Secure DB with Access Control: Help wanted with request parsing

python660 · September 17, 2023, 1:16pm

Im so close to finishing CLI Auth (sorry @Idkwhttph for being so late!!!), but now I need to parse the requests coming from the database client to the database proxy to make it easy for the user to access.

The object is static, meaning that you shouldn’t (and hopefully can’t) modify its properties and attributes.
This object contains a couple of keys:
- response
- key
- method
- payload
- user
This object is to be used in an access control function defined by the user in main.py, which allows some requests to pass through depending on the contents of the Request object.

data.py:

class Request():
  def __init__(self, req, res, auth):
    print(res)
    self._req = req
    self.response = # The response/output of the given command.
    self.key = # The resource in question (db["keyname"])
    self.method = self._req.method # The type of operation being executed
    self.payload = # The new data for the resource in question (db["foo"] = "bar")

    self.user = AuthUser(auth)


class AuthUser():
  def __init__(self, auth):
    self._auth = json.loads(auth['payload'])
    #print(self._auth)
    self.name, self.id = self._auth['username'], self._auth['id'] # Username and User ID
    ```

I only need one person to help. Please feel free to comment due to the lack of a poll for this task is very miniscule.

RedCoder · September 17, 2023, 1:27pm

@python660 If I were to help, what would I need to do?

python660 · September 17, 2023, 1:28pm

you would need to inspect the schema of replit’s database API, and parse it into an object. You can see my current implementation here:

https://replit.com/@cliauth/Replit-Database-Proxy-Server

RedCoder · September 17, 2023, 1:29pm

So I would take all the keys, values and such, put it into an object to store all of the information? Also, what laungage?

python660 · September 17, 2023, 1:30pm

Yes, that is 100% correct.
Python (because the original database proxy was in python)

RedCoder · September 17, 2023, 1:32pm

Not sure If I’m the best person to help. I mean I am fairly good at Python, but I don’t know much about DBs (I may be able to do it, though 'cause replDB is fairly simple). Would there be any restrictions to the object, and would the object be a able to add more key-value pairs to the object via a function, or possibly reinsert the object back into the DB.

Could you list out all of the features it would require?

python660 · September 17, 2023, 1:37pm

EDIT: I included this in the first post.
@RedCoder, yes, I can.

The object is static, meaning that you shouldn’t (and hopefully can’t) modify its properties and attributes.
This object contains a couple of keys:
- response
- key
- method
- payload
- user
This object is to be used in an access control function defined by the user in main.py, which allows some requests to pass through depending on the contents of the Request object.

data.py:

class Request():
  def __init__(self, req, res, auth):
    print(res)
    self._req = req
    self.response = # The response/output of the given command.
    self.key = # The resource in question (db["keyname"])
    self.method = self._req.method # The type of operation being executed
    self.payload = # The new data for the resource in question (db["foo"] = "bar")

    self.user = AuthUser(auth)


class AuthUser():
  def __init__(self, auth):
    self._auth = json.loads(auth['payload'])
    #print(self._auth)
    self.name, self.id = self._auth['username'], self._auth['id'] # Username and User ID
    ```

RedCoder · September 17, 2023, 1:40pm

@python660 I apologize, but I’m probably not the best for this type of thing. I wish I was, but I’m sincerely sorry

python660 · September 17, 2023, 1:40pm

No worries! That’s totally fine, considering that the Replit DB API is very poorly documented.