grapher/lib/exposure/exposure.js

import genCountEndpoint from '../query/counts/genEndpoint.server.js';
import createGraph from '../query/lib/createGraph.js';
import recursiveCompose from '../query/lib/recursiveCompose.js';
import hypernova from '../query/hypernova/hypernova.js';
import ExposureConfigSchema from './exposure.config.schema.js';
import enforceMaxDepth from './lib/enforceMaxDepth.js';
import enforceMaxLimit from './lib/enforceMaxLimit.js';
import cleanBody from './lib/cleanBody.js';
import deepClone from 'lodash.clonedeep';
import restrictFieldsFn from './lib/restrictFields.js';
import restrictLinks from './lib/restrictLinks.js';

let globalConfig = {};

export default class Exposure {
    static setConfig(config) {
        ExposureConfigSchema.clean(config);
        ExposureConfigSchema.validate(config);

        _.extend(globalConfig, config);
    }

    static getConfig() {
        return globalConfig;
    }

    static restrictFields(...args) {
        return restrictFieldsFn(...args);
    }

    constructor(collection, config = {}) {
        collection.__isExposedForGrapher = true;
        collection.__exposure = this;

        this.collection = collection;
        this.name = `exposure_${collection._name}`;

        this.config = config;
        this._validateAndClean();

        this.initSecurity();

        if (config.publication) {
            this.initPublication();
        }

        if (config.method) {
            this.initMethod();
        }

        if (!config.method && !config.publication) {
            throw new Meteor.Error('weird', 'If you want to expose your collection you need to specify at least one of ["method", "publication"] options to true')
        }

        this.initCountMethod();
        this.initCountPublication();
    }

    _validateAndClean() {
        if (typeof(this.config) === 'function') {
            const firewall = this.config;
            this.config = {firewall};
        }

        ExposureConfigSchema.clean(this.config);
        ExposureConfigSchema.validate(this.config);

        if (this.config.body) {
            ExposureConfigSchema.validateBody(this.collection, this.config.body);
        }

        this.config = _.extend({}, Exposure.getConfig(), this.config);
    }

    /**
     * Takes the body and intersects it with the exposure body, if it exists.
     *
     * @param body
     * @param userId
     * @returns {*}
     */
    getTransformedBody(body, userId) {
        if (!this.config.body) {
            return body;
        }

        const processedBody = this.getBody(userId);

        if (processedBody === true) {
            return;
        }

        return cleanBody(processedBody, body);
    }

    /**
     * Gets the exposure body
     */
    getBody(userId) {
        if (!this.config.body) {
            throw new Meteor.Error('missing-body', 'Cannot get exposure body because it was not defined.');
        }

        let body;
        if (_.isFunction(this.config.body)) {
            body = this.config.body.call(this, userId);
        } else {
            body = this.config.body;
        }

        // it means we allow everything, no need for cloning.
        if (body === true) {
            return true;
        }

        return deepClone(
            body,
            userId
        );
    }

    /**
     * Initializing the publication for reactive query fetching
     */
    initPublication() {
        const collection = this.collection;
        const config = this.config;
        const getTransformedBody = this.getTransformedBody.bind(this);

        Meteor.publishComposite(this.name, function (body) {
            let transformedBody = getTransformedBody(body);

            const rootNode = createGraph(collection, transformedBody);

            enforceMaxDepth(rootNode, config.maxDepth);
            restrictLinks(rootNode, this.userId);

            return recursiveCompose(rootNode, this.userId, {
                bypassFirewalls: !!config.body
            });
        });
    }

    /**
     * Initializez the method to retrieve the data via Meteor.call
     */
    initMethod() {
        const collection = this.collection;
        const config = this.config;
        const getTransformedBody = this.getTransformedBody.bind(this);

        const methodBody = function(body) {
            if (!config.blocking) {
                this.unblock();
            }

            let transformedBody = getTransformedBody(body);

            const rootNode = createGraph(collection, transformedBody);

            enforceMaxDepth(rootNode, config.maxDepth);
            restrictLinks(rootNode, this.userId);

            // if there is no exposure body defined, then we need to apply firewalls
            return hypernova(rootNode, this.userId, {
                bypassFirewalls: !!config.body
            });
        };

        Meteor.methods({
            [this.name]: methodBody
        });
    }

    /**
     * Initializes the method to retrieve the count of the data via Meteor.call
     * @returns {*}
     */
    initCountMethod() {
        const collection = this.collection;

        Meteor.methods({
            [this.name + '.count'](body) {
                this.unblock();

                return collection.find(body.$filters || {}, {}, this.userId).count();
            }
        })
    }

    /**
     * Initializes the reactive endpoint to retrieve the count of the data.
     */
    initCountPublication() {
        const collection = this.collection;

        genCountEndpoint(this.name, {
            getCursor(session) {
                return collection.find(session.filters, {
                    fields: {_id: 1},
                }, this.userId);
            },

            getSession(body) {
                return { filters: body.$filters || {} };
            },
        });
    }

    /**
     * Initializes security enforcement
     * THINK: Maybe instead of overriding .find, I could store this data of security inside the collection object.
     */
    initSecurity() {
        const collection = this.collection;
        const {firewall, maxLimit, restrictedFields} = this.config;
        const find = collection.find.bind(collection);
        const findOne = collection.findOne.bind(collection);

        collection.firewall = (filters, options, userId) => {
            if (userId !== undefined) {
                if (firewall) {
                    firewall.call({collection: collection}, filters, options, userId);
                }

                enforceMaxLimit(options, maxLimit);

                if (restrictedFields) {
                    Exposure.restrictFields(filters, options, restrictedFields);
                }
            }
        };

        collection.find = function (filters, options = {}, userId = undefined) {
            if (arguments.length == 0) {
                filters = {};
            }

            // If filters is undefined it should return an empty item
            if (arguments.length > 0 && filters === undefined) {
                return find(undefined, options);
            }

            collection.firewall(filters, options, userId);

            return find(filters, options);
        };

        collection.findOne = function (filters, options = {}, userId = undefined) {
            // If filters is undefined it should return an empty item
            if (arguments.length > 0 && filters === undefined) {
                return null;
            }

            if (typeof(filters) === 'string') {
                filters = {_id: filters};
            }

            collection.firewall(filters, options, userId);

            return findOne(filters, options);
        }
    }
};
reactive counts test 2017-11-25 14:45:31 +02:00			`import genCountEndpoint from '../query/counts/genEndpoint.server.js';`
initial commit 2016-09-14 16:04:08 +03:00			`import createGraph from '../query/lib/createGraph.js';`
			`import recursiveCompose from '../query/lib/recursiveCompose.js';`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`import hypernova from '../query/hypernova/hypernova.js';`
			`import ExposureConfigSchema from './exposure.config.schema.js';`
			`import enforceMaxDepth from './lib/enforceMaxDepth.js';`
			`import enforceMaxLimit from './lib/enforceMaxLimit.js';`
cleaned up files + fixed cleanup for body and + bump to 1.2.1 2016-10-23 20:02:44 +03:00			`import cleanBody from './lib/cleanBody.js';`
replaced cloneDeep with clonedeep due to travis failure 2017-11-26 23:02:26 +02:00			`import deepClone from 'lodash.clonedeep';`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`import restrictFieldsFn from './lib/restrictFields.js';`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00			`import restrictLinks from './lib/restrictLinks.js';`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00
			`let globalConfig = {};`
initial commit 2016-09-14 16:04:08 +03:00
			`export default class Exposure {`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`static setConfig(config) {`
			`ExposureConfigSchema.clean(config);`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00			`ExposureConfigSchema.validate(config);`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00
			`_.extend(globalConfig, config);`
			`}`

			`static getConfig() {`
			`return globalConfig;`
			`}`

			`static restrictFields(...args) {`
			`return restrictFieldsFn(...args);`
			`}`

			`constructor(collection, config = {}) {`
			`collection.__isExposedForGrapher = true;`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00			`collection.__exposure = this;`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00
initial commit 2016-09-14 16:04:08 +03:00			`this.collection = collection;`
			this.name = `exposure_${collection._name}`;

Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`this.config = config;`
			`this._validateAndClean();`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00
initial commit 2016-09-14 16:04:08 +03:00			`this.initSecurity();`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00
Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`if (config.publication) {`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00			`this.initPublication();`
			`}`

Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`if (config.method) {`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00			`this.initMethod();`
			`}`
added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00
Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`if (!config.method && !config.publication) {`
added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00			`throw new Meteor.Error('weird', 'If you want to expose your collection you need to specify at least one of ["method", "publication"] options to true')`
			`}`

			`this.initCountMethod();`
reactive counts test 2017-11-25 14:45:31 +02:00			`this.initCountPublication();`
initial commit 2016-09-14 16:04:08 +03:00			`}`

Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`_validateAndClean() {`
			`if (typeof(this.config) === 'function') {`
			`const firewall = this.config;`
			`this.config = {firewall};`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`}`

Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`ExposureConfigSchema.clean(this.config);`
			`ExposureConfigSchema.validate(this.config);`

			`if (this.config.body) {`
			`ExposureConfigSchema.validateBody(this.collection, this.config.body);`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`}`

Revert "update to aldeed:collectdion2-core and aldeed:node-simple-schema" 2017-03-02 10:43:47 +02:00			`this.config = _.extend({}, Exposure.getConfig(), this.config);`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`}`

added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`/**`
			`* Takes the body and intersects it with the exposure body, if it exists.`
			`*`
			`* @param body`
			`* @param userId`
			`* @returns {*}`
			`*/`
			`getTransformedBody(body, userId) {`
			`if (!this.config.body) {`
			`return body;`
			`}`

Fixed #100 - If body function returns true, allow all fields 2017-02-17 15:29:54 +02:00			`const processedBody = this.getBody(userId);`

			`if (processedBody === true) {`
			`return;`
			`}`

			`return cleanBody(processedBody, body);`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`}`

			`/**`
			`* Gets the exposure body`
			`*/`
			`getBody(userId) {`
			`if (!this.config.body) {`
added and cleaning options for the client, added .createNamedQuery at collection level, added more tests 2016-10-25 10:51:21 +03:00			`throw new Meteor.Error('missing-body', 'Cannot get exposure body because it was not defined.');`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`}`

Fixed #100 - If body function returns true, allow all fields 2017-02-17 15:29:54 +02:00			`let body;`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`if (_.isFunction(this.config.body)) {`
Fixed #100 - If body function returns true, allow all fields 2017-02-17 15:29:54 +02:00			`body = this.config.body.call(this, userId);`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`} else {`
Fixed #100 - If body function returns true, allow all fields 2017-02-17 15:29:54 +02:00			`body = this.config.body;`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`}`
Fixed #100 - If body function returns true, allow all fields 2017-02-17 15:29:54 +02:00
			`// it means we allow everything, no need for cloning.`
			`if (body === true) {`
			`return true;`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`}`
Fixed #100 - If body function returns true, allow all fields 2017-02-17 15:29:54 +02:00
			`return deepClone(`
			`body,`
			`userId`
			`);`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`}`

updating reducer implementation 2016-11-18 18:33:21 +02:00			`/**`
			`* Initializing the publication for reactive query fetching`
			`*/`
initial commit 2016-09-14 16:04:08 +03:00			`initPublication() {`
			`const collection = this.collection;`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`const config = this.config;`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`const getTransformedBody = this.getTransformedBody.bind(this);`
initial commit 2016-09-14 16:04:08 +03:00
			`Meteor.publishComposite(this.name, function (body) {`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`let transformedBody = getTransformedBody(body);`
cleaned up files + fixed cleanup for body and + bump to 1.2.1 2016-10-23 20:02:44 +03:00
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`const rootNode = createGraph(collection, transformedBody);`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00
			`enforceMaxDepth(rootNode, config.maxDepth);`
			`restrictLinks(rootNode, this.userId);`

added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`return recursiveCompose(rootNode, this.userId, {`
			`bypassFirewalls: !!config.body`
			`});`
initial commit 2016-09-14 16:04:08 +03:00			`});`
			`}`

updating reducer implementation 2016-11-18 18:33:21 +02:00			`/**`
			`* Initializez the method to retrieve the data via Meteor.call`
			`*/`
initial commit 2016-09-14 16:04:08 +03:00			`initMethod() {`
			`const collection = this.collection;`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`const config = this.config;`
added body to exposure that will intersect with actual request, + made body immutable + some cleanups 2016-10-19 15:22:50 +03:00			`const getTransformedBody = this.getTransformedBody.bind(this);`
initial commit 2016-09-14 16:04:08 +03:00
Fixed #63 - added support for promises and sync values 2016-11-29 10:52:42 +02:00			`const methodBody = function(body) {`
			`if (!config.blocking) {`
			`this.unblock();`
			`}`
fixed some issues with grapher, data integrity, exposure unblocking and beginning journey of reducers 2016-11-17 13:11:55 +02:00
Fixed #63 - added support for promises and sync values 2016-11-29 10:52:42 +02:00			`let transformedBody = getTransformedBody(body);`
added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00
Fixed #63 - added support for promises and sync values 2016-11-29 10:52:42 +02:00			`const rootNode = createGraph(collection, transformedBody);`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00
Fixed #63 - added support for promises and sync values 2016-11-29 10:52:42 +02:00			`enforceMaxDepth(rootNode, config.maxDepth);`
			`restrictLinks(rootNode, this.userId);`
upgrade to 1.1.5 2016-09-28 18:30:12 +03:00
Fixed #63 - added support for promises and sync values 2016-11-29 10:52:42 +02:00			`// if there is no exposure body defined, then we need to apply firewalls`
			`return hypernova(rootNode, this.userId, {`
			`bypassFirewalls: !!config.body`
			`});`
			`};`

			`Meteor.methods({`
updated promises functionality 2016-11-30 14:01:38 +02:00			`[this.name]: methodBody`
added count method + added tests + updated restrictedFields to throw propper error 2016-09-26 10:01:29 +03:00			`});`
added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00			`}`

updating reducer implementation 2016-11-18 18:33:21 +02:00			`/**`
reactive counts test 2017-11-25 14:45:31 +02:00			`* Initializes the method to retrieve the count of the data via Meteor.call`
updating reducer implementation 2016-11-18 18:33:21 +02:00			`* @returns {*}`
			`*/`
added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00			`initCountMethod() {`
			`const collection = this.collection;`
added count method + added tests + updated restrictedFields to throw propper error 2016-09-26 10:01:29 +03:00
			`Meteor.methods({`
			`[this.name + '.count'](body) {`
added namedQuery + cloning ability to query + fixes to exposure 2016-10-07 10:31:58 +03:00			`this.unblock();`

added count method + added tests + updated restrictedFields to throw propper error 2016-09-26 10:01:29 +03:00			`return collection.find(body.$filters \|\| {}, {}, this.userId).count();`
			`}`
initial commit 2016-09-14 16:04:08 +03:00			`})`
			`}`

reactive counts test 2017-11-25 14:45:31 +02:00			`/**`
			`* Initializes the reactive endpoint to retrieve the count of the data.`
			`*/`
			`initCountPublication() {`
			`const collection = this.collection;`

			`genCountEndpoint(this.name, {`
			`getCursor(session) {`
			`return collection.find(session.filters, {`
			`fields: {_id: 1},`
			`}, this.userId);`
			`},`

			`getSession(body) {`
			`return { filters: body.$filters \|\| {} };`
			`},`
			`});`
			`}`

updating reducer implementation 2016-11-18 18:33:21 +02:00			`/**`
			`* Initializes security enforcement`
			`* THINK: Maybe instead of overriding .find, I could store this data of security inside the collection object.`
			`*/`
initial commit 2016-09-14 16:04:08 +03:00			`initSecurity() {`
			`const collection = this.collection;`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`const {firewall, maxLimit, restrictedFields} = this.config;`
find(undefined) behaves diff from find(), fix 2016-09-26 09:04:08 +03:00			`const find = collection.find.bind(collection);`
			`const findOne = collection.findOne.bind(collection);`
consistency fixes, updated readme, removed link storage if not specified 2016-09-22 17:06:05 +03:00
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`collection.firewall = (filters, options, userId) => {`
			`if (userId !== undefined) {`
			`if (firewall) {`
			`firewall.call({collection: collection}, filters, options, userId);`
initial commit 2016-09-14 16:04:08 +03:00			`}`
fixed to pass tests 2016-09-22 13:46:27 +03:00
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`enforceMaxLimit(options, maxLimit);`
initial commit 2016-09-14 16:04:08 +03:00
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`if (restrictedFields) {`
			`Exposure.restrictFields(filters, options, restrictedFields);`
			`}`
initial commit 2016-09-14 16:04:08 +03:00			`}`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`};`

fixed arguments, with function with own context 2017-04-13 17:19:15 +03:00			`collection.find = function (filters, options = {}, userId = undefined) {`
Fixed #126 - find() with no arguments 2017-04-13 16:55:33 +03:00			`if (arguments.length == 0) {`
			`filters = {};`
			`}`

Added fix for cursors and exposures 2017-03-15 16:11:14 +02:00			`// If filters is undefined it should return an empty item`
			`if (arguments.length > 0 && filters === undefined) {`
			`return find(undefined, options);`
Fixed #109 - Finding with undefined now returns empty results 2017-02-17 10:02:04 +02:00			`}`

init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`collection.firewall(filters, options, userId);`

find(undefined) behaves diff from find(), fix 2016-09-26 09:04:08 +03:00			`return find(filters, options);`
init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`};`

fixed arguments, with function with own context 2017-04-13 17:19:15 +03:00			`collection.findOne = function (filters, options = {}, userId = undefined) {`
Added fix for cursors and exposures 2017-03-15 16:11:14 +02:00			`// If filters is undefined it should return an empty item`
			`if (arguments.length > 0 && filters === undefined) {`
Fixed #109 - Finding with undefined now returns empty results 2017-02-17 10:02:04 +02:00			`return null;`
			`}`

added stringification of findOne to work with firewall 2017-04-13 17:20:17 +03:00			`if (typeof(filters) === 'string') {`
			`filters = {_id: filters};`
			`}`

init new exposure paradigm and configurations 2016-09-24 08:05:26 +03:00			`collection.firewall(filters, options, userId);`

find(undefined) behaves diff from find(), fix 2016-09-26 09:04:08 +03:00			`return findOne(filters, options);`
initial commit 2016-09-14 16:04:08 +03:00			`}`
			`}`
_validateAndClean actually accepts param now 2017-02-07 11:20:10 +01:00			`};`