bug(auth): ROSS-160: update authorization logic to inherit global authentication setting and remove default schema value

src/routes/aggregate/aggregate.ts

@@ -35,24 +35,31 @@ export function registerAggregateRoutes(
       f => f.supportedAggregation && f.supportedAggregation.length > 0,
     );
 
-    // API unique idenfier
-    const aggregateAPIIdentifier = `aggregate->${model.name}->get_aggregation`;
-    const webhookConfig =
-      config.apis?.[aggregateAPIIdentifier]?.webhooks ?? null;
-    const sspConfig = config.apis?.[aggregateAPIIdentifier]?.ssp ?? [];
+    // construct the api identifier
+    const apiIdentifier = `aggregate->${model.name}->get_aggregation`;
+
+    // extract the api configs based on the api identifier
+    const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null;
+    const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? [];
+    // calculating the authroization based on auth flag, it can be true
+    // if the api level auth is enabled, or if the app level auth is enabled
     const authorization =
-      config.apis?.[aggregateAPIIdentifier]?.authorization ?? false;
+      config.apis?.[apiIdentifier]?.authorization ??
+      config.auth?.enableAuth ??
+      false;
 
     // for each aggregatable field, we create a GET route
     // /<model_name>/aggregation/<field_name>
     for (const field of aggregatableFields) {
       const operations = field.supportedAggregation!;
 
+      // generating the schema for the route
       const schema: Record<string, unknown> = generateSchema(
         config,
         field,
         model,
         operations,
+        authorization,
       );
 
       app.get(
@@ -189,14 +196,23 @@ function generateSchema(
   field: ModelFieldConfig,
   model: ModelConfig,
   operations: SupportedAggregationOperation[],
+  authorization: boolean,
 ) {
   const security: Array<{[key: string]: string[]}> = [];
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'up-auth' &&
+    authorization
+  ) {
     security.push({bearerAuth: []});
   }
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'api-key' &&
+    authorization
+  ) {
     security.push({apiKeyAuth: []});
   }
 

src/routes/custom-queries/custom-queries.ts

@@ -86,11 +86,18 @@ export function registerCustomQueryRoutes(
     const queryProperties: Record<string, object> = {};
     const bodyProperties: Record<string, object> = {};
 
-    // uniqie api identifier
+    // constructing the api identifier
     const apiIdentifier = `customAPIs->customQueries->${cq.name}`;
+
+    // extracting the api configs based on the api identifier
     const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null;
     const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? [];
-    const authorization = config.apis?.[apiIdentifier]?.authorization ?? false;
+    // calculating the authroization based on auth flag, it can be true
+    // if the api level auth is enabled, or if the app level auth is enabled
+    const authorization =
+      config.apis?.[apiIdentifier]?.authorization ??
+      config.auth?.enableAuth ??
+      false;
 
     // body parameters are always in between @@
     // path parameters are always in between $$
@@ -195,18 +202,31 @@ export function registerCustomQueryRoutes(
 
     const security: Array<{[key: string]: string[]}> = [];
 
-    if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') {
+    // adding the security based on the auth flag and auth engine
+    // if the auth flag is enabled and the auth engine is up-auth, then add the bearerAuth
+    if (
+      config.auth?.enableAuth &&
+      config.auth?.authEngine === 'up-auth' &&
+      authorization
+    ) {
       security.push({bearerAuth: []});
     }
 
-    if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') {
+    // if the auth flag is enabled and the auth engine is api-key, then add the apiKeyAuth
+    if (
+      config.auth?.enableAuth &&
+      config.auth?.authEngine === 'api-key' &&
+      authorization
+    ) {
       security.push({apiKeyAuth: []});
     }
 
+    // if there is any security configutaion required then add it to the swagger schema
     if (security.length > 0) {
       schema.security = security;
     }
 
+    // registering the route
     app.route({
       method: cq.method,
       url: routePath,

src/routes/operations/delete.ts

@@ -35,11 +35,19 @@ export function registerDeleteRoutes(
       f.supportedOperations?.includes('deletable'),
     );
 
-    // Unique api identifier
+    // constructing the api identifier
     const apiIdentifier = `modelAPIs->delete->${model.name}`;
+
+    // extracting the api configs based on the api identifier
     const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null;
     const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? [];
-    const authorization = config.apis?.[apiIdentifier]?.authorization ?? false;
+
+    // calculating the authroization based on auth flag, it can be true
+    // if the api level auth is enabled, or if the app level auth is enabled
+    const authorization =
+      config.apis?.[apiIdentifier]?.authorization ??
+      config.auth?.enableAuth ??
+      false;
 
     // If we have deletable fields, we register a DELETE route for each.
     for (const field of deletableFields) {
@@ -48,6 +56,7 @@ export function registerDeleteRoutes(
         field,
         model,
         config,
+        authorization,
       );
 
       app.delete(
@@ -56,6 +65,7 @@ export function registerDeleteRoutes(
           schema,
           preValidation: async request => enforceSSP(sspConfig, request),
           preHandler: async (request, reply) => {
+            // checking the authorization
             if (config.auth?.enableAuth && authorization) {
               try {
                 await request.jwtVerify();
@@ -115,6 +125,7 @@ function generateSchema(
   field: ModelFieldConfig,
   model: ModelConfig,
   config: AppConfig,
+  authorization: boolean,
 ) {
   const paramSchema = mapDataTypeToJsonSchema(field.type);
 
@@ -143,11 +154,19 @@ function generateSchema(
 
   const security: Array<{[key: string]: string[]}> = [];
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'up-auth' &&
+    authorization
+  ) {
     security.push({bearerAuth: []});
   }
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'api-key' &&
+    authorization
+  ) {
     security.push({apiKeyAuth: []});
   }
 

src/routes/operations/edit.ts

@@ -38,11 +38,19 @@ export function registerEditRoutes(
       f.supportedOperations?.includes('editable'),
     );
 
-    // unique api identifier
+    // constructing the api identifier
     const apiIdentifier = `modelAPIs->edit->${model.name}`;
+
+    // extracting the api configs based on the api identifier
     const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null;
     const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? [];
-    const authorization = config.apis?.[apiIdentifier]?.authorization ?? false;
+
+    // calculating the authroization based on auth flag, it can be true
+    // if the api level auth is enabled, or if the app level auth is enabled
+    const authorization =
+      config.apis?.[apiIdentifier]?.authorization ??
+      config.auth?.enableAuth ??
+      false;
 
     for (const field of editableFields) {
       const isUnique = field.primaryKey || field.unique;
@@ -122,11 +130,19 @@ export function registerEditRoutes(
 
         const security: Array<{[key: string]: string[]}> = [];
 
-        if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') {
+        if (
+          config.auth?.enableAuth &&
+          config.auth?.authEngine === 'up-auth' &&
+          authorization
+        ) {
           security.push({bearerAuth: []});
         }
 
-        if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') {
+        if (
+          config.auth?.enableAuth &&
+          config.auth?.authEngine === 'api-key' &&
+          authorization
+        ) {
           security.push({apiKeyAuth: []});
         }
 

src/routes/operations/get-all.ts

@@ -35,22 +35,36 @@ export function registerGetAllRoutes(
   const {models} = config;
 
   for (const model of models) {
-    // unique api identifier
+    // constructing the api identifier
     const apiIdentifier = `modelAPIs->getAll->${model.name}`;
+
+    // extracting the api configs based on the api identifier
     const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null;
     const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? [];
-    const authorization = config.apis?.[apiIdentifier]?.authorization ?? false;
 
-    const schema: Record<string, unknown> = generateSchema(model, config);
+    // calculating the authroization based on auth flag, it can be true
+    // if the api level auth is enabled, or if the app level auth is enabled
+    const authorization =
+      config.apis?.[apiIdentifier]?.authorization ??
+      config.auth?.enableAuth ??
+      false;
+
+    const schema: Record<string, unknown> = generateSchema(
+      model,
+      config,
+      authorization,
+    );
 
     app.get(
       `/${model.name}/`,
       {
         schema,
         preValidation: async request => enforceSSP(sspConfig, request),
         preHandler: async (request, reply) => {
+          console.log('I am here');
           if (config.auth?.enableAuth && authorization) {
             try {
+              console.log('I am running to verify JWT?');
               await request.jwtVerify();
             } catch {
               return reply
@@ -77,6 +91,7 @@ export function registerGetAllRoutes(
         },
       },
       async (request: FastifyRequest, reply: FastifyReply) => {
+        console.log(request.user);
         const queryParams = request.query as Record<string, unknown>;
         const tableName = model.name;
 
@@ -146,7 +161,11 @@ export function registerGetAllRoutes(
     );
   }
 }
-function generateSchema(model: ModelConfig, config: AppConfig) {
+function generateSchema(
+  model: ModelConfig,
+  config: AppConfig,
+  authorization: boolean,
+) {
   const queryProperties: Record<string, object> = {};
 
   // Add filter params for each field based on its supportedOperations
@@ -205,11 +224,19 @@ function generateSchema(model: ModelConfig, config: AppConfig) {
 
   const security: Array<{[key: string]: string[]}> = [];
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'up-auth' &&
+    authorization
+  ) {
     security.push({bearerAuth: []});
   }
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'api-key' &&
+    authorization
+  ) {
     security.push({apiKeyAuth: []});
   }
 

src/routes/operations/index-route.ts

@@ -43,11 +43,19 @@ export function registerIndexRoutes(
       );
     });
 
-    // unique api identifier
+    // constructing the api identifier
     const apiIdentifier = `modelAPIs->index->${model.name}`;
+
+    // extracting the api configs based on the api identifier
     const webhookConfig = config.apis?.[apiIdentifier]?.webhooks ?? null;
     const sspConfig = config.apis?.[apiIdentifier]?.ssp ?? [];
-    const authorization = config.apis?.[apiIdentifier]?.authorization ?? false;
+
+    // calculating the authroization based on auth flag, it can be true
+    // if the api level auth is enabled, or if the app level auth is enabled
+    const authorization =
+      config.apis?.[apiIdentifier]?.authorization ??
+      config.auth?.enableAuth ??
+      false;
 
     // index apis means for these APIs, we can fetch data using the indexable fields
     // for example, if we have a field user_id in the users table, and it is indexed,
@@ -57,7 +65,7 @@ export function registerIndexRoutes(
         schema,
         isUnique,
       }: {schema: Record<string, unknown>; isUnique: boolean | undefined} =
-        generateSchema(field, model, config);
+        generateSchema(field, model, config, authorization);
 
       app.get(
         `/${model.name}/${field.name}/:${field.name}`,
@@ -198,6 +206,7 @@ function generateSchema(
   field: ModelFieldConfig,
   model: ModelConfig,
   config: AppConfig,
+  authorization: boolean,
 ) {
   const isUnique = field.primaryKey || field.unique;
   // converting the data type of the indexable field to json schema supported type
@@ -302,11 +311,19 @@ function generateSchema(
 
   const security: Array<{[key: string]: string[]}> = [];
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'up-auth') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'up-auth' &&
+    authorization
+  ) {
     security.push({bearerAuth: []});
   }
 
-  if (config.auth?.enableAuth && config.auth?.authEngine === 'api-key') {
+  if (
+    config.auth?.enableAuth &&
+    config.auth?.authEngine === 'api-key' &&
+    authorization
+  ) {
     security.push({apiKeyAuth: []});
   }