feat: use an event emitter to invalidate caches

freakyfelt · freakyfelt · commit 032ac8d4face · 2023-03-04T11:05:57.000+01:00
diff --git a/lib/policy-resolver.ts b/lib/policy-resolver.ts
@@ -18,8 +18,8 @@ interface PolicyResolverOptions {
 }
 
 const DEFAULT_CACHE_OPTIONS: LRUCache.Options<string, CompiledFns<unknown>> = {
-  max: 1000
-}
+  max: 100,
+};
 
 type CompiledFns<TContext> = {
   can(ctx: TContext): boolean;
@@ -33,13 +33,14 @@ function hasAllPaths(statement: ParsedPolicyStatement, ctx: unknown) {
   if (typeof ctx !== "object" || ctx === null) {
     return false;
   }
-  return statement.contextPaths.every((path) =>
-    pathExists(ctx, path)
-  );
+  return statement.contextPaths.every((path) => pathExists(ctx, path));
 }
 
 export class PolicyResolver {
-  static fromDocuments(docs: PolicyDocument[], opts: PolicyResolverOptions = {}): PolicyResolver {
+  static fromDocuments(
+    docs: PolicyDocument[],
+    opts: PolicyResolverOptions = {}
+  ): PolicyResolver {
     const validator = new PolicyDocumentValidator();
 
     const statements = docs.flatMap((doc) => {
@@ -51,7 +52,10 @@ export class PolicyResolver {
     return this.fromStatements(statements, opts);
   }
 
-  static fromStatements(statements: PolicyStatement[], opts: PolicyResolverOptions = {}): PolicyResolver {
+  static fromStatements(
+    statements: PolicyStatement[],
+    opts: PolicyResolverOptions = {}
+  ): PolicyResolver {
     const parsed = statements.map((statement) =>
       parsePolicyStatement(statement)
     );
@@ -71,10 +75,12 @@ export class PolicyResolver {
     policyStore: PolicyStatementStore,
     opts: PolicyResolverOptions = {}
   ) {
-    this.#policyStore = policyStore;
     this.#allowedActions = opts.allowedActions ?? null;
     this.#parser = opts.parser ?? jsonLogic;
+
     this.#cache = new LRUCache({ ...DEFAULT_CACHE_OPTIONS, ...opts.cache });
+    this.#policyStore = policyStore;
+    this.#policyStore.on("updated", () => this.#cache.clear());
   }
 
   /**
@@ -137,18 +143,17 @@ export class PolicyResolver {
         return false;
       }
 
-      const isAllowed = allow.some((statement) => this.#apply(statement, ctx));
-      return isAllowed;
+      return allow.some((statement) => this.#apply(statement, ctx));
     };
 
     return { can, explain };
   }
 
-  #apply<TContext>(statement: ParsedPolicyStatement, ctx: TContext) {
+  #apply<TContext>(statement: ParsedPolicyStatement, ctx: TContext): boolean {
     if (!hasAllPaths(statement, ctx)) {
       return false;
     }
 
-    return this.#parser.apply({ or: [statement.constraint, false] }, ctx);
+    return this.#parser.apply(statement.constraint, ctx) === true;
   }
 }
diff --git a/lib/store/cached-statements-store.ts b/lib/store/cached-statements-store.ts
@@ -1,28 +1,45 @@
+import LRUCache from "lru-cache";
 import assert from "node:assert";
 import { ParsedPolicyStatement, SYM_SID } from "../parsed-policy-statement";
-import { PolicyStatementStore } from "./types";
+import { TypedEmitter } from "../utils/events";
 import { IndexedStatementsStore } from "./indexed-statements-store";
+import { PolicyStatementStore, StoreEvents } from "./types";
+
+interface CachedStoreOptions {
+  cache?: LRUCache.Options<string, string[]>;
+}
+
+const DEFAULT_CACHE_OPTIONS: LRUCache.Options<string, string[]> = {
+  max: 1000,
+};
 
 /**
  * Stores statements and allows for fetching matching statements by action
  */
-export class CachedStatementsStore implements PolicyStatementStore {
+export class CachedStatementsStore
+  extends TypedEmitter<StoreEvents>
+  implements PolicyStatementStore
+{
   #store: PolicyStatementStore;
-  #cache: Map<string, string[]>;
+  #cache: LRUCache<string, string[]>;
+
+  constructor(store?: PolicyStatementStore, opts: CachedStoreOptions = {}) {
+    super();
 
-  constructor(store?: PolicyStatementStore) {
+    this.#cache = new LRUCache({ ...DEFAULT_CACHE_OPTIONS, ...opts.cache });
     this.#store = store ?? new IndexedStatementsStore();
-    this.#cache = new Map();
+    this.#store.on("updated", (sids) => {
+      this.#cache.clear();
+      this.emit("updated", sids);
+    });
   }
 
   add(statement: ParsedPolicyStatement) {
     this.#store.add(statement);
-    this.#cache = new Map();
   }
 
   addAll(statements: ParsedPolicyStatement[]) {
     this.#store.addAll(statements);
-    this.#cache = new Map();
   }
 
   get(sid: string): ParsedPolicyStatement | undefined {
diff --git a/lib/store/indexed-statements-store.ts b/lib/store/indexed-statements-store.ts
@@ -1,9 +1,11 @@
 import assert from "node:assert";
 import { ParsedPolicyStatement, SYM_SID } from "../parsed-policy-statement";
+import { TypedEmitter } from "../utils/events";
 import {
   ParsedStatementsDB,
   ByActionIndex,
   PolicyStatementStore,
+  StoreEvents,
 } from "./types";
 
 type StatementsDBWithIndex = {
@@ -23,11 +25,16 @@ const createStatementsDB = (): StatementsDBWithIndex => ({
 /**
  * Stores statements and allows for fetching matching statements by action
  */
-export class IndexedStatementsStore implements PolicyStatementStore {
+export class IndexedStatementsStore
+  extends TypedEmitter<StoreEvents>
+  implements PolicyStatementStore
+{
   #statements: ParsedStatementsDB;
   #byAction: ByActionIndex;
 
   constructor(params?: StatementsDBWithIndex) {
+    super();
+
     const { statements, byAction } = params ?? createStatementsDB();
     this.#statements = statements;
     this.#byAction = byAction;
@@ -44,6 +51,7 @@ export class IndexedStatementsStore implements PolicyStatementStore {
       return sid;
     });
     this.#reindexAll(sids);
+    this.emit("updated", sids);
   }
 
   get(sid: string): ParsedPolicyStatement | undefined {
diff --git a/lib/store/types.ts b/lib/store/types.ts
@@ -1,4 +1,5 @@
 import { ParsedPolicyStatement } from "../parsed-policy-statement";
+import { Emitter } from "../utils/events";
 
 export type ParsedStatementsDB = Map<string, ParsedPolicyStatement>;
 
@@ -15,7 +16,12 @@ export interface ByActionIndex {
   regex: Array<[RegExp, string]>;
 }
 
-export interface PolicyStatementStore {
+export type StoreEvents = {
+  /** returns a list of sids that were updated */
+  updated: string[];
+};
+
+export interface PolicyStatementStore extends Emitter<StoreEvents> {
   add(statement: ParsedPolicyStatement): void;
   addAll(statements: ParsedPolicyStatement[]): void;
   get(sid: string): ParsedPolicyStatement | undefined;
diff --git a/lib/utils/events.ts b/lib/utils/events.ts
@@ -0,0 +1,27 @@
+import EventEmitter from "node:events";
+
+type EventMap = Record<string, unknown>;
+
+type EventKey<T extends EventMap> = string & keyof T;
+type EventReceiver<T> = (params: T) => void;
+
+export interface Emitter<T extends EventMap> {
+  on<K extends EventKey<T>>(eventName: K, fn: EventReceiver<T[K]>): void;
+  off<K extends EventKey<T>>(eventName: K, fn: EventReceiver<T[K]>): void;
+  emit<K extends EventKey<T>>(eventName: K, params: T[K]): void;
+}
+
+export class TypedEmitter<T extends EventMap> implements Emitter<T> {
+  private emitter = new EventEmitter();
+  on<K extends EventKey<T>>(eventName: K, fn: EventReceiver<T[K]>) {
+    this.emitter.on(eventName, fn);
+  }
+
+  off<K extends EventKey<T>>(eventName: K, fn: EventReceiver<T[K]>) {
+    this.emitter.off(eventName, fn);
+  }
+
+  emit<K extends EventKey<T>>(eventName: K, params: T[K]) {
+    this.emitter.emit(eventName, params);
+  }
+}
