Refactor authoritiesCache to append authorities for an account

src/authorities.ts

@@ -0,0 +1,6 @@
+export type AuthoritiesList = string[];
+
+export const AUTHORITIES = {
+  clear_account_cache: "cas.perm.clear_account_cache",
+  clear_all_accounts_cache: "cas.perm.clear_all_accounts_cache",
+};

src/config.ts

@@ -21,6 +21,7 @@ export default {
     expiration: process.env.JWT_EXPIRATION || "1h",
   },
   server: {
+    globalAuthoritiesScope: process.env.GLOBAL_AUTHORITIES_SCOPE || "global",
     port: process.env.PORT || 3000,
     depServers: process.env.DEP_SERVERS?.split(";") || [],
   },

src/routers.ts

@@ -9,11 +9,12 @@ import {
   clearAllAuthoritiesCache,
   clearAuthoritiesCacheForAccount,
   getAuthoritiesCacheForAccount,
-  setAuthoritiesCacheForAccount,
+  appendAuthoritiesCacheForAccount,
 } from "./utils/authoritiesCache";
 import { requireJwt } from "./middlewares";
 import { HealthCheckResponse } from "./types";
 import configuration from "./config";
+import { AUTHORITIES } from "./authorities";
 
 export function handleRoutes(app: Express) {
   app.get("/", (req: Request, res: Response) => {
@@ -118,10 +119,10 @@ export function handleRoutes(app: Express) {
       // get from request params
       const scope = req.query.scope as string;
 
-      let authorities = getAuthoritiesCacheForAccount(accountId);
+      let authorities = getAuthoritiesCacheForAccount(accountId, scope);
       if (!authorities) {
         authorities = await getAccountAuthoritiesById(accountId, scope);
-        setAuthoritiesCacheForAccount(accountId, authorities);
+        appendAuthoritiesCacheForAccount(accountId, authorities);
       }
 
       res.json({ authorities });
@@ -141,7 +142,9 @@ export function handleRoutes(app: Express) {
         currentAccountId,
         "cas"
       );
-      if (!currentAccountAuthorities.includes("cas.perm.clear_account_cache")) {
+      if (
+        !currentAccountAuthorities.includes(AUTHORITIES["clear_account_cache"])
+      ) {
         res.status(403).json({ message: "Insuffisent Permissions" });
         return;
       }
@@ -164,7 +167,9 @@ export function handleRoutes(app: Express) {
         "cas"
       );
       if (
-        !currentAccountAuthorities.includes("cas.perm.clear_all_accounts_cache")
+        !currentAccountAuthorities.includes(
+          AUTHORITIES["clear_all_accounts_cache"]
+        )
       ) {
         res.status(403).json({ message: "Insuffisent Permissions" });
         return;

src/utils/authoritiesCache.ts

@@ -1,17 +1,36 @@
 import NodeCache from "node-cache";
 import config from "../config";
+import { AuthoritiesList } from "../authorities";
 
 const authoritiesCache = new NodeCache({ stdTTL: config.cache.ttl });
 
-export function setAuthoritiesCacheForAccount(
+export function appendAuthoritiesCacheForAccount(
   accountId: string,
-  authorities: any
+  authorities: AuthoritiesList
 ) {
-  authoritiesCache.set(accountId, authorities);
+  const currentAuthorities = authoritiesCache.get(accountId) as AuthoritiesList;
+  if (currentAuthorities) {
+    authoritiesCache.set<AuthoritiesList>(accountId, [
+      ...currentAuthorities,
+      ...authorities,
+    ]);
+  } else {
+    authoritiesCache.set<AuthoritiesList>(accountId, authorities);
+  }
 }
 
-export function getAuthoritiesCacheForAccount(accountId: string) {
-  return authoritiesCache.get(accountId);
+export function getAuthoritiesCacheForAccount(
+  accountId: string,
+  scope: string
+) {
+  const authorities = authoritiesCache.get(accountId) as string[] | undefined;
+  if (!authorities) return undefined;
+  return authorities.filter((authority: string) => {
+    return (
+      authority.startsWith(scope) ||
+      authority.startsWith(config.server.globalAuthoritiesScope)
+    );
+  });
 }
 
 export function clearAuthoritiesCacheForAccount(accountId: string) {