Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: Add caching to all authorization steps

Browse Source
This commit is contained in:
Joachim Van Herwegen 2022-11-17 16:19:24 +01:00
parent 2d54493485
commit 59e64a22ea
3 changed files with 67 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
config/ldp/authentication/dpop-bearer.json
View File

@ -2,25 +2,29 @@
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
"@graph": [
{
"comment": "Supports DPoP and Bearer access tokens, or no credentials.",
"comment": "Caches the credentials based on the incoming request.",
"@id": "urn:solid-server:default:CredentialsExtractor",
"@type": "UnionCredentialsExtractor",
"extractors": [
{
"@type": "WaterfallHandler",
"handlers": [
{
"@type": "DPoPWebIdExtractor",
"originalUrlExtractor": {
"@type": "OriginalUrlExtractor",
"args_identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
}
},
{ "@type": "BearerWebIdExtractor" }
]
},
{ "@type": "PublicCredentialsExtractor" }
]
"@type": "CachedHandler",
"source": {
"comment": "Supports DPoP and Bearer access tokens, or no credentials.",
"@type": "UnionCredentialsExtractor",
"extractors": [
{
"@type": "WaterfallHandler",
"handlers": [
{
"@type": "DPoPWebIdExtractor",
"originalUrlExtractor": {
"@type": "OriginalUrlExtractor",
"args_identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
}
},
{ "@type": "BearerWebIdExtractor" }
]
},
{ "@type": "PublicCredentialsExtractor" }
]
}
}
]
}

67
config/ldp/authorization/readers/default.json
View File

@ -5,39 +5,44 @@
],
"@graph": [
{
"comment": "Requests permissions on subject resources for auxiliary resources.",
"comment": "Caches permissions based on credentials and requested modes. Does not cache the input object itself as that object might be created in different places",
"@id": "urn:solid-server:default:PermissionReader",
"@type": "AuxiliaryReader",
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
"reader": {
"@type": "UnionPermissionReader",
"readers": [
{
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
"@id": "urn:solid-server:default:PathBasedReader",
"@type": "PathBasedReader",
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
},
{
"comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.",
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader"
},
{
"comment": "Adds parent container checks needed for create/delete permissions.",
"@id": "urn:solid-server:default:ParentContainerReader",
"@type": "ParentContainerReader",
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"reader": {
"comment": [
"Reinterprets Control permissions as Read/Write on the auth resource.",
"The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object."
],
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
"@type": "AuthAuxiliaryReader"
"@type": "CachedHandler",
"fields": [ "credentials", "requestedModes" ],
"source": {
"comment": "Requests permissions on subject resources for auxiliary resources.",
"@type": "AuxiliaryReader",
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
"reader": {
"@type": "UnionPermissionReader",
"readers": [
{
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
"@id": "urn:solid-server:default:PathBasedReader",
"@type": "PathBasedReader",
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
},
{
"comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.",
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader"
},
{
"comment": "Adds parent container checks needed for create/delete permissions.",
"@id": "urn:solid-server:default:ParentContainerReader",
"@type": "ParentContainerReader",
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"reader": {
"comment": [
"Reinterprets Control permissions as Read/Write on the auth resource.",
"The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object."
],
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
"@type": "AuthAuxiliaryReader"
}
}
}
]
]
}
}
}
]

14
config/ldp/modes/default.json
View File

@ -2,12 +2,16 @@
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
"@graph": [
{
"comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).",
"comment": "Caches the requested modes based on the incoming operation.",
"@id": "urn:solid-server:default:ModesExtractor",
"@type": "IntermediateCreateExtractor",
"resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" },
"strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"source": { "@id": "urn:solid-server:default:HttpModesExtractor" }
"@type": "CachedHandler",
"source" : {
"comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).",
"@type": "IntermediateCreateExtractor",
"resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" },
"strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"source": { "@id": "urn:solid-server:default:HttpModesExtractor" },
}
},
{
"comment": "Determines required modes based on HTTP methods.",