placeos / models Goto Github PK

Emails are returned as md5 digests, this is insecure and a stronger hash function should be used.

A new model Tenant or Organization should be added.
For queries, we can overload queries on the ORM to ensure that the tenant's ID is included.

need to add a ? to this alias I think

• Implement a set of models
• Determine the simplest way to implement PlaceOS::Resource via Model.changes

Related Issues

• #71
• #72

This will allow the place-labs/resource abstraction to function in the same manner.

https://github.com/supabase/realtime

could use a ttl field with a unix epoch as these documents are automatically cleaned up once the TTL time is reached

When module attributes are updated, it appears that tls is incorrectly forced.

Is your feature request related to a problem? Please describe.
User emails are currently stripped and downcased when validating for uniqueness but persisted with case and surrounding whitespace preserved. This same normalisation is not applied elsewhere resulting in unexpected behaviour in other areas of the system.

An externally visible example of this is the rest-api users controller where interactions based on user email require a case matched version to be used.

Describe the solution you'd like
Perform consistent validation and matching of email address across all areas of the platform.

Describe alternatives you've considered
Performing ad-hoc normalisation either client side, or in other services. Centralising this here appears to be the least error prone approach

Additional context

• To conform with rfc5321 case of the address MUST be preserved for usage in actual emails.
• Some additional complexity also exists for how email_digest should be handled.
• Approach used in resolving this issue should also be matched in the auth user and staff-api guest models.

Add timezone field to zone model to allow frontends to more easily consume this commonly needed value.

Is your feature request related to a problem? Please describe.

Authority is a confusing term, where Domain is more reflective of the function of the models.

Describe the solution you'd like

Rename Authority to Domain

Additional context

This could be done during the migration to postgres in #71

Alternatively, a migration script could be written for RethinkDB.

Describe the bug

Errors identified in Module#merge_settings lack context

To Reproduce

Any exceptions caused by the merge process.
This could be the result of malformed YAML/JSON settings.

Expected behaviour

Raise a clear error. Ideally no error at all.

Additional context

The best solution would be validation of Settings#settings_string before save.

Currently, master is the only functional branch when referenced by a PlaceOS::Model::Repository.

A simple branch : String = "master" attribute will suffice.

The current setting merge behaviour prioritises keys that exist at higher encryption levels:

In many cases, it may be desirable for this behaviour to be inverted so that lower encryption levels take priority. An example of this would be applying a setting that forces usage of a development token, or temporary configuration change as this can be reverted through the removal of the overriding setting. In these cases an encrypted setting may not be as easily restored by a user without knowledge of the original value.

A conflicting view does exist where prioritising settings with higher encryption may help influence 'safer' user behaviours. In some cases though this may have the opposite effect, with users preferring to store everything at lower levels due to improved usability.

Is your feature request related to a problem? Please describe.

Being able to track the versioning of a model is useful, evidenced by the existing use case of Settings.
Metadata changes can introduce errors, and versions allow for simpler rollbacks.

Describe the solution you'd like

After #150, this should be as simple as including the module.

Additional context

• PlaceOS/backoffice will require an update to render version for Metadata @MrYuion

Objective: Add models to support asset manager feature.

Observe asset and consumable relation and best method of implementation.

Support User password confirmation validation.

User who last modified: last modified at and modified by.

Prevent the system getting into a state with no users.

The key field of repository is unused

Add a destroy relation from Authority to User

Describe the bug
Settings are currently validated by ensuring they contain any data that will not cause JSON/YAML parsing to fail but parsed as assumed YAML objects when reading. This results in some issues appearing in external usage contexts, such as merging setting during a driver load.

Your environment
9426c23

To Reproduce
Store scalar or array type, or simply "\n" in a setting. When running within a full instance, core logs will show:

level=[E] time=2021-08-11T11:37:31Z program=core source=place_os.resource message="failed to update module's settings" settings_id=sets-HsUXqFomQOC type=PlaceOS::Model::Settings handler=PlaceOS::Core::SettingsUpdate action=Created id=sets-HsUXqFomQOC module_id=mod-HsUMyxnbq84
Failed to merge module settings Failed to parse YAML settings:
 (PlaceOS::Core::ModuleError)
  from src/placeos-core/module_manager.cr:369:9 in 'start_payload'
  from src/placeos-core/module_manager.cr:168:65 in 'start_module'
  from src/placeos-core/module_manager.cr:199:37 in 'refresh_module'
  from src/placeos-core/settings_update.cr:36:14 in '_process_event'
  from /usr/share/crystal/src/primitives.cr:255:3 in 'run'
  from ???

Expected behavior
Validation should block this on save.

Additional context
There looks so be a bit of general inconsistency / looseness in how settings are handled. May be worth a general review and tidy so that a single form is used for persistence, the parsed to/from alternate encodings where required (e.g. based on contents of an Accept header in API requests).

The current implementation for app id generation is based off an MD5 of the redirect URI. This prevents the same URI from being used on multiple app registrations.

Given that apps now bind to authorities (domains) as the owner, there are use cases where having multiple apps sharing a redirect URI are required. An example of this would be a native app registered for access across multiple auth domains.

Currently, module_id is merged into the features field of the ControlSystem. Desired behaviour is to have the resolved name i.e. custom_name || name in the features string.

Simple after_save callback to check membership of the ControlSystem's modules for Logic Modules.

Hello!
Since I set the schedule of the CI job, I receive notifications every time the job runs.
If a Place employee could update this line, that would be very appreciated.
Thanks!

Describe the solution you'd like

• PlaceOS/init#56
• #163

Describe alternatives you've considered

The existing solution of storing the column as a String was sufficient until we needed to perform queries on the data.

Additional context

• Component of PlaceOS/rest-api#250

Alternatively, the field should be dropped in favour of fetching it from the DB.

This is also a symptom of the lack of joins in the ORM.

Add extended metadata fields to devices at a system level to include custom key:pair values to serve as a basic CMDB eg.
*install date
*serial number
*manufacturer

These could be fixed fields, but feel its easier to allow them to be custom pairs where the end user can set what data they want to store against a device.

Allow these fields to be included in dashboards or obtained via api for display in PowerBi reports or similar.

So the user editing doesn't have to be a system admin.
Similar to how staff-api deals with user permissions for say concierge access

Google doc on how permissions work

blocked by #183

Create a migration for existing deployments that migrates Settings::ParentType from an Integer backed enum to a String backed enum.

currently a simple metadata search locks up the database due to high CPU when there are 1000's of records (client with 24k records sees a 5minute denial of service)

Thinking we move metadata over to postgresql soon #165
possibly as part of staff api which also has metadata and some change hooks into rethinkdb, reverting the metadata field in rethink back to text

Then search operations can occur on staff API against a postgresql GIN index
https://cgi.cse.unsw.edu.au/~cs9315/20T1/postgresql/documentation/functions-json.html
https://medium.com/hackernoon/how-to-query-jsonb-beginner-sheet-cheat-4da3aa5082a3

Define a data model using Hermes. We'll potentially use a merkle tree for verification.

Ideally cloning private repos should be done via ssh, with keys added to the required repos only.

We need a way to either generate an ssh-key pair, or copy the public key of an existing pair, from backoffice.

Describe the bug

The separator in Edge authentication tokens, _, can cause issues when extracting the id and secret.

To Reproduce

Create an Edge with a _ in its id.

Is your feature request related to a problem? Please describe.

Model versions are present for Settings.
This mechanism can be generalised for use in other domain models.

Describe the solution you'd like

• Create a module PlaceOS::Model::Utilities::Versions that automatically adds version creation to a model.
• The history should only be retained for a default fo 20 changes.
• Ability to delete history elements should be discussed.

Describe alternatives you've considered

Hand-rolled versioning, see Settings model.