1180 refactor foxx authz

[JoshuaSBrown]

PR Description

Tasks

• - A description of the PR has been provided, and a diagram included if it is a new feature.
• - Formatter has been run
• - Labels have been assigned to the pr
• - A reviwer has been added
• - A user has been assigned to work on the pr
• - If new feature a unit test has been added

Summary by Sourcery

Refactor the authorization router by modularizing the code into separate modules for better maintainability and readability. Introduce new unit tests for the Record class and path handling to ensure robustness and correct error handling.

Enhancements:

• Refactor the authorization router to improve code readability and maintainability by modularizing the logic into separate modules.

Tests:

• Add new unit tests for the Record class and path handling to ensure correct functionality and error handling.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR refactors the authorization system by introducing new modules for better code organization and maintainability. The changes include splitting functionality into dedicated modules for record management, path handling, and authorization checks, along with comprehensive unit tests to ensure reliability.

Sequence diagram for the authorization check process

sequenceDiagram
    participant Client
    participant Router
    participant AuthzModule
    participant Record
    participant PathModule
    Client->>Router: GET /gridftp
    Router->>AuthzModule: isRecordActionAuthorized(client, data_key, req_perm)
    AuthzModule-->>Router: Authorization result
    Router->>Record: new Record(data_key)
    Record->>PathModule: splitPOSIXPath(file)
    PathModule-->>Record: Path components
    Record-->>Router: Path consistency result
    Router-->>Client: Authorization response

Loading

Class diagram for the refactored authorization system

classDiagram
    class Record {
        -error
        -err_msg
        -exists
        -loc
        -alloc
        -key
        -data_id
        +constructor(a_key)
        +exists() boolean
        +key() string
        +error() string
        +errorMessage() string
        +isManaged() boolean
        +isPathConsistent(a_path) boolean
    }
    class AuthzModule {
        +isRecordActionAuthorized(a_client, a_data_key, a_perm) boolean
    }
    class PathModule {
        +splitPOSIXPath(a_posix_path) string[]
    }
    Record --> AuthzModule : uses
    Record --> PathModule : uses

Loading

File-Level Changes

Change	Details	Files
Refactored authorization router to use new modular architecture	Split authorization logic into separate modules (Record, Path, and Authz) Improved error handling and messaging Added structured logging for authorization events Simplified path validation logic using new Path module	core/database/foxx/api/authz_router.js
Created new Record class for managing data records	Implemented methods for checking record existence and management status Added path consistency validation Created error handling system with codes and messages Added support for handling record relocations and ownership changes	core/database/foxx/api/record.js
Added POSIX path handling module	Created utility for splitting POSIX paths into components Added input validation for path strings Implemented filtering for empty path components	core/database/foxx/api/posix_path.js
Added authorization utility module	Created function for checking record action authorization Implemented permission validation logic Added support for admin permission checks	core/database/foxx/api/authz.js
Enhanced testing infrastructure	Added comprehensive unit tests for Record class Created test suite for POSIX path handling Updated CMake configuration to include new tests Added documentation for test configuration	core/database/tests/test_foxx.sh core/database/CMakeLists.txt core/database/foxx/tests/record.test.js core/database/foxx/tests/path.test.js core/database/README.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[JoshuaSBrown]

@sourcery-ai review

[sourcery-ai]

Hey @JoshuaSBrown - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• Security issue: data_id variable is undefined in public read access check (link)

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🔴 Security: 1 blocking issue
• 🟢 Testing: all looks good
• 🟡 Complexity: 1 issue found
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 issue (security): Security issue: data_id variable is undefined in public read access check

The data_id variable is not defined at this point in the code. Should use record.key() or similar method from the Record class to maintain consistency and prevent potential security vulnerabilities.

[JoshuaSBrown]

Nice catch.

[sourcery-ai]

Thank you for your feedback, we will generate more comments like this in the future according to the following instructions:

- Ensure the comment identifies a specific issue in the code, such as a security vulnerability or bug.
- The comment should provide a clear explanation of the issue, including why it is a problem.
- Suggest a specific solution or improvement to address the issue.
- Use clear and concise language to communicate the problem and solution effectively.

[AronPerez]

Questions about testing and some comments left in

[t-ramz]

I have a few questions and comments!

[t-ramz]

It will also match against the "describe" blocks

[t-ramz]

If these permissions are stored somewhere as a type, the above jsdoc reference can show their type

[JoshuaSBrown]

That's a good suggestion. The client is not currently defined in a single location as it is what is pulled out of the database.

[t-ramz]

I am asking out of curiosity, is it best practice to construct an ID? I feel like if we ask for a key and use an ID, it may be better to either 1. Just ask for the ID or 2. Search for the record based on the key, and use the record ID.

A reason that I ask is because I am unsure if we can be 100% certain that the ID will always be collection/key, is that the case?

[JoshuaSBrown]

Great question, and yes you can. Thie is from the official documentation.

https://docs.arangodb.com/stable/concepts/data-structure/documents/

All documents contain special attributes at the top-level that start with an underscore, known as system attributes:

The document key is stored as a string in the _key attribute.
The document identifier is stored as a string in the _id attribute.
The document revision is stored as a string in the _rev attribute.
You can specify a value for the _key attribute when creating a document. The _id attribute is automatically set based on the collection and _key. The _id and _key values are immutable once the document has been created. The _rev value is maintained by ArangoDB automatically.

keys are unique to the collection, ids globally unique.

[JoshuaSBrown]

I would say that if you don't conform to the pattern, it is likely an anti-pattern.

[t-ramz]

Ok yeah I see that in the docs. Cool to know.

[t-ramz]

Typo? @brief

[t-ramz]

I think this comment is unnecessary because of the splitPOSIXPath jsdoc

[t-ramz]

Typo? noe -> not ?

[t-ramz]

There are a lot of checks for record existence. Is there a way to pull this check up a level or two in the nested conditionals?

[JoshuaSBrown]

Good catch, This is addressed in a follow up PR. see here. https://github.com/ORNL/DataFed/pull/1196/files#diff-2a4e90aa74276bb3ccc3605ae33282b2cfa475fd702f7239150b202e6a4ed152

[t-ramz]

Ok I see the exists() calls are inexpensive. That's good.

[t-ramz]

Should we also have a test for not admin, but has write? And another for no admin, no write?

[JoshuaSBrown]

Good catch, These are addressed in a follow up PR here: https://github.com/ORNL/DataFed/pull/1196/files#diff-29f2f796d64cb649168cf5d450247a757a3f3b2d0c252f8ad394c76ac48ee08c