chore: Add caching to all authorization steps

2024-10-03 14:55:10 +00:00 · 2022-11-17 16:19:24 +01:00 · 2022-11-17 16:19:24 +01:00 · 59e64a22ea
commit 59e64a22ea
parent 2d54493485
3 changed files with 67 additions and 54 deletions
--- a/config/ldp/authentication/dpop-bearer.json
+++ b/config/ldp/authentication/dpop-bearer.json
@ -2,25 +2,29 @@
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
  "@graph": [
    {
-      "comment": "Supports DPoP and Bearer access tokens, or no credentials.",
+      "comment": "Caches the credentials based on the incoming request.",
      "@id": "urn:solid-server:default:CredentialsExtractor",
-      "@type": "UnionCredentialsExtractor",
+      "@type": "CachedHandler",
-      "extractors": [
+      "source": {
-        {
+        "comment": "Supports DPoP and Bearer access tokens, or no credentials.",
-          "@type": "WaterfallHandler",
+        "@type": "UnionCredentialsExtractor",
-          "handlers": [
+        "extractors": [
-            {
+          {
-              "@type": "DPoPWebIdExtractor",
+            "@type": "WaterfallHandler",
-              "originalUrlExtractor": {
+            "handlers": [
-                "@type": "OriginalUrlExtractor",
+              {
-                "args_identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
+                "@type": "DPoPWebIdExtractor",
-              }
+                "originalUrlExtractor": {
-            },
+                  "@type": "OriginalUrlExtractor",
-            { "@type": "BearerWebIdExtractor" }
+                  "args_identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
-          ]
+                }
-        },
+              },
-        { "@type": "PublicCredentialsExtractor" }
+              { "@type": "BearerWebIdExtractor" }
-      ]
+            ]
          },
          { "@type": "PublicCredentialsExtractor" }
        ]
      }
    }
  ]
 }
--- a/config/ldp/authorization/readers/default.json
+++ b/config/ldp/authorization/readers/default.json
@ -5,39 +5,44 @@
  ],
  "@graph": [
    {
-      "comment": "Requests permissions on subject resources for auxiliary resources.",
+      "comment": "Caches permissions based on credentials and requested modes. Does not cache the input object itself as that object might be created in different places",
      "@id": "urn:solid-server:default:PermissionReader",
-      "@type": "AuxiliaryReader",
+      "@type": "CachedHandler",
-      "auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
+      "fields": [ "credentials", "requestedModes" ],
-      "reader": {
+      "source": {
-        "@type": "UnionPermissionReader",
+        "comment": "Requests permissions on subject resources for auxiliary resources.",
-        "readers": [
+        "@type": "AuxiliaryReader",
-          {
+        "auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
-            "comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
+        "reader": {
-            "@id": "urn:solid-server:default:PathBasedReader",
+          "@type": "UnionPermissionReader",
-            "@type": "PathBasedReader",
+          "readers": [
-            "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
+            {
-          },
+              "comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
-          {
+              "@id": "urn:solid-server:default:PathBasedReader",
-            "comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.",
+              "@type": "PathBasedReader",
-            "@id": "urn:solid-server:default:OwnerPermissionReader",
+              "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
-            "@type": "OwnerPermissionReader"
+            },
-          },
+            {
-          {
+              "comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.",
-            "comment": "Adds parent container checks needed for create/delete permissions.",
+              "@id": "urn:solid-server:default:OwnerPermissionReader",
-            "@id": "urn:solid-server:default:ParentContainerReader",
+              "@type": "OwnerPermissionReader"
-            "@type": "ParentContainerReader",
+            },
-            "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
+            {
-            "reader": {
+              "comment": "Adds parent container checks needed for create/delete permissions.",
-              "comment": [
+              "@id": "urn:solid-server:default:ParentContainerReader",
-                "Reinterprets Control permissions as Read/Write on the auth resource.",
+              "@type": "ParentContainerReader",
-                "The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object."
+              "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
-              ],
+              "reader": {
-              "@id": "urn:solid-server:default:AuthAuxiliaryReader",
+                "comment": [
-              "@type": "AuthAuxiliaryReader"
+                  "Reinterprets Control permissions as Read/Write on the auth resource.",
                  "The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object."
                ],
                "@id": "urn:solid-server:default:AuthAuxiliaryReader",
                "@type": "AuthAuxiliaryReader"
              }
            }
-          }
+          ]
-        ]
+        }
      }
    }
  ]
--- a/config/ldp/modes/default.json
+++ b/config/ldp/modes/default.json
@ -2,12 +2,16 @@
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
  "@graph": [
    {
-      "comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).",
+      "comment": "Caches the requested modes based on the incoming operation.",
      "@id": "urn:solid-server:default:ModesExtractor",
-      "@type": "IntermediateCreateExtractor",
+      "@type": "CachedHandler",
-      "resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" },
+      "source" : {
-      "strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
+        "comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).",
-      "source": { "@id": "urn:solid-server:default:HttpModesExtractor" }
+        "@type": "IntermediateCreateExtractor",
        "resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" },
        "strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
        "source": { "@id": "urn:solid-server:default:HttpModesExtractor" },
      }
    },
    {
      "comment": "Determines required modes based on HTTP methods.",