Skip to content

Commit 51f5cdb

Browse files
penbergpenberg
committed
dummy authorizer
1 parent 24e74e8 commit 51f5cdb

6 files changed

Lines changed: 125 additions & 7 deletions

File tree

index.d.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ export declare class SqliteError {
1717
code: string
1818
rawCode: number
1919
}
20-
export declare class AuthorizerArgs { }
2120
export declare class Database {
2221
constructor(path: string, opts?: Options | undefined | null)
2322
get memory(): boolean
@@ -28,6 +27,7 @@ export declare class Database {
2827
function(): void
2928
aggregate(): void
3029
table(): void
30+
authorizer(): void
3131
loadExtension(path: string): void
3232
maxWriteReplicationIndex(): void
3333
exec(sql: string): void

index.js

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -310,10 +310,9 @@ if (!nativeBinding) {
310310
throw new Error(`Failed to load native binding`)
311311
}
312312

313-
const { SqliteError, AuthorizerArgs, Database, databasePrepareSync, Statement, RowsIterator } = nativeBinding
313+
const { SqliteError, Database, databasePrepareSync, Statement, RowsIterator } = nativeBinding
314314

315315
module.exports.SqliteError = SqliteError
316-
module.exports.AuthorizerArgs = AuthorizerArgs
317316
module.exports.Database = Database
318317
module.exports.databasePrepareSync = databasePrepareSync
319318
module.exports.Statement = Statement

promise.js

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
const { Database: NativeDb } = require("./index.js");
44
const SqliteError = require("./sqlite-error.js");
5+
const Authorization = require("./auth");
56

67
function convertError(err) {
78
// Handle errors from Rust with JSON-encoded message
@@ -138,6 +139,14 @@ class Database {
138139
throw new Error("not implemented");
139140
}
140141

142+
authorizer(rules) {
143+
try {
144+
this.db.authorizer(rules);
145+
} catch (err) {
146+
throw convertError(err);
147+
}
148+
}
149+
141150
loadExtension(...args) {
142151
throw new Error("not implemented");
143152
}
@@ -304,4 +313,4 @@ class Statement {
304313
}
305314

306315
module.exports = Database;
307-
module.exports.SqliteError = SqliteError;
316+
module.exports.SqliteError = SqliteError;

src/auth.rs

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
use tracing::trace;
2+
3+
use std::collections::HashSet;
4+
5+
pub struct AuthorizerBuilder {
6+
allow_list: HashSet<String>,
7+
deny_list: HashSet<String>,
8+
}
9+
10+
impl AuthorizerBuilder {
11+
pub fn new() -> Self {
12+
Self {
13+
allow_list: HashSet::new(),
14+
deny_list: HashSet::new(),
15+
}
16+
}
17+
18+
pub fn allow(&mut self, table: &str) -> &mut Self {
19+
self.allow_list.insert(table.to_string());
20+
self
21+
}
22+
23+
pub fn deny(&mut self, table: &str) -> &mut Self {
24+
self.deny_list.insert(table.to_string());
25+
self
26+
}
27+
28+
pub fn build(self) -> Authorizer {
29+
Authorizer::new(self.allow_list, self.deny_list)
30+
}
31+
}
32+
33+
pub struct Authorizer {
34+
allow_list: HashSet<String>,
35+
deny_list: HashSet<String>,
36+
}
37+
38+
impl Authorizer {
39+
pub fn new(allow_list: HashSet<String>, deny_list: HashSet<String>) -> Self {
40+
Self {
41+
allow_list,
42+
deny_list,
43+
}
44+
}
45+
46+
pub fn authorize(&self, ctx: &libsql::AuthContext) -> libsql::Authorization {
47+
use libsql::AuthAction;
48+
let ret = match ctx.action {
49+
AuthAction::Unknown { .. } => libsql::Authorization::Deny,
50+
AuthAction::CreateIndex { table_name, .. } => self.authorize_table(table_name),
51+
AuthAction::CreateTable { table_name, .. } => self.authorize_table(table_name),
52+
AuthAction::CreateTempIndex { table_name, .. } => self.authorize_table(table_name),
53+
AuthAction::CreateTempTable { table_name, .. } => self.authorize_table(table_name),
54+
AuthAction::CreateTempTrigger { table_name, .. } => self.authorize_table(table_name),
55+
AuthAction::CreateTempView { .. } => libsql::Authorization::Deny,
56+
AuthAction::CreateTrigger { table_name, .. } => self.authorize_table(table_name),
57+
AuthAction::CreateView { .. } => libsql::Authorization::Deny,
58+
AuthAction::Delete { table_name, .. } => self.authorize_table(table_name),
59+
AuthAction::DropIndex { table_name, .. } => self.authorize_table(table_name),
60+
AuthAction::DropTable { table_name, .. } => self.authorize_table(table_name),
61+
AuthAction::DropTempIndex { table_name, .. } => self.authorize_table(table_name),
62+
AuthAction::DropTempTable { table_name, .. } => self.authorize_table(table_name),
63+
AuthAction::DropTempTrigger { table_name, .. } => self.authorize_table(table_name),
64+
AuthAction::DropTempView { .. } => libsql::Authorization::Deny,
65+
AuthAction::DropTrigger { .. } => libsql::Authorization::Deny,
66+
AuthAction::DropView { .. } => libsql::Authorization::Deny,
67+
AuthAction::Insert { table_name, .. } => self.authorize_table(table_name),
68+
AuthAction::Pragma { .. } => libsql::Authorization::Deny,
69+
AuthAction::Read { table_name, .. } => self.authorize_table(table_name),
70+
AuthAction::Select { .. } => libsql::Authorization::Allow,
71+
AuthAction::Transaction { .. } => libsql::Authorization::Deny,
72+
AuthAction::Update { table_name, .. } => self.authorize_table(table_name),
73+
AuthAction::Attach { .. } => libsql::Authorization::Deny,
74+
AuthAction::Detach { .. } => libsql::Authorization::Deny,
75+
AuthAction::AlterTable { table_name, .. } => self.authorize_table(table_name),
76+
AuthAction::Reindex { .. } => libsql::Authorization::Deny,
77+
AuthAction::Analyze { .. } => libsql::Authorization::Deny,
78+
AuthAction::CreateVtable { .. } => libsql::Authorization::Deny,
79+
AuthAction::DropVtable { .. } => libsql::Authorization::Deny,
80+
AuthAction::Function { .. } => libsql::Authorization::Deny,
81+
AuthAction::Savepoint { .. } => libsql::Authorization::Deny,
82+
AuthAction::Recursive { .. } => libsql::Authorization::Deny,
83+
};
84+
trace!("authorize(ctx = {:?}) -> {:?}", ctx, ret);
85+
ret
86+
}
87+
88+
fn authorize_table(&self, table: &str) -> libsql::Authorization {
89+
if self.deny_list.contains(table) {
90+
return libsql::Authorization::Deny;
91+
}
92+
if self.allow_list.contains(table) {
93+
return libsql::Authorization::Allow;
94+
}
95+
libsql::Authorization::Deny
96+
}
97+
}

src/lib.rs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
#![allow(non_snake_case)]
33
#![allow(deprecated)]
44

5+
mod auth;
6+
57
#[macro_use]
68
extern crate napi_derive;
79

@@ -156,9 +158,6 @@ impl From<libsql::Error> for Error {
156158
}
157159
}
158160

159-
#[napi]
160-
struct AuthorizerArgs;
161-
162161
#[napi]
163162
pub struct Database {
164163
path: String,
@@ -281,6 +280,11 @@ impl Database {
281280
todo!();
282281
}
283282

283+
#[napi]
284+
pub fn authorizer(&self) -> Result<()> {
285+
return Ok(());
286+
}
287+
284288
#[napi]
285289
pub fn loadExtension(&self, _path: String) -> Result<()> {
286290
todo!();

wrapper.js

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
const { Database: NativeDb, databasePrepareSync } = require("./index.js");
44
const SqliteError = require("./sqlite-error.js");
5+
const Authorization = require("./auth");
56

67
function convertError(err) {
78
// Handle errors from Rust with JSON-encoded message
@@ -138,6 +139,14 @@ class Database {
138139
throw new Error("not implemented");
139140
}
140141

142+
authorizer(rules) {
143+
try {
144+
this.db.authorizer(rules);
145+
} catch (err) {
146+
throw convertError(err);
147+
}
148+
}
149+
141150
loadExtension(...args) {
142151
throw new Error("not implemented");
143152
}

0 commit comments

Comments
 (0)