Files

Hugo LAMY 2240df17ca updated oskey notes

2024-11-08 21:00:47 +01:00

10 KiB

Raw Blame History

- guest user service created - call the service from createAccess - create tests to check if it works - fix tests for quickcodes

[/] update my branch with develop
add dates to guests and permanent-guests
user can delete its quickcodes
front needs to get invitations and quickcodes
- update callable to get invitations : fix database call, and add get-quickcode
- create service to get quickcodes
front needs to get pincode informations (id only ?) when click on an access
- create callable for that ? or better : plug into the callable used to get the access informations (if exists)
add v2 task : delete pincodes
add v2 task : should we put pincodes documents in inviter collection ? also adding a field 'inviter' in pincode documents
test callable create-quickcodes
test pubsub messages
update access type in iot node
add security rules for pincodes
test security rules
delete current callable function to get-pincodes ? or keep it ? it has not been well tested

inhabitantUser
inhabitantGuestUser -> time
inhabitantPermanentGuestUser -> time
get pincode of the invitation -> the guest can see the pincode on the invitation
getQuickcodes
add jira issue for the enum import
getAllinvitesBasedOnVisibility

inhabitantGuestUser && inhabitantPermanentGuestUser :
- add dates
- put documents in invited collection
- add jira : put documents in inviter collection
add jira : delete pincodes
delete quickcodes

test callable create quickcodes
test callable get quickcodes by user
check on figma what other functions are necessary for v1
- callable get quickcodes by pincodes ?
- callable delete quickcodes ?
test pubsub messages
test errors

create jira epic : "add helpers for repetitive tasks"
create 2 topic :
- "security checks in callable functions"
- "logging and throwing errors"
rebase branch security_and_errors into current develop :
- git checkout develop
- git pull develop
- git checkout security_and_errors
- git rebase --onto develop 4af5282cf6c23be9b86a59a3772337a1a8fe36ae
- git checkout develop
- git rebase security_and_errors
create jira issue in debt for todo in createAccess about return null instead of throwing errors (/workspace/functions/src/modules/core/modules/access/services/access.service.ts)

questions:

how access documents and pincodes and devices documents are linked ?
- user have access documents, that only contains 'user' and 'building' infos
- they do not say 'access with device' or 'pincode'

/users/{userId}/accesses/
	- accessId: string
		- accesses:
		[
			{
				- accessId: string
				- accessRights: [{validity: 'permanent'}, ]
				- authorizedDoors:
				[
					{
						
					},
					{
						- accessControlDevices:
						[
							{
							},
							{
							},
						]
						- doorId: string
						- doorName: string
						- doorStreetAddress: {}
					},
				]
				- creationDate: Timestamp
				- inviterId: string
				- inveterName: string
				- type: OSKUserAccessType
				- unitId: string
			},
		]
		- buildingId: string
		- buildingImageFilename: string
		- bulidingName: string
		- buildingStreetAddress: {}
		- creationDate: Timestamp
		- userFirstName: string
		- userId: string
		- userLastName: string

why not adding buildingId in the user pincode document ? and start and end time ?
- we add buildingId because it will help find the associated building document, but the other infos are not relevant unless front need it
why having a request.userId parameter if we can identify the userId with the auth ?
- not sure, but might be for security
check permissions ? how do they work ? are they always related to organizations ? What is an organization anyway ?
- permissions are for organization users, which are either oskey admin user or client admin user, because they can have different roles and permissions. But not for normal users
why is there no user document in buildings collection ?
- the user document in building collection is not actually a user document, but something else (i dont remember)
how to change iot
- this is another project that i have to clone

[/] generate pincodes with constraints
[/] create services and controllers to add pincode documents
[/] create pincode documents when users are added
[/] add pincode to access
[/] add doors to pincodes documents
- [/] test if pincodes documents are created and contains all fields
add pincode access to iot
[/] create services and controllers to get pincode
- test get pincode service
create pincode for guest users
- test pincode creation for guest users
[-] write pincode security rules
- test pincode creation -> test pincode rules
[-] add callable functions to create anonymous pincodes
- test pincode callable functions to create anonymous pincodes
add callable functions to get user pincodes
- test pincode callable functions to get user pincodes
- test pincode accesses
add callable function to delete pincodes
- test pincode deletion

15/10/24

console.log vs logger function ?

10/10/24

pincodes child issues : old :

create pincode controller structure
generate pincode with constraints
generate docs when pincode created
get pincodes by user, building, and both
pincode firestore rules
update OSKAccessMethod
add pincode to access
update pincode accessMethod in iot endpoint
tests

new:

[s] generate pincodes with constraints
[s] create services and controller to add pincodes documents
[s] create pincodes documents when users are added
[s] add doors to pincodes documents
[t] tests if pincodes documents are created and contains all fields
[s] create services and controller to get pincodes
[s] add pincode to access - update OSKAccessMethod - update pincode accessMethod in iot endpoint
[t] write pincodes security rules
[t] test pincodes creation

09/10/24

what is the difference between ._set() and ._create() :
- why ._set() needs a creationDate timestamp and not ._create() ?
- what happens if we use ._create() and then ._set() to override ? will the creationDate be there ?
- when to use which one ?

07/10/24

in /workspace/functions/src/modules/core/modules/access/controllers/access_pincode.controller.ts is it ok to have export class OSKPincodeController extends OSKDocumentController<OSKBuildingPincodeDocument> { with a controller in core build on a controller in building ?
- yes
the function to check if code is uniq cannot prevent collisions, in its actual form
- ticket oppened, to do it with redis (FIR1-469)
should i use "this" instead of refering the class itself ?
i didnt get the .default very well so far
i didnt get exactly the distinction btwn controller and service for a document
- controller will directly call the database
i didnt get also the organization in modules, do they correspond to a collection in the database ?

20/09/24

documents non detruits quand les users sont detruits :

accesses
organizations
organizationInvitations
sentInvitations
invitations

documents detruits avec les users :

devices

19/09/24

questions pour greg:

dans quel cas utiliser le "retries(500)" ?
les rules ne semblent pas proteger quand on est admin, c'est normal ?
je ne pense pas avoir besoin de rajouter des indexes, puisque je n'utilise que le champ "accountDeletionDate"
scheduled functions not supported in emulator : https://github.com/firebase/firebase-tools/issues/2034

17/09/24

scheduler
tester rules
indexe

12/09/24

utiliser "confluence" de attlassian, une sorte de wiki utiliser le drive et les docs de google utiliser les app slacks pour recevoir les notifications

questions pour greg:

conventions de nommage et organisations des tests
tests update document beosins d'etre plus complets ?
pourquoi 2 types de timestamp differents, ex in :
- functions/src/modules/user/models/documents/user_document.model.ts
- test/src/specs/user/user_deletion.specs.ts
où se trouvent les dossiers sur le drive / docs ?

10/09/24 reu dev

framework auth fournit par google :

reauth , valider nouvel email ,

pour pouvoir customizer les emails il faudrait le faire soi-meme en backend, pas prioritaire pour l'instant

09/09/24 1rst day

installer slack
installer vscode (ou vscodium en open source)
regarder les firmware iot : le sdk est uniquement disponible sur les versions LTS
dev container : les repository vscode contiennent tous un dev container pour les dependances (genre image-magik)
apigee : api gateway (!= proxy) -> security
service account : gestion de token interne a google, entre les containers
gestion git : gitkraken ou source tree
utiliser chrome plutot que chromium ou firefox
install nerd font

creer un projet firebase en suivant tuto firestore et cloud functions
voir tuto sur codelab "local development with firebase"

test-firebase-6fe21
session id : 7D583

devcontainer ownership

inside the dev container, the user is vscode (1001), so outside the container the local user (asususus) cannot modify files, nor push or pull or anything
the solution is to give the user rights on the files, without changing them, by using ACL :
- sudo setfacl -R -m u:asususus:rwx ./firebase-oskey-dev : give recursive read+write+execute access to user asususus
- sudo setfacl -R -d -m u:asususus:rwx ./firebase-oskey-dev : set default acl access for all futur changes in the folder
- to remove : sudo setfacl -Rb ./firebase-oskey-dev

! previous method didn't worked very well

so instead, outside the container, i added my user asususus to the group 1001 piavpn :
- sudo usermod -aG piavpn asususus

github ssh

to connect to ssh from local machine, need to tell ssh to not use the ssh key it uses for personnal account github.com

to do that, create a config file and tells it to use another key when remote is 'github.com.oskey'

in ~/.ssh/config file:

	# gitHub personal account
	Host github.com
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_ed25519_github
	IdentitiesOnly yes

	# For GitHub work account
	Match host github.com exec "basename $(pwd)" == "firebase-oskey-dev"
		IdentityFile ~/.ssh/id_ed25519_hugo_oskeys

10 KiB Raw Blame History