Merge pull request #4735 from alkem-io/fix/faster-auth

More stable auth

package.json

@@ -1,6 +1,6 @@
 {
   "name": "alkemio-server",
-  "version": "0.96.1",
+  "version": "0.96.2",
   "description": "Alkemio server, responsible for managing the shared Alkemio platform",
   "author": "Alkemio Foundation",
   "private": false,

src/domain/collaboration/link/link.resolver.mutations.ts

@@ -123,7 +123,7 @@ export class LinkResolverMutations {
     document = await this.documentService.saveDocument(document);
 
     const documentAuthorizations =
-      this.documentAuthorizationService.applyAuthorizationPolicy(
+      await this.documentAuthorizationService.applyAuthorizationPolicy(
         document,
         storageBucket.authorization
       );

src/domain/common/authorization-policy/authorization.policy.service.ts

@@ -196,10 +196,18 @@ export class AuthorizationPolicyService {
   }
 
   async saveAll(authorizationPolicies: IAuthorizationPolicy[]): Promise<void> {
-    this.logger.verbose?.(
-      `Saving ${authorizationPolicies.length} authorization policies`,
-      LogContext.AUTH
-    );
+    if (authorizationPolicies.length > 500)
+      this.logger.warn?.(
+        `Saving ${authorizationPolicies.length} authorization policies of type ${authorizationPolicies[0].type}`,
+        LogContext.AUTH
+      );
+    else {
+      this.logger.verbose?.(
+        `Saving ${authorizationPolicies.length} authorization policies`,
+        LogContext.AUTH
+      );
+    }
+
     await this.authorizationPolicyRepository.save(authorizationPolicies, {
       chunk: this.authChunkSize,
     });

src/domain/common/profile/profile.service.authorization.ts

@@ -121,12 +121,12 @@ export class ProfileAuthorizationService {
     }
 
     const storageBucketAuthorizations =
-      this.storageBucketAuthorizationService.applyAuthorizationPolicy(
+      await this.storageBucketAuthorizationService.applyAuthorizationPolicy(
         profile.storageBucket,
         profile.authorization
       );
     updatedAuthorizations.push(...storageBucketAuthorizations);
-    await this.authorizationPolicyService.saveAll(updatedAuthorizations);
-    return [];
+
+    return updatedAuthorizations;
   }
 }

src/domain/common/reference/reference.resolver.mutations.ts

@@ -133,7 +133,7 @@ export class ReferenceResolverMutations {
     document = await this.documentService.saveDocument(document);
 
     const documentAuthorizations =
-      this.documentAuthorizationService.applyAuthorizationPolicy(
+      await this.documentAuthorizationService.applyAuthorizationPolicy(
         document,
         storageBucket.authorization
       );

src/domain/common/visual/visual.resolver.mutations.ts

@@ -104,7 +104,7 @@ export class VisualResolverMutations {
     await this.documentService.saveDocument(visualDocument);
     // Ensure authorization is updated
     const documentAuthorizations =
-      this.documentAuthorizationService.applyAuthorizationPolicy(
+      await this.documentAuthorizationService.applyAuthorizationPolicy(
         visualDocument,
         storageBucket.authorization
       );

src/domain/profile-documents/profile.documents.service.ts

@@ -81,7 +81,7 @@ export class ProfileDocumentsService {
       await this.documentService.saveDocument(newDoc);
 
       const authorizations =
-        this.documentAuthorizationService.applyAuthorizationPolicy(
+        await this.documentAuthorizationService.applyAuthorizationPolicy(
           newDoc,
           storageBucketToCheck.authorization
         );

src/domain/space/account/account.service.authorization.ts

@@ -99,7 +99,6 @@ export class AccountAuthorizationService {
     account.authorization = await this.authorizationPolicyService.save(
       account.authorization
     );
-    updatedAuthorizations.push(account.authorization);
 
     const childUpdatedAuthorizations =
       await this.applyAuthorizationPolicyForChildEntities(account);

src/domain/storage/document/document.service.authorization.ts

@@ -15,10 +15,10 @@ import { RelationshipNotFoundException } from '@common/exceptions/relationship.n
 export class DocumentAuthorizationService {
   constructor(private authorizationPolicyService: AuthorizationPolicyService) {}
 
-  applyAuthorizationPolicy(
+  public async applyAuthorizationPolicy(
     document: IDocument,
     parentAuthorization: IAuthorizationPolicy | undefined
-  ): IAuthorizationPolicy[] {
+  ): Promise<IAuthorizationPolicy[]> {
     if (!document.tagset || !document.tagset.authorization) {
       throw new RelationshipNotFoundException(
         `Unable to find entities required to reset auth for Document ${document.id} `,
@@ -44,7 +44,8 @@ export class DocumentAuthorizationService {
       );
     updatedAuthorizations.push(document.tagset.authorization);
 
-    return updatedAuthorizations;
+    await this.authorizationPolicyService.saveAll(updatedAuthorizations);
+    return [];
   }
 
   private appendCredentialRules(document: IDocument): IAuthorizationPolicy {

src/domain/storage/storage-aggregator/storage.aggregator.service.authorization.ts

@@ -52,7 +52,7 @@ export class StorageAggregatorAuthorizationService {
     updatedAuthorizations.push(storageAggregator.authorization);
 
     const bucketAuthorizations =
-      this.storageBucketAuthorizationService.applyAuthorizationPolicy(
+      await this.storageBucketAuthorizationService.applyAuthorizationPolicy(
         storageAggregator.directStorage,
         storageAggregator.authorization
       );

src/domain/storage/storage-bucket/storage.bucket.service.authorization.ts

@@ -19,10 +19,10 @@ export class StorageBucketAuthorizationService {
     private documentAuthorizationService: DocumentAuthorizationService
   ) {}
 
-  applyAuthorizationPolicy(
+  public async applyAuthorizationPolicy(
     storageBucket: IStorageBucket,
     parentAuthorization: IAuthorizationPolicy | undefined
-  ): IAuthorizationPolicy[] {
+  ): Promise<IAuthorizationPolicy[]> {
     if (!storageBucket.documents) {
       throw new RelationshipNotFoundException(
         `Unable to load entities to reset auth for StorageBucket ${storageBucket.id} `,
@@ -49,14 +49,15 @@ export class StorageBucketAuthorizationService {
     // Cascade down
     for (const document of storageBucket.documents) {
       const documentAuthorizations =
-        this.documentAuthorizationService.applyAuthorizationPolicy(
+        await this.documentAuthorizationService.applyAuthorizationPolicy(
           document,
           storageBucket.authorization
         );
       updatedAuthorizations.push(...documentAuthorizations);
     }
 
-    return updatedAuthorizations;
+    await this.authorizationPolicyService.saveAll(updatedAuthorizations);
+    return [];
   }
 
   private appendPrivilegeRules(

src/platform/admin/avatars/admin.avatarresolver.mutations.ts

@@ -78,7 +78,7 @@ export class AdminSearchContributorsMutations {
     }
 
     const authorizations =
-      this.storageBucketAuthorizationService.applyAuthorizationPolicy(
+      await this.storageBucketAuthorizationService.applyAuthorizationPolicy(
         profile.storageBucket,
         profile.authorization
       );

src/platform/admin/whiteboards/admin.whiteboard.service.ts

@@ -118,7 +118,7 @@ export class AdminWhiteboardService {
               );
             document = await this.documentService.saveDocument(document);
             const documentAuthorizations =
-              this.documentAuthorizationService.applyAuthorizationPolicy(
+              await this.documentAuthorizationService.applyAuthorizationPolicy(
                 document,
                 profile.storageBucket.authorization
               );