Differentate access auth between system and record users (#316)

surrealdb · Jul 23, 2024 · e9d8f78 · e9d8f78
1 parent 8f6c6f5
commit e9d8f78
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 17 deletions.
diff --git a/src/surreal.ts b/src/surreal.ts
@@ -19,7 +19,7 @@ import { processAuthVars } from "./util/processAuthVars.ts";
 import { versionCheck } from "./util/versionCheck.ts";
 
 import {
-	type AccessAuth,
+	type AccessRecordAuth,
 	type ActionResult,
 	type AnyAuth,
 	type LiveHandler,
@@ -243,7 +243,7 @@ export class Surreal {
 	 * @param vars - Variables used in a signup query.
 	 * @return The authentication token.
 	 */
-	async signup(vars: ScopeAuth | AccessAuth): Promise<Token> {
+	async signup(vars: ScopeAuth | AccessRecordAuth): Promise<Token> {
 		if (!this.connection) throw new NoActiveSocket();
 
 		const parsed = processAuthVars(vars, this.connection.connection);

diff --git a/src/types.ts b/src/types.ts
@@ -20,34 +20,37 @@ export type QueryParameters =
 //////////////////////////////////////////////
 
 export function convertAuth(params: AnyAuth): Record<string, unknown> {
-	const cloned: Record<string, unknown> = { ...params };
+	let result: Record<string, unknown> = {};
 	const convertString = (a: string, b: string, optional?: boolean) => {
 		if (a in params) {
-			cloned[b] = `${cloned[a]}`;
-			delete cloned[a];
+			result[b] = `${params[a as keyof AnyAuth]}`;
+			delete result[a];
 		} else if (optional !== true) {
 			throw new SurrealDbError(
 				`Key ${a} is missing from the authentication parameters`,
 			);
 		}
 	};
 
-	if ("access" in params) {
-		convertString("access", "ac");
+	if ("scope" in params) {
+		result = { ...params };
+		convertString("scope", "sc");
 		convertString("namespace", "ns");
 		convertString("database", "db");
-	} else if ("scope" in params) {
-		convertString("scope", "sc");
+	} else if ("variables" in params) {
+		result = { ...params.variables };
+		convertString("access", "ac");
 		convertString("namespace", "ns");
 		convertString("database", "db");
 	} else {
+		convertString("access", "ac", true);
 		convertString("database", "db", true);
 		convertString("namespace", "ns", !("database" in params));
 		convertString("username", "user");
 		convertString("password", "pass");
 	}
-
-	return cloned;
+	console.log(result);
+	return result;
 }
 
 export type RootAuth = {
@@ -68,26 +71,39 @@ export type DatabaseAuth = {
 	password: string;
 };
 
+export type AccessSystemAuth = Prettify<
+	(RootAuth | NamespaceAuth | DatabaseAuth) & {
+		access: string;
+		variables?: never;
+	}
+>;
+
 export type ScopeAuth = {
 	namespace?: string;
 	database?: string;
 	scope: string;
 	[K: string]: unknown;
 };
 
-export type AccessAuth = {
+export type AccessRecordAuth = {
 	namespace?: string;
 	database?: string;
 	access: string;
-	[K: string]: unknown;
+	variables: {
+		ns?: never;
+		db?: never;
+		ac?: never;
+		[K: string]: unknown;
+	};
 };
 
 export type AnyAuth =
 	| RootAuth
 	| NamespaceAuth
 	| DatabaseAuth
 	| ScopeAuth
-	| AccessAuth;
+	| AccessSystemAuth
+	| AccessRecordAuth;
 
 export type Token = string;
 

diff --git a/src/util/processAuthVars.ts b/src/util/processAuthVars.ts
@@ -8,7 +8,10 @@ export function processAuthVars<T extends AnyAuth>(
 		database?: string;
 	},
 ): AnyAuth {
-	if ("scope" in vars || "access" in vars) {
+	if (
+		"scope" in vars ||
+		("access" in vars && "variables" in vars && vars.variables)
+	) {
 		if (!vars.namespace) {
 			if (!fallback?.namespace) throw new NoNamespaceSpecified();
 			vars.namespace = fallback.namespace;

diff --git a/tests/integration/tests/auth.test.ts b/tests/integration/tests/auth.test.ts
@@ -73,7 +73,7 @@ describe("record auth", async () => {
 	test("record signup", async () => {
 		const signup = await surreal.signup({
 			access: "user",
-			id: 123,
+			variables: { id: 123 },
 		});
 
 		expect(typeof signup).toBe("string");
@@ -82,7 +82,7 @@ describe("record auth", async () => {
 	test("record signin", async () => {
 		const signin = await surreal.signin({
 			access: "user",
-			id: 123,
+			variables: { id: 123 },
 		});
 
 		expect(typeof signin).toBe("string");

diff --git a/tests/unit/convertAuth.test.ts b/tests/unit/convertAuth.test.ts
@@ -53,6 +53,21 @@ test("valid", () => {
 			username: "root",
 			password: "root",
 		}),
+	).toStrictEqual({
+		ns: "test",
+		db: "test",
+		ac: "user",
+		user: "root",
+		pass: "root",
+	});
+
+	expect(
+		convertAuth({
+			namespace: "test",
+			database: "test",
+			access: "user",
+			variables: { username: "root", password: "root" },
+		}),
 	).toStrictEqual({
 		ns: "test",
 		db: "test",