allKeys") {
|
||||
user.IncludedKeys = []string{"*"}
|
||||
user.IncludedReadKeys = []string{"*"}
|
||||
user.IncludedWriteKeys = []string{"*"}
|
||||
user.NoKeys = false
|
||||
continue
|
||||
}
|
||||
if len(str) > 1 && str[0] == '~' {
|
||||
user.IncludedKeys = append(user.IncludedKeys, str[1:])
|
||||
user.NoKeys = false
|
||||
continue
|
||||
}
|
||||
if len(str) > 4 && strings.EqualFold(str[0:4], "%RW~") {
|
||||
user.IncludedKeys = append(user.IncludedKeys, str[4:])
|
||||
if (len(str) > 1 && str[0] == '~') || len(str) > 4 && strings.EqualFold(str[0:4], "%RW~") {
|
||||
startIndex := strings.Index(str, "~") + 1
|
||||
user.IncludedReadKeys = append(user.IncludedReadKeys, str[startIndex:])
|
||||
user.IncludedWriteKeys = append(user.IncludedWriteKeys, str[startIndex:])
|
||||
user.NoKeys = false
|
||||
continue
|
||||
}
|
||||
@@ -226,7 +217,6 @@ func (user *User) UpdateUser(cmd []string) error {
|
||||
}
|
||||
// If resetkeys is provided, reset all keys that the user can access
|
||||
if strings.EqualFold(str, "resetkeys") {
|
||||
user.IncludedKeys = []string{}
|
||||
user.IncludedReadKeys = []string{}
|
||||
user.IncludedWriteKeys = []string{}
|
||||
user.NoKeys = true
|
||||
@@ -248,7 +238,6 @@ func (user *User) Merge(new *User) {
|
||||
user.ExcludedCategories = append(user.ExcludedCategories, new.ExcludedCategories...)
|
||||
user.IncludedCommands = append(user.IncludedCommands, new.IncludedCommands...)
|
||||
user.ExcludedCommands = append(user.ExcludedCommands, new.ExcludedCommands...)
|
||||
user.IncludedKeys = append(user.IncludedKeys, new.IncludedKeys...)
|
||||
user.IncludedReadKeys = append(user.IncludedReadKeys, new.IncludedReadKeys...)
|
||||
user.IncludedWriteKeys = append(user.IncludedWriteKeys, new.IncludedWriteKeys...)
|
||||
user.IncludedPubSubChannels = append(user.IncludedPubSubChannels, new.IncludedPubSubChannels...)
|
||||
@@ -265,7 +254,6 @@ func (user *User) Replace(new *User) {
|
||||
user.ExcludedCategories = new.ExcludedCategories
|
||||
user.IncludedCommands = new.IncludedCommands
|
||||
user.ExcludedCommands = new.ExcludedCommands
|
||||
user.IncludedKeys = new.IncludedKeys
|
||||
user.IncludedReadKeys = new.IncludedReadKeys
|
||||
user.IncludedWriteKeys = new.IncludedWriteKeys
|
||||
user.IncludedPubSubChannels = new.IncludedPubSubChannels
|
||||
@@ -282,7 +270,6 @@ func CreateUser(username string) *User {
|
||||
ExcludedCategories: []string{},
|
||||
IncludedCommands: []string{},
|
||||
ExcludedCommands: []string{},
|
||||
IncludedKeys: []string{},
|
||||
IncludedReadKeys: []string{},
|
||||
IncludedWriteKeys: []string{},
|
||||
IncludedPubSubChannels: []string{},
|
||||
|
||||
@@ -25,6 +25,6 @@ const (
|
||||
)
|
||||
|
||||
const (
|
||||
OK_RESPONSE = "+OK\r\n\n"
|
||||
OK_RESPONSE = "+OK\r\n\r\n"
|
||||
WRONG_ARGS_RESPONSE = "wrong number of arguments"
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user