Define createBrandedValue method
#11
Conversation
Because it can lead to inconsistencies when two package managers are used. From `yarn` log: "package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json"
|
@Pl217 Have you got an associated PR for |
I'm still working on that one. Since it requires much more changes and diligence, I pushed this PR and hpc-api related PR, which were already done - UN-OCHA/hpc-api#21 |
Pl217
force-pushed
the
HPC-7904
branch
2 times, most recently
from
50195d2
to
46988da
Compare
There was a problem hiding this comment.
There seem to be quite a few things that you've moved over here that I would have preferred for us to keep out of this codebase completely, in particular:
- legacy auth related stuff
- restify/hapi-specific implementation details / request objects, where i think we can do a much better job of abstracting out the concrete interfaces that the library actually needs to use.
Let's have a call to discuss what I have in mind.
src/auth/role.data.ts
Outdated
| * | ||
| * @deprecated | ||
| */ | ||
| export const ROLES = [ |
There was a problem hiding this comment.
hmm.
While I appreciate why you moved this module over, it' very much an artifact of the previous authentication system, and we probably don't want to move it over at all. (I probably named it in a confusing way, apologies about that). The way it handles the concept of roles is very different from roles.ts where the roles are expressed as code rather than data in the database. This file is effectively a hard-coded snapshot of the expected roles from the old auth system from the database.
src/db/index.ts
Outdated
| participantRole: participantRole(conn), | ||
| role: role(conn), | ||
| rolePermittedAction: rolePermittedAction(conn), |
There was a problem hiding this comment.
we don't want to port these models as they are from the legacy authentication system that we're phasing out
src/Request.ts
Outdated
| import * as hapi from '@hapi/hapi'; | ||
| import * as restify from 'restify'; | ||
|
|
||
| interface ExpandedRequest { |
There was a problem hiding this comment.
Hmm this class also feels like something that's a little too specific to the way that we expect requests to be constructed for restify using our middlewear in hpc_service only, and not something that feels generally applicable for the legacy and new API.
The general library should not need to be aware of specific implementations / libraries that we're using to implement the rest API servers (and therefore should not need to have any restify / hapi types included at all). Instead, any interfaces should only really include stuff that's common across both usages.
src/Context.ts
Outdated
| export default interface Context { | ||
| connection: Knex<any, unknown[]>; | ||
| config: Config; | ||
| request: Request; |
There was a problem hiding this comment.
i would not pass the raw request as part of the context. for the boundary of this library (i.e. the data that we'll be giving to this library in any functions that we call), we'd need the data to already be abstracted in a way that is general and useful for the library to use. the library shouldn't need to know that it's supporting a request for restify, hapi, whatever etc... all it should know is, this is how i log stuff, this is my database connection, etc...
src/auth/index.ts
Outdated
| * they can be added to this file and avoid the need for a migration or | ||
| * modifying roles in any way. | ||
| */ | ||
| type ExtendedPermittedAction = PermittedActionIdString | perms.GlobalPermission; |
There was a problem hiding this comment.
we don't want to include any of the legacy auth stuff in what we port over.
src/auth/index.ts
Outdated
| const addLegacyPermissions = async () => { | ||
| const globallyPermitted = await getLegacyGloballyPermittedActions(context); | ||
| if (globallyPermitted.size === 0) { | ||
| return; | ||
| } | ||
| allowed.global = allowed.global || new Set(); | ||
| for (const permission of globallyPermitted) { | ||
| allowed.global.add(permission); | ||
| } | ||
| }; |
There was a problem hiding this comment.
this we will want to keep in hpc_service only, to support the endpoints that haven't been updated to use the new auth system only.
src/db/util/index.ts
Outdated
| * Take a collection of objects, | ||
| * and create a map of them, using aparticular property as the key | ||
| */ | ||
| export const organizeObjectsByUniqueProperty = <I, P extends keyof I>( |
There was a problem hiding this comment.
this function can apply more generally than jsut db related actions, so should probably live in a module in src/util instead.
src/db/util/async.ts
Outdated
| * This function takes advantage of the NodeJS single-threaded concurrency model | ||
| * to group multiple requests together using `setImmediate`. | ||
| */ | ||
| export const createGroupableAsyncFunction = < |
There was a problem hiding this comment.
this function can apply more generally than jsut db related actions, so should probably live in a module in src/util/async instead.
src/logging/log.ts
Outdated
| /** | ||
| * Use of `any` in this module is generally deliberate to help with generics | ||
| */ | ||
| import bunyan = require('bunyan'); |
There was a problem hiding this comment.
It may be smarter to just expose an interface that can be served by bunyan, rather than adding bunyan as a direct dependency. i.e. port over LogContext etc... but the actual implementation for the logging can still be specific to the environment (i.e. hpc_service, hpc-api) etc... Which will give a bit more flexibility in terms of dependencies on these libraries, where hpc-api will likely be a bit more flexible.
src/util/error.ts
Outdated
| private readonly body: ErrorBody; | ||
| private readonly statusCode: StatusCode; | ||
|
|
||
| constructor(message: string, namespace?: string, originalError?: Error) { |
There was a problem hiding this comment.
let's completely get rid of the concept of namespace while we're at it. It causes our error + endpoint code to be so messy, and should be completely done for us automatically by the way of including stacktraces in our error logging.
s0
added
the
needs major changes
Since `husky` got updated to v7 major version, `.husky/.gitignore` can be removed now.
|
Let's still keep the useful bits of this PR. There are some maintenance commits which I would like to keep and also define |
Pl217
added
ready for review
Pl217
changed the title
createBrandedValue method
Move (and adapt) authentication and logging related code to the core repository, where both new (https://github.com/UN-OCHA/hpc-api) and old (https://github.com/UN-OCHA/hpc_service) APIs can use it.This PR is repurposed to do some basic codebase maintenance and define
createBrandedValuemethod needed for https://github.com/UN-OCHA/hpc_service/pull/2356