Merge pull request #140 from bcgov/objId

Rename query and path parameter `objId` to `objectId`

Author: kamorel

.github/environments/values.dev.yaml

@@ -23,6 +23,7 @@ config:
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http
     SERVER_PORT: "3000"
+    SERVER_PRIVACY_MASK: "true"
 
 patroni:
   enabled: true

.github/environments/values.prod.yaml

@@ -23,6 +23,7 @@ config:
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http
     SERVER_PORT: "3000"
+    SERVER_PRIVACY_MASK: "true"
 
 patroni:
   enabled: true

.github/environments/values.test.yaml

@@ -23,6 +23,7 @@ config:
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http
     SERVER_PORT: "3000"
+    SERVER_PRIVACY_MASK: "true"
 
 patroni:
   enabled: true

app/src/controllers/object.js

@@ -95,7 +95,7 @@ const controller = {
    */
   async addMetadata(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const objPath = await getPath(objId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
 
@@ -156,7 +156,7 @@ const controller = {
    */
   async addTags(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const objPath = await getPath(objId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
       const newTags = req.query.tagset;
@@ -304,7 +304,7 @@ const controller = {
    */
   async deleteMetadata(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const objPath = await getPath(objId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
 
@@ -365,7 +365,7 @@ const controller = {
    */
   async deleteObject(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
 
       // target S3 version to delete
@@ -425,7 +425,7 @@ const controller = {
    */
   async deleteTags(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const objPath = await getPath(objId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
 
@@ -482,7 +482,7 @@ const controller = {
    */
   async fetchMetadata(req, res, next) {
     try {
-      const objIds = mixedQueryToArray(req.query.objId);
+      const objIds = mixedQueryToArray(req.query.objectId);
       const metadata = getMetadata(req.headers);
       const params = {
         objId: objIds ? objIds.map(id => addDashesToUuid(id)) : objIds,
@@ -509,7 +509,7 @@ const controller = {
    */
   async fetchTags(req, res, next) {
     try {
-      const objIds = mixedQueryToArray(req.query.objId);
+      const objIds = mixedQueryToArray(req.query.objectId);
       const tagset = req.query.tagset;
       const params = {
         objectIds: objIds ? objIds.map(id => addDashesToUuid(id)) : objIds,
@@ -536,7 +536,7 @@ const controller = {
    */
   async headObject(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
 
       // target S3 version
       const targetS3VersionId = await getS3VersionId(req.query.s3VersionId, addDashesToUuid( req.query.versionId), objId);
@@ -573,7 +573,7 @@ const controller = {
    */
   async listObjectVersion(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
 
       const response = await versionService.list(objId);
       // TODO: sync with current versions in S3
@@ -596,7 +596,7 @@ const controller = {
    */
   async readObject(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
 
       // target S3 version
       const targetS3VersionId = await getS3VersionId(req.query.s3VersionId, addDashesToUuid( req.query.versionId), objId);
@@ -655,7 +655,7 @@ const controller = {
    */
   async replaceMetadata(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const objPath = await getPath(objId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
 
@@ -707,7 +707,7 @@ const controller = {
    */
   async replaceTags(req, res, next) {
     try {
-      const objId = addDashesToUuid(req.params.objId);
+      const objId = addDashesToUuid(req.params.objectId);
       const objPath = await getPath(objId);
       const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
       const newTags = req.query.tagset;
@@ -756,7 +756,7 @@ const controller = {
     // TODO: handle additional parameters. Eg: deleteMarker, latest
     try {
       const bucketIds = mixedQueryToArray(req.query.bucketId);
-      const objIds = mixedQueryToArray(req.query.objId);
+      const objIds = mixedQueryToArray(req.query.objectId);
       const metadata = getMetadata(req.headers);
       const tagging = req.query.tagset;
       const params = {
@@ -795,7 +795,7 @@ const controller = {
     try {
       const userId = await userService.getCurrentUserId(req.currentUser, SYSTEM_USER);
       const data = {
-        id: addDashesToUuid(req.params.objId),
+        id: addDashesToUuid(req.params.objectId),
         public: isTruthy(req.query.public),
         updatedBy: userId
       };
@@ -826,7 +826,7 @@ const controller = {
       const bucketKey = (await getBucket(req.query.bucketId, true)).key;
 
       bb.on('file', (name, stream, info) => {
-        const objId = addDashesToUuid(req.params.objId);
+        const objId = addDashesToUuid(req.params.objectId);
         const data = {
           id: objId,
           fieldName: name,

app/src/controllers/objectPermission.js

@@ -21,7 +21,7 @@ const controller = {
   async searchPermissions(req, res, next) {
     try {
       const bucketIds = utils.mixedQueryToArray(req.query.bucketId);
-      const objIds = utils.mixedQueryToArray(req.query.objId);
+      const objIds = utils.mixedQueryToArray(req.query.objectId);
       const permCodes = utils.mixedQueryToArray(req.query.permCode);
       const userIds = utils.mixedQueryToArray(req.query.userId);
       const result = await objectPermissionService.searchPermissions({
@@ -62,7 +62,7 @@ const controller = {
     try {
       const userIds = utils.mixedQueryToArray(req.query.userId);
       const response = await objectPermissionService.searchPermissions({
-        objId: utils.addDashesToUuid(req.params.objId),
+        objId: utils.addDashesToUuid(req.params.objectId),
         userId: userIds ? userIds.map(id => utils.addDashesToUuid(id)) : userIds,
         permCode: utils.mixedQueryToArray(req.query.permCode)
       });
@@ -83,7 +83,7 @@ const controller = {
   async addPermissions(req, res, next) {
     try {
       const userId = await userService.getCurrentUserId(utils.getCurrentIdentity(req.currentUser, SYSTEM_USER));
-      const response = await objectPermissionService.addPermissions(utils.addDashesToUuid(req.params.objId), req.body, userId);
+      const response = await objectPermissionService.addPermissions(utils.addDashesToUuid(req.params.objectId), req.body, userId);
       res.status(201).json(response);
     } catch (e) {
       next(errorToProblem(SERVICE, e));
@@ -103,7 +103,7 @@ const controller = {
       const userArray = utils.mixedQueryToArray(req.query.userId);
       const userIds = userArray ? userArray.map(id => utils.addDashesToUuid(id)) : userArray;
       const permissions = utils.mixedQueryToArray(req.query.permCode);
-      const response = await objectPermissionService.removePermissions(req.params.objId, userIds, permissions);
+      const response = await objectPermissionService.removePermissions(req.params.objectId, userIds, permissions);
       res.status(200).json(response);
     } catch (e) {
       next(errorToProblem(SERVICE, e));

app/src/middleware/authorization.js

@@ -27,9 +27,9 @@ const _checkPermission = async ({ currentObject, currentUser, params }, permissi
     const permissions = [];
     const searchParams = { permCode: permission, userId: userId };
 
-    if (params.objId) {
+    if (params.objectId) {
       permissions.push(...await objectPermissionService.searchPermissions({
-        objId: params.objId, ...searchParams
+        objId: params.objectId, ...searchParams
       }));
     }
     if (params.bucketId || currentObject.bucketId) {
@@ -86,11 +86,11 @@ const checkAppMode = (req, res, next) => {
  */
 const currentObject = async (req, _res, next) => {
   try {
-    if (req.params.objId) {
+    if (req.params.objectId) {
       req.currentObject = Object.freeze({
-        ...await objectService.read(req.params.objId)
+        ...await objectService.read(req.params.objectId)
         // TODO: Determine if this is required or can be pushed down to controller level because this inflates all object related service call times by ~300ms
-        //...await storageService.listObjectVersion({ filePath: await getPath(req.params.objId) })
+        //...await storageService.listObjectVersion({ filePath: await getPath(req.params.objectId) })
       });
     }
   } catch (err) {
@@ -122,14 +122,14 @@ const hasPermission = (permission) => {
     try {
       if (!config.has('db.enabled') || !canOidcMode(authMode)) {
         log.debug('Current application mode does not enforce permission checks', { function: 'hasPermission' });
-      } else if (!req.params.objId && !req.params.bucketId) {
+      } else if (!req.params.objectId && !req.params.bucketId) {
         throw new Error('Missing request parameter(s)');
-      } else if (req.params.objId && !req.currentObject) {
+      } else if (req.params.objectId && !req.currentObject) {
         // Force 403 on unauthorized or not found; do not allow 404 id brute force discovery
         throw new Error('Missing object record');
       } else if (authType === AuthType.BASIC && canBasicMode(authMode)) {
         log.debug('Basic authTypes are always permitted', { function: 'hasPermission' });
-      } else if (req.params.objId && req.currentObject.public && permission === Permissions.READ) {
+      } else if (req.params.objectId && req.currentObject.public && permission === Permissions.READ) {
         log.debug('Read requests on public objects are always permitted', { function: 'hasPermission' });
       } else if (!await _checkPermission(req, permission)) {
         throw new Error(`User lacks required permission ${permission}`);

app/src/routes/v1/object.js

@@ -29,63 +29,63 @@ router.get('/tagging', objectValidator.fetchTags, requireSomeAuth, requireDb, (r
 });
 
 /** Returns object headers */
-router.head('/:objId', objectValidator.headObject, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
+router.head('/:objectId', objectValidator.headObject, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
   objectController.headObject(req, res, next);
 });
 
 /** Returns the object */
-router.get('/:objId', objectValidator.readObject, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
+router.get('/:objectId', objectValidator.readObject, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
   // TODO: Add validation to reject unexpected query parameters
   objectController.readObject(req, res, next);
 });
 
 /** Updates an object */
-router.post('/:objId', objectValidator.updateObject, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.post('/:objectId', objectValidator.updateObject, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.updateObject(req, res, next);
 });
 
 /** Deletes the object */
-router.delete('/:objId', objectValidator.deleteObject, requireSomeAuth, currentObject, hasPermission(Permissions.DELETE), (req, res, next) => {
+router.delete('/:objectId', objectValidator.deleteObject, requireSomeAuth, currentObject, hasPermission(Permissions.DELETE), (req, res, next) => {
   objectController.deleteObject(req, res, next);
 });
 
 /** Returns the object version history */
-router.get('/:objId/version', objectValidator.listObjectVersion, requireSomeAuth, requireDb, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
+router.get('/:objectId/version', objectValidator.listObjectVersion, requireSomeAuth, requireDb, currentObject, hasPermission(Permissions.READ), (req, res, next) => {
   objectController.listObjectVersion(req, res, next);
 });
 
 /** Sets the public flag of an object */
-router.patch('/:objId/public', objectValidator.togglePublic, requireSomeAuth, requireDb, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
+router.patch('/:objectId/public', objectValidator.togglePublic, requireSomeAuth, requireDb, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
   objectController.togglePublic(req, res, next);
 });
 
 /** Add metadata to an object */
-router.patch('/:objId/metadata', objectValidator.addMetadata, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.patch('/:objectId/metadata', objectValidator.addMetadata, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.addMetadata(req, res, next);
 });
 
 /** Replace metadata on an object */
-router.put('/:objId/metadata', objectValidator.replaceMetadata, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.put('/:objectId/metadata', objectValidator.replaceMetadata, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.replaceMetadata(req, res, next);
 });
 
 /** Deletes an objects metadata */
-router.delete('/:objId/metadata', objectValidator.deleteMetadata, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.delete('/:objectId/metadata', objectValidator.deleteMetadata, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.deleteMetadata(req, res, next);
 });
 
 /** Add tags to an object */
-router.patch('/:objId/tagging', objectValidator.addTags, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.patch('/:objectId/tagging', objectValidator.addTags, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.addTags(req, res, next);
 });
 
 /** Add tags to an object */
-router.put('/:objId/tagging', objectValidator.replaceTags, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.put('/:objectId/tagging', objectValidator.replaceTags, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.replaceTags(req, res, next);
 });
 
 /** Add tags to an object */
-router.delete('/:objId/tagging', objectValidator.deleteTags, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
+router.delete('/:objectId/tagging', objectValidator.deleteTags, requireSomeAuth, currentObject, hasPermission(Permissions.UPDATE), (req, res, next) => {
   objectController.deleteTags(req, res, next);
 });
 

app/src/routes/v1/permission/objectPermission.js

@@ -15,17 +15,17 @@ router.get('/', objectPermissionValidator.searchPermissions, (req, res, next) =>
 });
 
 /** Returns the object permissions */
-router.get('/:objId', objectPermissionValidator.listPermissions, requireSomeAuth, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
+router.get('/:objectId', objectPermissionValidator.listPermissions, requireSomeAuth, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
   objectPermissionController.listPermissions(req, res, next);
 });
 
 /** Grants object permissions to users */
-router.put('/:objId', objectPermissionValidator.addPermissions, requireSomeAuth, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
+router.put('/:objectId', objectPermissionValidator.addPermissions, requireSomeAuth, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
   objectPermissionController.addPermissions(req, res, next);
 });
 
 /** Deletes object permissions for a user */
-router.delete('/:objId', objectPermissionValidator.removePermissions, requireSomeAuth, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
+router.delete('/:objectId', objectPermissionValidator.removePermissions, requireSomeAuth, currentObject, hasPermission(Permissions.MANAGE), (req, res, next) => {
   objectPermissionController.removePermissions(req, res, next);
 });
 

app/src/validators/bucketPermission.js

@@ -1,3 +1,4 @@
+
 const { validate, Joi } = require('express-validation');
 const { scheme, type } = require('./common');
 const { Permissions } = require('../components/constants');
@@ -16,7 +17,8 @@ const schema = {
             .messages({
               'string.guid': 'One userId required when `objectPerms=true`',
             }),
-          otherwise: scheme.guid })
+          otherwise: scheme.guid
+        })
     })
   },