Skip to content

query improvements #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

query improvements #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
66dae74
project properties in queries
pbr1111 Sep 15, 2024
4ea8575
remove unused properties in AuthorizationContext
pbr1111 Sep 16, 2024
f3289b9
change cache key
pbr1111 Sep 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 13 additions & 11 deletions src/Balea.Api.Store/ApiRuntimeAuthorizationServerStore.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,21 +43,22 @@ public async Task<AuthorizationContext> FindAuthorizationAsync(ClaimsPrincipal u
{
if (_storeOptions.CacheEnabled)
{
var key = $"balea:1.0:user:{user.GetSubjectId(_baleaOptions)}:application:{_baleaOptions.ApplicationName}";
var key = $"balea:1.1:user:{user.GetSubjectId(_baleaOptions)}:application:{_baleaOptions.ApplicationName}";
var cachedResponse = await _cache.GetOrSet(
key,
miss: () =>
{
Log.CacheMiss(_logger, key);
return GetAuthorizationContext(user);
miss: async () =>
{
Log.CacheMiss(_logger, key);
var response = await GetAuthorizationContext(user);
return response.To();
},
hit: _ => Log.CacheHit(_logger, key),
_storeOptions.AbsoluteExpirationRelativeToNow,
_storeOptions.SlidingExpiration,
cancellationToken);

return cachedResponse.To();
return cachedResponse;
}

var response = await GetAuthorizationContext(user);
Expand All @@ -69,21 +70,22 @@ public async Task<Policy> GetPolicyAsync(string name, CancellationToken cancella
{
if (_storeOptions.CacheEnabled)
{
var key = $"balea:1.0:application:{_baleaOptions.ApplicationName}:policy:{name}";
var key = $"balea:1.1:application:{_baleaOptions.ApplicationName}:policy:{name}";

var cachedResponse = await _cache.GetOrSet(
key,
miss: () =>
miss: async () =>
{
Log.CacheMiss(_logger, key);
return GetPolicy(name);
var response = await GetPolicy(name);
return response.To();
},
hit: _ => Log.CacheHit(_logger, key),
_storeOptions.AbsoluteExpirationRelativeToNow,
_storeOptions.SlidingExpiration,
cancellationToken);

return cachedResponse.To();
return cachedResponse;
}

var response = await GetPolicy(name);
Expand Down
9 changes: 3 additions & 6 deletions src/Balea.Api.Store/Model/HttpClientStoreAuthorizationResponse.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,9 @@ public AuthorizationContext To()
Roles.Select(role => new Role(
role.Name,
role.Description,
role.Subjects,
role.Mappings,
role.Permissions,
role.Enabled)),
Delegation is null
? null
role.Permissions)),
Delegation is null
? null
: new Delegation(
Delegation.Who,
Delegation.Whom,
Expand Down
2 changes: 1 addition & 1 deletion src/Balea.Configuration.Store/ConfigurationRuntimeAuthorizationServerStore.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public Task<AuthorizationContext> FindAuthorizationAsync(ClaimsPrincipal user, C

if (application is null)
{
return Task.FromResult(new AuthorizationContext(new Role[0], null));
return Task.FromResult(new AuthorizationContext(Array.Empty<Role>(), null));
}

var delegation = application.Delegations.GetCurrentDelegation(user.GetSubjectId(_options));
Expand Down
5 changes: 1 addition & 4 deletions src/Balea.Configuration.Store/Extensions/ModelExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,7 @@ public static Role To(this RoleConfiguration role)
return new Role(
role.Name,
role.Description,
role.Subjects,
role.Mappings,
role.Permissions.Distinct(),
role.Enabled
role.Permissions.Distinct()
);
}

Expand Down
52 changes: 27 additions & 25 deletions src/Balea.EntityFrameworkCore.Store/EntityFrameworkCoreRuntimeAuthorizationServerStore.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,44 +26,46 @@ public EntityFrameworkCoreRuntimeAuthorizationServerStore(TContext context, Bale

public async Task<AuthorizationContext> FindAuthorizationAsync(ClaimsPrincipal user, CancellationToken cancellationToken = default)
{
var userSubjectId = user.GetSubjectId(_options);
var sourceRoleClaims = user.GetClaimValues(_options.DefaultClaimTypeMap.RoleClaimType);
var delegation = await _context.Delegations.GetCurrentDelegation(
user.GetSubjectId(_options),

var delegation = await _context.Delegations.GetDelegation(
userSubjectId,
_options.ApplicationName,
cancellationToken);
var subject = GetSubject(user, delegation);

var subject = delegation?.Who ?? userSubjectId;

var roles = await _context.Roles
.AsNoTracking()
.Include(r => r.Application)
.Include(r => r.Mappings)
.ThenInclude(rm => rm.Mapping)
.Include(r => r.Subjects)
.ThenInclude(rs => rs.Subject)
.Include(r => r.Permissions)
.ThenInclude(rp => rp.Permission)
.Where(role =>
role.Application.Name == _options.ApplicationName &&
role.Enabled &&
(role.Subjects.Any(rs => rs.Subject.Sub == subject) || role.Mappings.Any(rm => sourceRoleClaims.Contains(rm.Mapping.Name)))
.AsNoTracking()
.Where(role =>
role.Application.Name == _options.ApplicationName &&
role.Enabled &&
(
role.Subjects.Any(rs => rs.Subject.Sub == subject) ||
role.Mappings.Any(rm => sourceRoleClaims.Contains(rm.Mapping.Name))
)
.ToListAsync(cancellationToken);
)
.Select(role => new Role(
role.Name,
role.Description,
role.Permissions.Select(rp => rp.Permission.Name)
))
.ToListAsync(cancellationToken);

return new AuthorizationContext(roles.Select(r => r.To()), delegation.To());
return new AuthorizationContext(roles, delegation);
}

public async Task<Policy> GetPolicyAsync(string name, CancellationToken cancellationToken = default)
{
var policy = await _context
.Policies
.Include(p => p.Application)
.SingleOrDefaultAsync(p => p.Application.Name == _options.ApplicationName && p.Name == name);
.AsNoTracking()
.Where(p => p.Application.Name == _options.ApplicationName && p.Name == name)
.Select(p => new Policy(p.Name, p.Content))
.FirstOrDefaultAsync(cancellationToken);

return policy.To();
}

private string GetSubject(ClaimsPrincipal user, DelegationEntity delegation)
{
return delegation?.Who?.Sub ?? user.GetSubjectId(_options);
return policy;
}
}
}
31 changes: 26 additions & 5 deletions src/Balea.EntityFrameworkCore.Store/Extensions/EntitiesExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,7 @@ public static Role To(this RoleEntity role)
return new Role(
role.Name,
role.Description,
role.Subjects.Select(rs => rs.Subject.Sub),
role.Mappings.Select(rm => rm.Mapping.Name),
role.Permissions.Select(rp => rp.Permission.Name),
role.Enabled
role.Permissions.Select(rp => rp.Permission.Name)
);
}

Expand Down Expand Up @@ -57,8 +54,32 @@ public static Task<DelegationEntity> GetCurrentDelegation(
d.Selected &&
d.From <= now && d.To >= now &&
d.Whom.Sub == subjectId &&
d.Application.Name == applicationName,
d.Application.Name == applicationName,
cancellationToken);
}

public static Task<Delegation> GetDelegation(
this DbSet<DelegationEntity> delegations,
string subjectId,
string applicationName,
CancellationToken cancellationToken = default)
{
var now = DateTime.UtcNow;
return delegations
.AsNoTracking()
.Where(
d =>
d.Selected &&
d.From <= now && d.To >= now &&
d.Whom.Sub == subjectId &&
d.Application.Name == applicationName)
.Select(
d => new Delegation(
d.Who.Sub,
d.Whom.Sub,
d.From,
d.To))
.FirstOrDefaultAsync(cancellationToken);
}

public static Policy To(this PolicyEntity policy)
Expand Down
1 change: 0 additions & 1 deletion src/Balea/Authorization/BaleaPolicyEvaluator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,6 @@ private async Task AddBaleaIdentity(ClaimsPrincipal user, HttpContext context)
}

var roleClaims = authorization.Roles
.Where(role => role.Enabled)
.Select(role => new Claim(_options.DefaultClaimTypeMap.RoleClaimType, role.Name));

var permissionClaims = authorization.Roles
Expand Down
31 changes: 1 addition & 30 deletions src/Balea/Model/Role.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,39 +4,20 @@ namespace Balea.Model
{
public class Role
{
private readonly List<string> _subjects = new List<string>();
private readonly List<string> _mappings = new List<string>();
private readonly List<string> _permissions = new List<string>();

public Role(
string name,
string description,
IEnumerable<string> subjects,
IEnumerable<string> mappings,
IEnumerable<string> permissions,
bool enabled = true)
IEnumerable<string> permissions)
{
Name = name;
Description = description;
Enabled = enabled;
_subjects.AddRange(subjects);
_mappings.AddRange(mappings);
_permissions.AddRange(permissions);
}

public string Name { get; private set; }
public string Description { get; private set; }
public bool Enabled { get; private set; }

public void AddSubjects(IEnumerable<string> subjects)
{
_subjects.AddRange(subjects);
}

public void AddMappings(IEnumerable<string> mappings)
{
_mappings.AddRange(mappings);
}

public void AddPermissions(IEnumerable<string> permissions)
{
Expand All @@ -47,15 +28,5 @@ public IEnumerable<string> GetPermissions()
{
return _permissions;
}

public IEnumerable<string> GetMappings()
{
return _mappings;
}

public IEnumerable<string> GetSubjects()
{
return _subjects;
}
}
}