perso/huhuhu_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated oskey notes

Browse Source
This commit is contained in:
Hugo LAMY
2024-11-08 21:00:47 +01:00
parent e6ab74b9e7
commit 2240df17ca
1 changed files with 323 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

323
notes/oskey.md
View File

@@ -0,0 +1,323 @@
---
- guest user service created
- call the service from createAccess
- create tests to check if it works
- fix tests for quickcodes
---
- [/] update my branch with develop
- [ ] add dates to guests and permanent-guests
- [ ] user can delete its quickcodes
- [ ] front needs to get invitations and quickcodes
- [ ] update callable to get invitations : fix database call, and add get-quickcode
- [ ] create service to get quickcodes
- [ ] front needs to get pincode informations (id only ?) when click on an access
- [ ] create callable for that ? or better : plug into the callable used to get the access informations (if exists)
- [ ] **add v2 task :** delete pincodes
- [ ] **add v2 task :** should we put pincodes documents in inviter collection ? also adding a field 'inviter' in pincode documents
- [ ] test callable create-quickcodes
- [ ] test pubsub messages
- [ ] update access type in iot node
- [ ] add security rules for pincodes
- [ ] test security rules
- [ ] delete current callable function to get-pincodes ? or keep it ? it has not been well tested
--
- inhabitantUser
- inhabitantGuestUser -> time
- inhabitantPermanentGuestUser -> time
- get pincode of the invitation -> the guest can see the pincode on the invitation
- getQuickcodes
- add jira issue for the enum import
- getAllinvitesBasedOnVisibility
--
- inhabitantGuestUser && inhabitantPermanentGuestUser :
- add dates
- put documents in invited collection
- add jira : put documents in inviter collection
- add jira : delete pincodes
- delete quickcodes
--
- test callable create quickcodes
- test callable get quickcodes by user
- check on figma what other functions are necessary for v1
- callable get quickcodes by pincodes ?
- callable delete quickcodes ?
- test pubsub messages
- test errors
---
1. create jira epic : "add helpers for repetitive tasks"
2. create 2 topic :
- "security checks in callable functions"
- "logging and throwing errors"
3. rebase branch `security_and_errors` into current develop :
- git checkout `develop`
- git pull `develop`
- git checkout `security_and_errors`
- git rebase --onto develop 4af5282cf6c23be9b86a59a3772337a1a8fe36ae
- git checkout `develop`
- git rebase `security_and_errors`
4. create jira issue in debt for todo in createAccess about return null instead of throwing errors (/workspace/functions/src/modules/core/modules/access/services/access.service.ts)
5.
**questions:**
- how access documents and pincodes and devices documents are linked ?
- user have access documents, that only contains 'user' and 'building' infos
- they do not say 'access with device' or 'pincode'
```
/users/{userId}/accesses/
- accessId: string
- accesses:
[
{
- accessId: string
- accessRights: [{validity: 'permanent'}, ]
- authorizedDoors:
[
{
},
{
- accessControlDevices:
[
{
},
{
},
]
- doorId: string
- doorName: string
- doorStreetAddress: {}
},
]
- creationDate: Timestamp
- inviterId: string
- inveterName: string
- type: OSKUserAccessType
- unitId: string
},
]
- buildingId: string
- buildingImageFilename: string
- bulidingName: string
- buildingStreetAddress: {}
- creationDate: Timestamp
- userFirstName: string
- userId: string
- userLastName: string
```
---
1. why not adding buildingId in the user pincode document ? and start and end time ?
- we add buildingId because it will help find the associated building document, but the other infos are not relevant unless front need it
2. why having a request.userId parameter if we can identify the userId with the auth ?
- not sure, but might be for security
3. check permissions ? how do they work ? are they always related to organizations ? What is an organization anyway ?
- permissions are for organization users, which are either oskey admin user or client admin user, because they can have different roles and permissions. But not for normal users
4. why is there no user document in buildings collection ?
- the user document in building collection is not actually a user document, but something else (i dont remember)
5. how to change iot
- this is another project that i have to clone
---
- [/] generate pincodes with constraints
- [/] create services and controllers to add pincode documents
- [/] create pincode documents when users are added
- [/] add pincode to access
- [/] add doors to pincodes documents
- [/] test if pincodes documents are created and contains all fields
- [ ] add pincode access to iot
- [/] create services and controllers to get pincode
- [ ] test get pincode service
- [ ] create pincode for guest users
- [ ] test pincode creation for guest users
- [-] write pincode security rules
- [ ] test pincode creation -> test pincode rules
- [-] add callable functions to create anonymous pincodes
- [ ] test pincode callable functions to create anonymous pincodes
- [ ] add callable functions to get user pincodes
- [ ] test pincode callable functions to get user pincodes
- [ ] test pincode accesses
- [ ] add callable function to delete pincodes
- [ ] test pincode deletion
---
15/10/24
- console.log vs logger function ?
-
---
10/10/24
pincodes child issues :
old :
- create pincode controller structure
- generate pincode with constraints
- generate docs when pincode created
- get pincodes by user, building, and both
- pincode firestore rules
- update OSKAccessMethod
- add pincode to access
- update pincode accessMethod in iot endpoint
- tests
new:
- [s] generate pincodes with constraints
- [s] create services and controller to add pincodes documents
- [s] create pincodes documents when users are added
- [s] add doors to pincodes documents
- [t] tests if pincodes documents are created and contains all fields
- [s] create services and controller to get pincodes
- [s] add pincode to access
- update OSKAccessMethod
- update pincode accessMethod in iot endpoint
- [t] write pincodes security rules
- [t] test pincodes creation
---
09/10/24
- what is the difference between `._set()` and `._create()` :
- why `._set()` needs a creationDate timestamp and not `._create()` ?
- what happens if we use `._create()` and then `._set()` to override ? will the creationDate be there ?
- when to use which one ?
---
07/10/24
- in `/workspace/functions/src/modules/core/modules/access/controllers/access_pincode.controller.ts`
is it ok to have `export class OSKPincodeController extends OSKDocumentController<OSKBuildingPincodeDocument> {`
with a controller in core build on a controller in building ?
- **yes**
- the function to check if code is uniq cannot prevent collisions, in its actual form
- **ticket oppened, to do it with redis (FIR1-469)**
- should i use "this" instead of refering the class itself ?
- i didnt get the .default very well so far
- i didnt get exactly the distinction btwn controller and service for a document
- **controller will directly call the database**
- i didnt get also the organization in modules, do they correspond to a collection in the database ?
---
20/09/24
#### documents non detruits quand les users sont detruits :
- accesses
- organizations
- organizationInvitations
- sentInvitations
- invitations
#### documents detruits avec les users :
- devices
---
19/09/24
questions pour greg:
- dans quel cas utiliser le "retries(500)" ?
- les rules ne semblent pas proteger quand on est admin, c'est normal ?
- je ne pense pas avoir besoin de rajouter des indexes, puisque je n'utilise que le champ "accountDeletionDate"
- scheduled functions not supported in emulator : https://github.com/firebase/firebase-tools/issues/2034
---
17/09/24
- scheduler
- tester rules
- indexe
---
12/09/24
utiliser "confluence" de attlassian, une sorte de wiki
utiliser le drive et les docs de google
utiliser les app slacks pour recevoir les notifications
questions pour greg:
- conventions de nommage et organisations des tests
- tests update document beosins d'etre plus complets ?
- pourquoi 2 types de timestamp differents, ex in :
- `functions/src/modules/user/models/documents/user_document.model.ts`
- `test/src/specs/user/user_deletion.specs.ts`
- où se trouvent les dossiers sur le drive / docs ?
---
10/09/24
reu dev
framework auth fournit par google :
- reauth , valider nouvel email ,
pour pouvoir customizer les emails il faudrait le faire soi-meme en backend, pas prioritaire pour l'instant
---
09/09/24
1rst day
- installer slack
- installer vscode (ou vscodium en open source)
- regarder les firmware iot : le sdk est uniquement disponible sur les versions LTS
- dev container : les repository vscode contiennent tous un dev container pour les dependances (genre image-magik)
- apigee : api gateway (!= proxy) -> security
- service account : gestion de token interne a google, entre les containers
- gestion git : gitkraken ou source tree
- utiliser chrome plutot que chromium ou firefox
- install nerd font
1. creer un projet firebase en suivant tuto firestore et cloud functions
2. voir tuto sur codelab "local development with firebase"
- test-firebase-6fe21
- session id : 7D583
---
# devcontainer ownership
- inside the dev container, the user is vscode (1001), so outside the container the local user (asususus) cannot modify files, nor push or pull or anything
- the solution is to give the user rights on the files, without changing them, by using ACL :
- **sudo setfacl -R -m u:asususus:rwx ./firebase-oskey-dev** : give recursive read+write+execute access to user asususus
- **sudo setfacl -R -d -m u:asususus:rwx ./firebase-oskey-dev** : set default acl access for all futur changes in the folder
- to remove : **sudo setfacl -Rb ./firebase-oskey-dev**
### ! previous method didn't worked very well
- so instead, outside the container, i added my user `asususus` to the group 1001 `piavpn` :
- **sudo usermod -aG piavpn asususus**
# github ssh
- to connect to ssh from local machine, need to tell ssh to not use the ssh key it uses for personnal account github.com
- to do that, create a config file and tells it to use another key when remote is 'github.com.oskey'
- in ~/.ssh/config file:
```
# gitHub personal account
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_github
IdentitiesOnly yes
# For GitHub work account
Match host github.com exec "basename $(pwd)" == "firebase-oskey-dev"
IdentityFile ~/.ssh/id_ed25519_hugo_oskeys
```