CRUD, added scopes, updated compiler

juxt-site · Sep 4, 2023 · 3d27dc2 · 3d27dc2
1 parent 48b3ae6
commit 3d27dc2
Show file tree

Hide file tree

Showing 13 changed files with 401 additions and 8 deletions.
diff --git a/demo/petstore/openapi.json b/demo/petstore/openapi.json
@@ -236,7 +236,7 @@
         ],
         "summary": "Finds Pets by tags",
         "description": "Multiple tags can be provided with comma separated strings. Use tag1, tag2, tag3 for testing.",
-        "operationId": "findPetsByTags",
+        "operationId": "https://auth.example.org/operations/petstore/find-by-tags",
         "parameters": [
           {
             "name": "tags",
@@ -349,7 +349,7 @@
         ],
         "summary": "Updates a pet in the store with form data",
         "description": "",
-        "operationId": "updatePetWithForm",
+        "operationId": "https://auth.example.org/operations/petstore/update-pet-by-id",
         "parameters": [
           {
             "name": "petId",
@@ -398,7 +398,7 @@
         ],
         "summary": "Deletes a pet",
         "description": "",
-        "operationId": "deletePet",
+        "operationId": "https://auth.example.org/operations/petstore/delete-pet-by-id",
         "parameters": [
           {
             "name": "api_key",
@@ -1209,8 +1209,8 @@
           "implicit": {
             "authorizationUrl": "https://auth.example.org/oauth/authorize",
             "scopes": {
-              "write:pets": "modify pets in your account",
-              "read:pets": "read your pets"
+              "https://auth.example.org/scopes/petstore/write": "modify pets in your account",
+              "https://auth.example.org/scopes/petstore/read": "read your pets"
             }
           }
         }

diff --git a/installers/auth.example.org/operations/petstore/add-pet-prepare.clj b/installers/auth.example.org/operations/petstore/add-pet-prepare.clj
@@ -23,7 +23,10 @@
                     "https://auth.example.org/operations/petstore/get-pet-by-id"}
                    :delete
                    {:juxt.site/operation
-                    "deletePet"}}
+                    "https://auth.example.org/operations/petstore/delete-pet-by-id"}
+                   :post
+                   {:juxt.site/operation
+                    "https://auth.example.org/operations/petstore/update-pet-by-id"}}
                   :juxt.site/protection-spaces
                   #{"https://auth.example.org/protection-spaces/bearer"}
                      :juxt.site/access-control-allow-origins

diff --git a/installers/auth.example.org/operations/petstore/add-pet.edn b/installers/auth.example.org/operations/petstore/add-pet.edn
@@ -15,6 +15,8 @@
     (for [doc (:docs *prepare*)]
       [:xtdb.api/put doc])}
 
+   :juxt.site/scope
+   #{"https://auth.example.org/scopes/petstore/write"}
    :juxt.site/rules
    [
     [(allowed? subject operation resource permission)

diff --git a/installers/auth.example.org/operations/petstore/delete-pet-by-id.edn b/installers/auth.example.org/operations/petstore/delete-pet-by-id.edn
@@ -0,0 +1,39 @@
+{:install
+ {:juxt.site/subject-uri "https://auth.example.org/_site/subjects/system"
+  :juxt.site/operation-uri "https://auth.example.org/_site/operations/create-operation"
+  :juxt.site/input
+  {:xt/id "{{$id}}"
+   :juxt.site/do-operation-tx-fn "https://auth.example.org/_site/do-operation"
+
+   :juxt.site/prepare
+   {:juxt.site.sci/program
+    #juxt.pprint
+    {:docs (concat (map :xt/id (:juxt.site/current-representations *ctx*))
+                   [(:xt/id (:juxt.site/resource *ctx*))])}}
+
+   :juxt.site/transact
+   {:juxt.site.sci/program
+    #juxt.pprint
+    (for [doc (:docs *prepare*)]
+      [:xtdb.api/delete doc])}
+
+   :juxt.site/scope
+   #{"https://auth.example.org/scopes/petstore/write"}
+
+   :juxt.site/rules
+   [
+    [(allowed? subject operation resource permission)
+     [subject :juxt.site/user user]
+     [permission :juxt.site/role role]
+     [role :juxt.site/type "https://meta.juxt.site/types/role"]
+     [role-assignment :juxt.site/type "https://meta.juxt.site/types/role-assignment"]
+     [role-assignment :juxt.site/role role]
+     [role-assignment :juxt.site/user user]]
+
+    [(allowed? subject operation resource permission)
+     [subject :juxt.site/application app]
+     [permission :juxt.site/role role]
+     [role :juxt.site/type "https://meta.juxt.site/types/role"]
+     [role-assignment :juxt.site/type "https://meta.juxt.site/types/role-assignment"]
+     [role-assignment :juxt.site/role role]
+     [role-assignment :juxt.site/application app]]]}}}
diff --git a/installers/auth.example.org/operations/petstore/find-by-status.edn b/installers/auth.example.org/operations/petstore/find-by-status.edn
@@ -31,6 +31,10 @@
            (vec)
            ))
     }
+
+   :juxt.site/scope
+   #{"https://auth.example.org/scopes/petstore/read"}
+
    :juxt.site/rules
    [
     [(allowed? subject operation resource permission)

diff --git a/installers/auth.example.org/operations/petstore/find-by-tags.edn b/installers/auth.example.org/operations/petstore/find-by-tags.edn
@@ -0,0 +1,51 @@
+{:install
+ {:juxt.site/subject-uri "https://auth.example.org/_site/subjects/system"
+  :juxt.site/operation-uri "https://auth.example.org/_site/operations/create-operation"
+  :juxt.site/input
+  {:xt/id "{{$id}}"
+   :juxt.site/do-operation-tx-fn "https://auth.example.org/_site/do-operation"
+   :juxt.site/state
+   {:juxt.site.sci/program
+    #juxt.pprint
+    (let [query-params (:ring.request/query *ctx*)
+          tags
+          (if query-params
+            (-> query-params ring.util.codec/form-decode (get "tags"))
+            [])]
+      (->> (xt/q
+            '{:find [(pull e [*])]
+              :where [[e :juxt.site/type "https://data.example.org/types/pet"]
+                      [e :tags tags]
+                      [tags :name tag]]
+              :in [[tag ...]]}
+            ["tag1" "tag3"])
+           (map first)
+           (map (fn [dog]
+                  (reduce-kv
+                   (fn [acc k v]
+                     (if (not= "juxt.site" (namespace k))
+                       (assoc acc k v)
+                       acc))
+                   {}
+                   dog)))
+           (sort-by :xt/id)
+           (vec)
+           ))
+    }
+   :juxt.site/rules
+   [
+    [(allowed? subject operation resource permission)
+     [subject :juxt.site/user user]
+     [permission :juxt.site/role role]
+     [role :juxt.site/type "https://meta.juxt.site/types/role"]
+     [role-assignment :juxt.site/type "https://meta.juxt.site/types/role-assignment"]
+     [role-assignment :juxt.site/role role]
+     [role-assignment :juxt.site/user user]]
+
+    [(allowed? subject operation resource permission)
+     [subject :juxt.site/application app]
+     [permission :juxt.site/role role]
+     [role :juxt.site/type "https://meta.juxt.site/types/role"]
+     [role-assignment :juxt.site/type "https://meta.juxt.site/types/role-assignment"]
+     [role-assignment :juxt.site/role role]
+     [role-assignment :juxt.site/application app]]]}}}
diff --git a/installers/auth.example.org/operations/petstore/get-pet-by-id.edn b/installers/auth.example.org/operations/petstore/get-pet-by-id.edn
@@ -8,6 +8,10 @@
    :juxt.site/state
    {:juxt.site.sci/program
     #juxt.include "get-pet-by-id-state.clj"}
+
+   :juxt.site/scope
+   #{"https://auth.example.org/scopes/petstore/read"}
+
    :juxt.site/rules
    [
     [(allowed? subject operation resource permission)

diff --git a/installers/auth.example.org/operations/petstore/update-pet-by-id.edn b/installers/auth.example.org/operations/petstore/update-pet-by-id.edn
@@ -0,0 +1,59 @@
+{:install
+ {:juxt.site/subject-uri "https://auth.example.org/_site/subjects/system"
+  :juxt.site/operation-uri "https://auth.example.org/_site/operations/create-operation"
+  :juxt.site/input
+  {:xt/id "{{$id}}"
+   :juxt.site/do-operation-tx-fn "https://auth.example.org/_site/do-operation"
+
+   :juxt.site/prepare
+   {:juxt.site.sci/program
+    #juxt.pprint
+    (let [content-type (-> *ctx*
+                           :juxt.site/received-representation
+                           :juxt.http/content-type)
+          body (-> *ctx*
+                   :juxt.site/received-representation
+                   :juxt.http/body)
+          pet-update (case content-type
+                       "application/json"
+                       (some->
+                        body
+                        (String.)
+                        jsonista.core/read-value-with-keywords)
+                       "application/x-www-form-urlencoded"
+                       (some->
+                        body
+                        (String.)
+                        ring.util.codec/form-decode
+                        clojure.walk/keywordize-keys))]
+      (logf (str pet-update))
+      {:doc
+       (into (:juxt.site/resource *ctx*)
+             pet-update)})}
+
+   :juxt.site/transact
+   {:juxt.site.sci/program
+    #juxt.pprint
+    [[:xtdb.api/put (:doc *prepare*)]]}
+
+   :juxt.site/scope
+   #{"https://auth.example.org/scopes/petstore/read"
+     "https://auth.example.org/scopes/petstore/write"}
+
+   :juxt.site/rules
+   [
+    [(allowed? subject operation resource permission)
+     [subject :juxt.site/user user]
+     [permission :juxt.site/role role]
+     [role :juxt.site/type "https://meta.juxt.site/types/role"]
+     [role-assignment :juxt.site/type "https://meta.juxt.site/types/role-assignment"]
+     [role-assignment :juxt.site/role role]
+     [role-assignment :juxt.site/user user]]
+
+    [(allowed? subject operation resource permission)
+     [subject :juxt.site/application app]
+     [permission :juxt.site/role role]
+     [role :juxt.site/type "https://meta.juxt.site/types/role"]
+     [role-assignment :juxt.site/type "https://meta.juxt.site/types/role-assignment"]
+     [role-assignment :juxt.site/role role]
+     [role-assignment :juxt.site/application app]]]}}}
diff --git a/installers/auth.example.org/scopes/petstore/read.edn b/installers/auth.example.org/scopes/petstore/read.edn
@@ -0,0 +1,9 @@
+{:deps
+ ["https://auth.example.org/operations/oauth/register-scope"
+  "https://auth.example.org/permissions/system/oauth/register-scope"]
+ :install
+ {:juxt.site/subject-uri "https://auth.example.org/_site/subjects/system"
+  :juxt.site/operation-uri "https://auth.example.org/operations/oauth/register-scope"
+  :juxt.site/input
+  {:xt/id "{{$id}}"
+   :juxt.site/description "Read stuff"}}}
diff --git a/installers/auth.example.org/scopes/petstore/write.edn b/installers/auth.example.org/scopes/petstore/write.edn
@@ -0,0 +1,9 @@
+{:deps
+ ["https://auth.example.org/operations/oauth/register-scope"
+  "https://auth.example.org/permissions/system/oauth/register-scope"]
+ :install
+ {:juxt.site/subject-uri "https://auth.example.org/_site/subjects/system"
+  :juxt.site/operation-uri "https://auth.example.org/operations/oauth/register-scope"
+  :juxt.site/input
+  {:xt/id "{{$id}}"
+   :juxt.site/description "Write stuff"}}}
diff --git a/installers/bundles.edn b/installers/bundles.edn
@@ -480,8 +480,14 @@
     :juxt.site/installer-path "/operations/petstore/add-pet"}
    {:juxt.site/base-uri "https://auth.example.org"
     :juxt.site/installer-path "/operations/petstore/get-pet-by-id"}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/operations/petstore/delete-pet-by-id"}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/operations/petstore/update-pet-by-id"}
    {:juxt.site/base-uri "https://auth.example.org"
     :juxt.site/installer-path "/operations/petstore/find-by-status"}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/operations/petstore/find-by-tags"}
 
    ;; TODO: Not sure that roles need to be declared in the resource
    ;; server rather than the auth server. They are becoming more
@@ -502,7 +508,23 @@
    {:juxt.site/base-uri "https://auth.example.org"
     :juxt.site/installer-path "/permissions/by-role/{{role}}/{{operation}}"
     :juxt.site/parameters {"role" "PetstoreOwner"
-                           "operation" "petstore/find-by-status"}}]}
+                           "operation" "petstore/find-by-status"}}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/permissions/by-role/{{role}}/{{operation}}"
+    :juxt.site/parameters {"role" "PetstoreOwner"
+                           "operation" "petstore/find-by-tags"}}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/permissions/by-role/{{role}}/{{operation}}"
+    :juxt.site/parameters {"role" "PetstoreOwner"
+                           "operation" "petstore/delete-pet-by-id"}}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/permissions/by-role/{{role}}/{{operation}}"
+    :juxt.site/parameters {"role" "PetstoreOwner"
+                           "operation" "petstore/update-pet-by-id"}}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/scopes/petstore/read"}
+   {:juxt.site/base-uri "https://auth.example.org"
+    :juxt.site/installer-path "/scopes/petstore/write"}]}
 
  "juxt/site/sessions"
  {:juxt.site/title "Sessions"

diff --git a/server/src/juxt/site/operations.clj b/server/src/juxt/site/operations.clj
@@ -433,6 +433,10 @@
    {'form-encode codec/form-encode
     'form-decode codec/form-decode}
 
+   'clojure.walk
+   {'keywordize-keys
+    clojure.walk/keywordize-keys}
+
    'clojure.pprint
    {'pprint pprint}})
 
@@ -833,7 +837,7 @@
           (when-not keypair
             (throw (ex-info "Keypair not found" {:kid kid})))
           (jwt/verify-jwt access-token keypair)))}
-
+     
      'grab
      {'parsed-types
       (fn parsed-types [schema-id]