cratestack-macros 0.4.3

Rust-native schema-first framework for typed HTTP APIs, generated clients, and backend services.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

//! `@@allow(...)` attribute parsing — used to decide whether the
//! generated create handler needs an explicit `is_authenticated()`
//! preflight (when every create allow rule reduces to `auth() != null`).

use cratestack_core::Model;

pub(super) fn create_requires_authenticated_context(model: &Model) -> bool {
    let mut saw_create_allow = false;
    for attribute in &model.attributes {
        let Some((actions, expression)) = parse_model_allow_attribute(&attribute.raw) else {
            continue;
        };
        if !actions
            .iter()
            .any(|action| matches!(action.as_str(), "create" | "all"))
        {
            continue;
        }

        saw_create_allow = true;
        if normalize_policy_expression(&expression) != "auth()!=null" {
            return false;
        }
    }

    saw_create_allow
}

fn parse_model_allow_attribute(raw: &str) -> Option<(Vec<String>, String)> {
    let inner = raw
        .strip_prefix("@@allow(")?
        .strip_suffix(')')?
        .trim()
        .to_owned();
    let mut parts = split_policy_arguments(&inner);
    if parts.len() != 2 {
        return None;
    }
    let expression = parts.pop()?.trim().to_owned();
    let actions = trim_policy_string_literal(&parts.pop()?)?
        .split(',')
        .map(str::trim)
        .map(str::to_owned)
        .filter(|action| !action.is_empty())
        .collect::<Vec<_>>();

    Some((actions, expression))
}

fn split_policy_arguments(value: &str) -> Vec<String> {
    let mut parts = Vec::new();
    let mut current = String::new();
    let mut quote = None;
    let mut depth = 0usize;

    for character in value.chars() {
        match (quote, character) {
            (Some(active), candidate) if active == candidate => {
                quote = None;
                current.push(character);
            }
            (Some(_), _) => current.push(character),
            (None, '\'' | '"') => {
                quote = Some(character);
                current.push(character);
            }
            (None, '(') => {
                depth += 1;
                current.push(character);
            }
            (None, ')') => {
                depth = depth.saturating_sub(1);
                current.push(character);
            }
            (None, ',') if depth == 0 => {
                parts.push(current.trim().to_owned());
                current.clear();
            }
            _ => current.push(character),
        }
    }

    if !current.trim().is_empty() {
        parts.push(current.trim().to_owned());
    }

    parts
}

fn trim_policy_string_literal(value: &str) -> Option<&str> {
    value
        .strip_prefix('"')
        .and_then(|candidate| candidate.strip_suffix('"'))
        .or_else(|| {
            value
                .strip_prefix('\'')
                .and_then(|candidate| candidate.strip_suffix('\''))
        })
}

fn normalize_policy_expression(value: &str) -> String {
    value
        .chars()
        .filter(|character| !character.is_whitespace())
        .collect()
}