[keyserver] refactor JSON endpoints to require policy acknowledgment
ClosedPublic
Actions

Authored by kamil on Dec 6 2022, 6:08 AM.

Details

Reviewers

tomek
atul
ashoat

Commits

rCOMM4ce42818a18f: [keyserver] refactor JSON endpoints to require policy acknowledgment

Summary

This code modifies POST request type, each of them will need to specify an array of needed policies, that will be checked before accessing endpoint. An empty array means that this endpoint doesn't need acknowledgment or information about a missing acknowledgments will be attached to the response later on. Looks like other handlers, e.g. for GET requests don't need to check for policies, there is no need to complicate this because this change will still make users unable to use the app without accepting what's needed.

Context in ENG-2363.

Test Plan

Endpoints should maintain old functionality, this is just a refactor.

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kamil created this revision.Dec 6 2022, 6:08 AM

kamil held this revision as a draft.

Herald added a subscriber: ashoat. · View Herald TranscriptDec 6 2022, 6:08 AM

kamil added a parent revision: D5822: [keyserver] add viewer acknowledgment fetcher.Dec 6 2022, 6:08 AM

kamil edited the summary of this revision. (Show Details)

kamil added a child revision: D5824: [keyserver] validate if policies are acknowledged on request.Dec 6 2022, 6:15 AM

Harbormaster completed remote builds in B14003: Diff 19176.Dec 6 2022, 6:18 AM

kamil published this revision for review.Dec 6 2022, 6:55 AM

Adding @ashoat to make sure if this makes sense, especially if not checking policies on GET is ok.

keyserver/src/endpoints.js
67 ↗	(On Diff #19176)	I think it might make sense to create a constant with policies used by most of the endpoints. I guess that if we decide to have another policy required, this will affect almost all the endpoints at once. Another option is to create two object: one with endpoints that require a policy and one with the ones that don't need it and then construct `jsonEndpoints` from these two by adding array with policy to one set and empty array to another.

Seems right

especially if not checking policies on GET is ok.

What APIs do we have GET for? The only GETs I can think of are the ones that return HTML or files (error report JSON, uploads). I think the HTML ones need to be special-cased and the others are fine for now

This revision is now accepted and ready to land.Dec 6 2022, 7:38 PM

instroduce constant with common policies

kamil added inline comments.Dec 13 2022, 5:26 AM

keyserver/src/endpoints.js
67 ↗	(On Diff #19176)	I think it might make sense to create a constant with policies used by most of the endpoints. I guess that if we decide to have another policy required, this will affect almost all the endpoints at once. I'll stick to this one, the second is also okay but I think only for one policy, it might get tricky when we will have more