github_mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2025-01-23 06:00:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: implicit app permissions bug

Browse Source
This commit is contained in:
KernelDeimos 2024-08-19 00:58:19 -04:00
parent 48fea77a20
commit 6b4a19e12a
4 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/backend/src/services/auth/PermissionService.js
View File

@ -24,6 +24,7 @@ const {
const { get_user, get_app } = require("../../helpers");
const { AssignableMethodsFeature } = require("../../traits/AssignableMethodsFeature");
const { Context } = require("../../util/context");
const { get_a_letter, cylog } = require("../../util/debugutil");
const BaseService = require("../BaseService");
const { DB_WRITE } = require("../database/consts");
const { UserActorType, Actor, AppUnderUserActorType, AccessTokenActorType, SiteActorType } = require("./Actor");
@ -220,6 +221,10 @@ class PermissionService extends BaseService {
if ( ! Array.isArray(permission_options) ) {
permission_options = [permission_options];
}
// TODO: command to enable these logs
// const l = get_a_letter();
// cylog(l, 'ACT & PERM:', actor.uid, permission_options);
const start_ts = Date.now();
await require('../../structured/sequence/scan-permission')
@ -229,6 +234,10 @@ class PermissionService extends BaseService {
reading,
});
const end_ts = Date.now();
// TODO: command to enable these logs
// cylog(l, 'READING', JSON.stringify(reading, null, ' '));
reading.push({
$: 'time',
value: end_ts - start_ts,

7
src/backend/src/structured/sequence/scan-permission.js
View File

@ -56,7 +56,12 @@ module.exports = new Sequence([
}
},
async function explode_permission (a) {
const { reading, permission_options } = a.values();
let { reading, permission_options } = a.values();
// VERY nasty bugs can happen if this array is not cloned!
// (this was learned the hard way)
permission_options = [...permission_options];
for ( let i=0 ; i < permission_options.length ; i++ ) {
const permission = permission_options[i];
permission_options[i] =

19
src/backend/src/unstructured/permission-scanners.js
View File

@ -213,15 +213,22 @@ const PERMISSION_SCANNERS = [
const app_uid = actor.type.app.uid;
const issuer_actor = actor.get_related_actor(UserActorType);
const issuer_reading = await a.icall('scan', issuer_actor, permission_options);
for ( const permission of permission_options ) {
{
const implied = default_implicit_user_app_permissions[permission];
if ( implied ) {
reading.push({
$: 'option',
source: 'implied',
$: 'path',
permission,
source: 'user-app-implied',
by: 'user-app-hc-1',
data: implied,
issuer_username: actor.type.user.username,
reading: issuer_reading,
});
}
} {
@ -233,11 +240,13 @@ const PERMISSION_SCANNERS = [
}
if ( implicit_permissions[permission] ) {
reading.push({
$: 'option',
$: 'path',
permission,
source: 'implied',
source: 'user-app-implied',
by: 'user-app-hc-2',
data: implicit_permissions[permission],
issuer_username: actor.type.user.username,
reading: issuer_reading,
});
}
}
@ -246,7 +255,7 @@ const PERMISSION_SCANNERS = [
let sql_perm = permission_options.map(() =>
`\`permission\` = ?`).join(' OR ');
if ( permission_options.length > 1 ) sql_perm = '(' + sql_perm + ')';
// SELECT permission
const rows = await db.read(
'SELECT * FROM `user_to_app_permissions` ' +

17
src/backend/src/util/debugutil.js Normal file
View File

@ -0,0 +1,17 @@
const LETTERS = ['A','B','C','D','E','F','G','H','I','J','K','L','M','N'];
let curr_letter_ = 0;
const ind = () => {
let v = curr_letter_;
curr_letter_++;
curr_letter_ = curr_letter_ % LETTERS.length;
return v;
};
module.exports = {
get_a_letter: () => LETTERS[ind()],
cylog: (...a) => {
console.log(`\x1B[36;1m`, ...a);
}
};