more tests

ymc9 · ymc9 · commit 2ef2da0976a7 · 2024-05-05T20:32:59.000+08:00
diff --git a/packages/runtime/src/enhancements/policy/constraint-solver.ts b/packages/runtime/src/enhancements/policy/constraint-solver.ts
@@ -1,4 +1,4 @@
-import Logic, { Formula } from 'logic-solver';
+import Logic from 'logic-solver';
 import { match } from 'ts-pattern';
 import type {
     CheckerConstraint,
@@ -9,25 +9,41 @@ import type {
     VariableConstraint,
 } from '../types';
 
+/**
+ * A boolean constraint solver based on `logic-solver`.
+ */
 export class ConstraintSolver {
+    // a table for internalizing string literals
     private stringTable: string[] = [];
-    private variables: Map<string, Formula> = new Map<string, Formula>();
 
-    solve(constraint: CheckerConstraint): boolean {
+    // a map for storing variable names and their corresponding formulas
+    private variables: Map<string, Logic.Formula> = new Map<string, Logic.Formula>();
+
+    /**
+     * Check the satisfiability of the given constraint.
+     */
+    checkSat(constraint: CheckerConstraint): boolean {
+        // reset state
         this.stringTable = [];
-        this.variables = new Map<string, Formula>();
+        this.variables = new Map<string, Logic.Formula>();
 
+        // convert the constraint to a "logic-solver" formula
         const formula = this.buildFormula(constraint);
+
+        // solve the formula
         const solver = new Logic.Solver();
         solver.require(formula);
-        const solution = solver.solve();
-        if (solution) {
-            console.log('Solution:');
-            this.variables.forEach((v, k) => console.log(`\t${k}=${solution?.evaluate(v)}`));
-        } else {
-            console.log('No solution');
-        }
-        return !!solution;
+
+        // DEBUG:
+        // const solution = solver.solve();
+        // if (solution) {
+        //     console.log('Solution:');
+        //     this.variables.forEach((v, k) => console.log(`\t${k}=${solution?.evaluate(v)}`));
+        // } else {
+        //     console.log('No solution');
+        // }
+
+        return !!solver.solve();
     }
 
     private buildFormula(constraint: CheckerConstraint): Logic.Formula {
@@ -84,12 +100,15 @@ export class ConstraintSolver {
             .exhaustive();
     }
 
-    buildVariableFormula(constraint: VariableConstraint) {
-        return match(constraint.type)
-            .with('boolean', () => this.booleanVariable(constraint.name))
-            .with('number', () => this.intVariable(constraint.name))
-            .with('string', () => this.intVariable(constraint.name))
-            .exhaustive();
+    private buildVariableFormula(constraint: VariableConstraint) {
+        return (
+            match(constraint.type)
+                .with('boolean', () => this.booleanVariable(constraint.name))
+                .with('number', () => this.intVariable(constraint.name))
+                // strings are internalized and represented by their indices
+                .with('string', () => this.intVariable(constraint.name))
+                .exhaustive()
+        );
     }
 
     private buildValueFormula(constraint: ValueConstraint) {
@@ -105,6 +124,7 @@ export class ConstraintSolver {
             .when(
                 (v): v is string => typeof v === 'string',
                 (v) => {
+                    // internalize the string and use its index as formula representation
                     const index = this.stringTable.indexOf(v);
                     if (index === -1) {
                         this.stringTable.push(v);
@@ -132,12 +152,15 @@ export class ConstraintSolver {
         if (left.type !== right.type) {
             throw new Error(`Type mismatch in equality constraint: ${JSON.stringify(left)}, ${JSON.stringify(right)}`);
         }
-        const leftConstraint = this.buildFormula(left);
-        const rightConstraint = this.buildFormula(right);
+
+        const leftFormula = this.buildFormula(left);
+        const rightFormula = this.buildFormula(right);
         if (left.type === 'boolean' && right.type === 'boolean') {
-            return Logic.equiv(leftConstraint, rightConstraint);
+            // logical equivalence
+            return Logic.equiv(leftFormula, rightFormula);
         } else {
-            return Logic.equalBits(leftConstraint, rightConstraint);
+            // integer equality
+            return Logic.equalBits(leftFormula, rightFormula);
         }
     }
 
@@ -146,8 +169,6 @@ export class ConstraintSolver {
         right: ComparisonTerm,
         func: (left: Logic.Formula, right: Logic.Formula) => Logic.Formula
     ) {
-        const leftConstraint = this.buildFormula(left);
-        const rightConstraint = this.buildFormula(right);
-        return func(leftConstraint, rightConstraint);
+        return func(this.buildFormula(left), this.buildFormula(right));
     }
 }
diff --git a/packages/runtime/src/enhancements/policy/handler.ts b/packages/runtime/src/enhancements/policy/handler.ts
@@ -1451,6 +1451,8 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
         }
 
         if (fieldValues) {
+            // combine runtime filters with generated constraints
+
             const extraConstraints: CheckerConstraint[] = [];
             for (const [field, value] of Object.entries(fieldValues)) {
                 if (value === undefined) {
@@ -1463,12 +1465,14 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
 
                 const fieldInfo = requireField(this.modelMeta, this.model, field);
 
+                // relation and array fields are not supported
                 if (fieldInfo.isDataModel || fieldInfo.isArray) {
                     throw new Error(
                         `Providing filter for field "${field}" is not supported. Only scalar fields are allowed.`
                     );
                 }
 
+                // map field type to constraint type
                 const fieldType = match<string, 'number' | 'string' | 'boolean'>(fieldInfo.type)
                     .with(P.union('Int', 'BigInt', 'Float', 'Decimal'), () => 'number')
                     .with('String', () => 'string')
@@ -1479,13 +1483,24 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
                         );
                     });
 
+                // check value type
                 const valueType = typeof value;
                 if (valueType !== 'number' && valueType !== 'string' && valueType !== 'boolean') {
                     throw new Error(
-                        `Invalid value for field "${field}". Only number, string, boolean, or null is allowed.`
+                        `Invalid value type for field "${field}". Only number, string or boolean is allowed.`
                     );
                 }
 
+                if (fieldType !== valueType) {
+                    throw new Error(`Invalid value type for field "${field}". Expected "${fieldType}".`);
+                }
+
+                // check number validity
+                if (typeof value === 'number' && (!Number.isInteger(value) || value < 0)) {
+                    throw new Error(`Invalid value for field "${field}". Only non-negative integers are allowed.`);
+                }
+
+                // build a constraint
                 extraConstraints.push({
                     kind: 'eq',
                     left: { kind: 'variable', name: field, type: fieldType },
@@ -1494,11 +1509,13 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
             }
 
             if (extraConstraints.length > 0) {
+                // combine the constraints
                 constraint = { kind: 'and', children: [constraint, ...extraConstraints] };
             }
         }
 
-        return new ConstraintSolver().solve(constraint);
+        // check satisfiability
+        return new ConstraintSolver().checkSat(constraint);
     }
 
     //#endregion
diff --git a/packages/schema/src/plugins/enhancer/policy/constraint-transformer.ts b/packages/schema/src/plugins/enhancer/policy/constraint-transformer.ts
@@ -90,7 +90,15 @@ export class ConstraintTransformer {
 
     private transformLiteral(expr: LiteralExpr) {
         return match(expr.$type)
-            .with(NumberLiteral, () => this.value(expr.value.toString(), 'number'))
+            .with(NumberLiteral, () => {
+                const parsed = parseFloat(expr.value as string);
+                if (isNaN(parsed) || parsed < 0 || !Number.isInteger(parsed)) {
+                    // only non-negative integers are supported, for other cases,
+                    // transform into a free variable
+                    return this.nextVar('number');
+                }
+                return this.value(expr.value.toString(), 'number');
+            })
             .with(StringLiteral, () => this.value(`'${expr.value}'`, 'string'))
             .with(BooleanLiteral, () => this.value(expr.value.toString(), 'boolean'))
             .exhaustive();
diff --git a/tests/integration/tests/enhancements/with-policy/checker.test.ts b/tests/integration/tests/enhancements/with-policy/checker.test.ts
@@ -355,4 +355,77 @@ describe('Permission checker', () => {
             }
         );
     });
+
+    it('invalid filter', async () => {
+        const { enhance } = await loadSchema(
+            `
+            model Model {
+                id Int @id @default(autoincrement())
+                value Int
+                foo Foo?
+                d DateTime
+                
+                @@allow('read', value == 1)
+            }
+
+            model Foo {
+                id Int @id @default(autoincrement())
+                x Int
+                model Model @relation(fields: [modelId], references: [id])
+                modelId Int @unique
+            }
+            `
+        );
+
+        const db = enhance();
+        await expect(db.model.check('read', { foo: { x: 1 } })).rejects.toThrow(
+            `Providing filter for field "foo" is not supported. Only scalar fields are allowed.`
+        );
+        await expect(db.model.check('read', { d: new Date() })).rejects.toThrow(
+            `Providing filter for field "d" is not supported. Only number, string, and boolean fields are allowed.`
+        );
+        await expect(db.model.check('read', { value: null })).rejects.toThrow(
+            `Using "null" as filter value is not supported yet`
+        );
+        await expect(db.model.check('read', { value: {} })).rejects.toThrow(
+            'Invalid value type for field "value". Only number, string or boolean is allowed.'
+        );
+        await expect(db.model.check('read', { value: 'abc' })).rejects.toThrow(
+            'Invalid value type for field "value". Expected "number"'
+        );
+        await expect(db.model.check('read', { value: -1 })).rejects.toThrow(
+            'Invalid value for field "value". Only non-negative integers are allowed.'
+        );
+    });
+
+    it('float field ignored', async () => {
+        const { enhance } = await loadSchema(
+            `
+            model Model {
+                id Int @id @default(autoincrement())
+                value Float
+                @@allow('read', value == 1.1)
+            }
+            `
+        );
+        const db = enhance();
+        await expect(db.model.check('read')).toResolveTruthy();
+        await expect(db.model.check('read', { value: 1 })).toResolveTruthy();
+    });
+
+    it('float value ignored', async () => {
+        const { enhance } = await loadSchema(
+            `
+            model Model {
+                id Int @id @default(autoincrement())
+                value Int
+                @@allow('read', value > 1.1)
+            }
+            `
+        );
+        const db = enhance();
+        // await expect(db.model.check('read')).toResolveTruthy();
+        await expect(db.model.check('read', { value: 1 })).toResolveTruthy();
+        await expect(db.model.check('read', { value: 2 })).toResolveTruthy();
+    });
 });
