Revert "[front] Allow multiple wrappers to run and fetch resources (#…

…9682)" (#9738) This reverts commit 4030dd0.
dust-tt · Jan 3, 2025 · 9fc6c81 · 9fc6c81
1 parent 6c3afac
commit 9fc6c81
Show file tree

Hide file tree

Showing 35 changed files with 302 additions and 472 deletions.
diff --git a/front/lib/api/resource_wrappers.ts b/front/lib/api/resource_wrappers.ts
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/[runId]/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/[runId]/index.ts
@@ -73,7 +73,7 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<RunAppResponseType>>,
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   const owner = auth.getNonNullableWorkspace();
 
@@ -145,5 +145,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, { space: { requireCanRead: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/index.ts
@@ -176,7 +176,7 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<RunAppResponseType>>,
   auth: Authenticator,
-  { space }: { space: SpaceResource },
+  space: SpaceResource,
   keyAuth: Authenticator
 ): Promise<void> {
   const owner = auth.getNonNullableWorkspace();
@@ -506,8 +506,7 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  // Check read on the workspace authenticator - for public space, everybody can read
-  withResourceFetchingFromRoute(handler, { space: { requireCanRead: true } }),
+  withResourceFetchingFromRoute(handler, "space"),
   {
     allowUserOutsideCurrentWorkspace: true,
   }

diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/apps/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/apps/index.ts
@@ -85,7 +85,7 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetAppsResponseType>>,
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   if (!space.canList(auth)) {
     return apiError(req, res, {
@@ -120,5 +120,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, { space: { requireCanList: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_source_views/[dsvId]/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_source_views/[dsvId]/index.ts
@@ -9,7 +9,8 @@ import { withPublicAPIAuthentication } from "@app/lib/api/auth_wrappers";
 import { handlePatchDataSourceView } from "@app/lib/api/data_source_view";
 import { withResourceFetchingFromRoute } from "@app/lib/api/resource_wrappers";
 import type { Authenticator } from "@app/lib/auth";
-import type { DataSourceViewResource } from "@app/lib/resources/data_source_view_resource";
+import { DataSourceViewResource } from "@app/lib/resources/data_source_view_resource";
+import type { SpaceResource } from "@app/lib/resources/space_resource";
 import { apiError } from "@app/logger/withlogging";
 
 /**
@@ -151,9 +152,35 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<DataSourceViewsResponseType>>,
   auth: Authenticator,
-  { dataSourceView }: { dataSourceView: DataSourceViewResource }
+  space: SpaceResource
 ): Promise<void> {
-  if (!dataSourceView.canList(auth)) {
+  const { dsvId } = req.query;
+  if (typeof dsvId !== "string") {
+    return apiError(req, res, {
+      status_code: 400,
+      api_error: {
+        type: "invalid_request_error",
+        message: "Invalid path parameters.",
+      },
+    });
+  }
+
+  const dataSourceView = await DataSourceViewResource.fetchById(auth, dsvId);
+  if (!dataSourceView || dataSourceView.space.sId !== space.sId) {
+    return apiError(req, res, {
+      status_code: 404,
+      api_error: {
+        type: "data_source_view_not_found",
+        message: "The data source view you requested was not found.",
+      },
+    });
+  }
+
+  if (
+    !dataSourceView ||
+    req.query.spaceId !== dataSourceView.space.sId ||
+    !dataSourceView.canList(auth)
+  ) {
     return apiError(req, res, {
       status_code: 404,
       api_error: {
@@ -228,7 +255,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, {
-    dataSourceView: { requireCanList: true },
-  })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_source_views/[dsvId]/search.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_source_views/[dsvId]/search.ts
@@ -9,7 +9,8 @@ import { withPublicAPIAuthentication } from "@app/lib/api/auth_wrappers";
 import { handleDataSourceSearch } from "@app/lib/api/data_sources";
 import { withResourceFetchingFromRoute } from "@app/lib/api/resource_wrappers";
 import type { Authenticator } from "@app/lib/auth";
-import type { DataSourceViewResource } from "@app/lib/resources/data_source_view_resource";
+import { DataSourceViewResource } from "@app/lib/resources/data_source_view_resource";
+import type { SpaceResource } from "@app/lib/resources/space_resource";
 import { apiError } from "@app/logger/withlogging";
 
 /**
@@ -151,9 +152,25 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<DataSourceSearchResponseType>>,
   auth: Authenticator,
-  { dataSourceView }: { dataSourceView: DataSourceViewResource }
+  space: SpaceResource
 ): Promise<void> {
-  if (!dataSourceView.canRead(auth)) {
+  const { dsvId } = req.query;
+  if (typeof dsvId !== "string") {
+    return apiError(req, res, {
+      status_code: 400,
+      api_error: {
+        type: "invalid_request_error",
+        message: "Invalid path parameters.",
+      },
+    });
+  }
+
+  const dataSourceView = await DataSourceViewResource.fetchById(auth, dsvId);
+  if (
+    !dataSourceView ||
+    dataSourceView.space.sId !== space.sId ||
+    !dataSourceView.canRead(auth)
+  ) {
     return apiError(req, res, {
       status_code: 404,
       api_error: {
@@ -226,7 +243,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, {
-    dataSourceView: { requireCanRead: true },
-  })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_source_views/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_source_views/index.ts
@@ -59,7 +59,7 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<DataSourceViewsListResponseType>>,
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   if (!space.canList(auth)) {
     return apiError(req, res, {
@@ -95,5 +95,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, { space: { requireCanList: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_sources/[dsId]/folders/[fId].ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_sources/[dsId]/folders/[fId].ts
@@ -31,7 +31,7 @@ async function handler(
     >
   >,
   auth: Authenticator,
-  { dataSource }: { dataSource: DataSourceResource }
+  dataSource: DataSourceResource
 ): Promise<void> {
   const { fId } = req.query;
 
@@ -59,16 +59,6 @@ async function handler(
 
   switch (req.method) {
     case "GET":
-      if (!dataSource.canList(auth)) {
-        return apiError(req, res, {
-          status_code: 404,
-          api_error: {
-            type: "data_source_not_found",
-            message: "The data source you requested was not found.",
-          },
-        });
-      }
-
       const docRes = await coreAPI.getDataSourceFolder({
         projectId: dataSource.dustAPIProjectId,
         dataSourceId: dataSource.dustAPIDataSourceId,
@@ -92,16 +82,6 @@ async function handler(
       return;
 
     case "POST":
-      if (!dataSource.canWrite(auth)) {
-        return apiError(req, res, {
-          status_code: 403,
-          api_error: {
-            type: "data_source_auth_error",
-            message: "You are not allowed to update data in this data source.",
-          },
-        });
-      }
-
       const r = UpsertDataSourceFolderRequestSchema.safeParse(req.body);
 
       if (r.error) {
@@ -173,16 +153,6 @@ async function handler(
       return;
 
     case "DELETE":
-      if (!dataSource.canWrite(auth)) {
-        return apiError(req, res, {
-          status_code: 403,
-          api_error: {
-            type: "data_source_auth_error",
-            message: "You are not allowed to update data in this data source.",
-          },
-        });
-      }
-
       const delRes = await coreAPI.deleteDataSourceFolder({
         projectId: dataSource.dustAPIProjectId,
         dataSourceId: dataSource.dustAPIDataSourceId,
@@ -220,7 +190,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, {
-    dataSource: { requireCanList: true },
-  })
+  withResourceFetchingFromRoute(handler, "dataSource")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_sources/[dsId]/folders/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_sources/[dsId]/folders/index.ts
@@ -19,7 +19,7 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetFoldersResponseType>>,
   auth: Authenticator,
-  { dataSource }: { dataSource: DataSourceResource }
+  dataSource: DataSourceResource
 ): Promise<void> {
   const coreAPI = new CoreAPI(config.getCoreAPIConfig(), logger);
   if (!auth.isSystemKey()) {
@@ -34,16 +34,6 @@ async function handler(
 
   switch (req.method) {
     case "GET":
-      if (!dataSource.canList(auth)) {
-        return apiError(req, res, {
-          status_code: 404,
-          api_error: {
-            type: "data_source_not_found",
-            message: "The data source you requested was not found.",
-          },
-        });
-      }
-
       const limit = req.query.limit ? parseInt(req.query.limit as string) : 10;
       const offset = req.query.offset
         ? parseInt(req.query.offset as string)
@@ -87,7 +77,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, {
-    dataSource: { requireCanList: true },
-  })
+  withResourceFetchingFromRoute(handler, "dataSource")
 );
diff --git a/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_sources/index.ts b/front/pages/api/v1/w/[wId]/spaces/[spaceId]/data_sources/index.ts
@@ -54,7 +54,7 @@ async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetDataSourcesResponseType>>,
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   const dataSources = await DataSourceResource.listBySpace(auth, space);
 
@@ -87,5 +87,5 @@ async function handler(
 }
 
 export default withPublicAPIAuthentication(
-  withResourceFetchingFromRoute(handler, { space: { requireCanList: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/datasets/[name]/index.ts b/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/datasets/[name]/index.ts
@@ -23,8 +23,9 @@ export type GetDatasetResponseBody = { dataset: DatasetType };
 async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetDatasetResponseBody>>,
+
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   const owner = auth.workspace();
   if (!owner) {
@@ -232,5 +233,5 @@ async function handler(
 }
 
 export default withSessionAuthenticationForWorkspace(
-  withResourceFetchingFromRoute(handler, { space: { requireCanRead: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/datasets/index.ts b/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/datasets/index.ts
@@ -50,8 +50,9 @@ async function handler(
   res: NextApiResponse<
     WithAPIErrorResponse<GetDatasetsResponseBody | PostDatasetResponseBody>
   >,
+
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   const { aId } = req.query;
   if (typeof aId !== "string") {
@@ -211,7 +212,5 @@ async function handler(
 }
 
 export default withSessionAuthenticationForWorkspace(
-  // Interacting with datasets requires write access to the app's space.
-  // Read permission is not enough as it's available to all space users (or everybody for public spaces)
-  withResourceFetchingFromRoute(handler, { space: { requireCanWrite: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/index.ts b/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/index.ts
@@ -25,8 +25,9 @@ const PatchAppBodySchema = t.type({
 async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetOrPostAppResponseBody>>,
+
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   const { aId } = req.query;
   if (typeof aId !== "string") {
@@ -134,5 +135,5 @@ async function handler(
 }
 
 export default withSessionAuthenticationForWorkspace(
-  withResourceFetchingFromRoute(handler, { space: { requireCanRead: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/.../pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/[runId]/blocks/[type]/[name]/index.ts b/.../pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/[runId]/blocks/[type]/[name]/index.ts
@@ -24,8 +24,9 @@ export type GetRunBlockResponseBody = {
 async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetRunBlockResponseBody>>,
+
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ): Promise<void> {
   const { aId } = req.query;
   if (typeof aId !== "string") {
@@ -107,7 +108,5 @@ async function handler(
 }
 
 export default withSessionAuthenticationForWorkspace(
-  // App block runs contain sensitive data and requires write access to the app's space.
-  // Read permission is not enough as it's available to all space users (or everybody for public spaces)
-  withResourceFetchingFromRoute(handler, { space: { requireCanWrite: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );
diff --git a/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/[runId]/status.ts b/front/pages/api/w/[wId]/spaces/[spaceId]/apps/[aId]/runs/[runId]/status.ts
@@ -18,8 +18,9 @@ export type GetRunStatusResponseBody = {
 async function handler(
   req: NextApiRequest,
   res: NextApiResponse<WithAPIErrorResponse<GetRunStatusResponseBody>>,
+
   auth: Authenticator,
-  { space }: { space: SpaceResource }
+  space: SpaceResource
 ) {
   const { aId } = req.query;
   if (typeof aId !== "string") {
@@ -108,5 +109,5 @@ async function handler(
 }
 
 export default withSessionAuthenticationForWorkspace(
-  withResourceFetchingFromRoute(handler, { space: { requireCanRead: true } })
+  withResourceFetchingFromRoute(handler, "space")
 );