feat: 🔥 [EXL-72] support storing code configuration

support storing code configuration

apps/backend/package.json

@@ -29,21 +29,24 @@
 		"class-transformer": "0.5.1",
 		"class-validator": "0.13.2",
 		"googleapis": "108.0.1",
+		"js-yaml": "4.1.0",
 		"mixpanel": "0.17.0",
 		"nestjs-real-ip": "2.2.0",
 		"passport": "0.6.0",
 		"passport-github2": "0.1.12",
 		"passport-google-oauth20": "2.0.0",
 		"passport-jwt": "4.0.0",
 		"reflect-metadata": "0.1.13",
-		"rxjs": "7.5.7"
+		"rxjs": "7.5.7",
+		"vm2": "3.9.11"
 	},
 	"devDependencies": {
 		"@compodoc/compodoc": "1.1.19",
 		"@nestjs/cli": "9.1.5",
 		"@nestjs/schematics": "9.0.3",
 		"@nestjs/swagger": "6.1.3",
 		"@types/express": "4.17.14",
+		"@types/js-yaml": "4.0.5",
 		"@types/passport-github2": "1.2.5",
 		"@types/passport-google-oauth20": "2.0.11",
 		"@types/passport-jwt": "3.0.7",

apps/backend/src/models/file-type.ts

@@ -0,0 +1,5 @@
+export enum FileType {
+	Json,
+	Yaml,
+	Js,
+}

apps/backend/src/modules/database/inline-policy.service.ts

@@ -103,4 +103,8 @@ export class DBInlinePolicyService {
 
 		return document.configuration;
 	}
+
+	public async setCodeConfiguration(policyId: string, input: object | null) {
+		await this.prisma.inlinePolicy.update({ where: { id: policyId }, data: { configuration: input } });
+	}
 }

apps/backend/src/modules/user/modules/inline-policies/classes/set-code-configuration.dto.ts

@@ -0,0 +1,17 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEnum, IsString, MaxLength } from 'class-validator';
+
+import { IsNullable } from '@/decorators/is-nullable.decorator';
+import { FileType } from '@/models/file-type';
+
+export class SetCodeConfigurationDto {
+	@ApiProperty({ type: String, description: 'Code configuration', example: '{ root: true }' })
+	@IsString()
+	@IsNullable()
+	@MaxLength(1000)
+	readonly code!: string | null;
+
+	@ApiProperty({ enum: FileType, description: 'The file type' })
+	@IsEnum(FileType)
+	readonly type!: FileType;
+}

apps/backend/src/modules/user/modules/inline-policies/commands/contracts/set-code-configuration.contract.ts

@@ -0,0 +1,9 @@
+import type { FileType } from '@/models/file-type';
+
+export class SetCodeConfigurationContract {
+	constructor(
+		public readonly policyId: string,
+		public readonly code: string | null,
+		public readonly type: FileType,
+	) {}
+}

apps/backend/src/modules/user/modules/inline-policies/commands/handlers/index.ts

@@ -1,5 +1,11 @@
 import { DeleteHandler } from './delete.handler';
 import { EditLabelHandler } from './edit-label.handler';
+import { SetCodeConfigurationHandler } from './set-code-configuration.handler';
 import { SetFileListHandler } from './set-file-list.handler';
 
-export const CommandHandlers = [EditLabelHandler, DeleteHandler, SetFileListHandler];
+export const CommandHandlers = [
+	EditLabelHandler,
+	DeleteHandler,
+	SetFileListHandler,
+	SetCodeConfigurationHandler,
+];

apps/backend/src/modules/user/modules/inline-policies/commands/handlers/set-code-configuration.handler.ts

@@ -0,0 +1,17 @@
+import { CommandHandler, type ICommandHandler } from '@nestjs/cqrs';
+
+import { DBInlinePolicyService } from '@/modules/database/inline-policy.service';
+
+import { SetCodeConfigurationContract } from '../contracts/set-code-configuration.contract';
+import { parseInput } from '../../utils/parsers';
+
+@CommandHandler(SetCodeConfigurationContract)
+export class SetCodeConfigurationHandler implements ICommandHandler<SetCodeConfigurationContract> {
+	constructor(private readonly dbInlinePolicyService: DBInlinePolicyService) {}
+
+	async execute(contract: SetCodeConfigurationContract) {
+		const parsedCodeInput = parseInput(contract.code, contract.type);
+
+		await this.dbInlinePolicyService.setCodeConfiguration(contract.policyId, parsedCodeInput);
+	}
+}

apps/backend/src/modules/user/modules/inline-policies/create.controller.ts

@@ -43,7 +43,7 @@ export class CreateController {
 		type: CreateResponse,
 	})
 	@ApiUnauthorizedResponse({
-		description: 'If access token is missing or invalid',
+		description: 'If access token is missing or invalid, or group does not belong to user',
 	})
 	@ApiInternalServerErrorResponse({ description: 'If failed to create inline policy' })
 	@UseGuards(BelongingGroupGuard)

apps/backend/src/modules/user/modules/inline-policies/get-configuration.controller.ts

@@ -31,7 +31,7 @@ export class GetConfigurationController {
 		type: GetConfigurationResponse,
 	})
 	@ApiUnauthorizedResponse({
-		description: 'If access token is missing or invalid',
+		description: 'If access token is missing or invalid, or policy does not belong to user',
 	})
 	@ApiInternalServerErrorResponse({ description: 'If failed to get the configuration' })
 	@UseGuards(BelongingInlinePolicyGuard)

apps/backend/src/modules/user/modules/inline-policies/get-file-list.controller.ts

@@ -31,7 +31,7 @@ export class GetFileListController {
 		type: GetFileListResponse,
 	})
 	@ApiUnauthorizedResponse({
-		description: 'If access token is missing or invalid',
+		description: 'If access token is missing or invalid, or policy does not belong to user',
 	})
 	@ApiInternalServerErrorResponse({ description: 'If failed to get the file list' })
 	@UseGuards(BelongingInlinePolicyGuard)

apps/backend/src/modules/user/modules/inline-policies/get-libraries.controller.ts

@@ -31,7 +31,7 @@ export class GetLibrariesController {
 		type: GetLibrariesResponse,
 	})
 	@ApiUnauthorizedResponse({
-		description: 'If access token is invalid or missing',
+		description: 'If access token is invalid or missing, or group does not belong to user',
 	})
 	@UseGuards(BelongingGroupGuard)
 	@Get(Routes.GET_LIBRARIES)

apps/backend/src/modules/user/modules/inline-policies/inline-policies.module.ts

@@ -16,6 +16,7 @@ import { DeleteController } from './delete.controller';
 import { SetFileListController } from './set-file-list.controller';
 import { GetFileListController } from './get-file-list.controller';
 import { GetConfigurationController } from './get-configuration.controller';
+import { SetCodeConfigurationController } from './set-code-configuration.controller';
 
 @Module({
 	imports: [CqrsModule],
@@ -29,6 +30,7 @@ import { GetConfigurationController } from './get-configuration.controller';
 		SetFileListController,
 		GetFileListController,
 		GetConfigurationController,
+		SetCodeConfigurationController,
 	],
 	providers: [
 		BelongingInlinePolicyGuard,

apps/backend/src/modules/user/modules/inline-policies/inline-policies.routes.ts

@@ -9,6 +9,7 @@ const Routes = {
 	SET_FILE_LIST: 'file-list/:policy_id',
 	GET_FILE_LIST: 'file-list/:policy_id/:file_list_type',
 	GET_CONFIGURATION: 'configuration/:policy_id',
+	SET_CODE_CONFIGURATION: 'code-configuration/:policy_id',
 };
 
 export default Routes;

apps/backend/src/modules/user/modules/inline-policies/set-code-configuration.controller.ts

@@ -0,0 +1,57 @@
+import { Body, Controller, HttpCode, HttpStatus, Logger, Param, Patch, UseGuards } from '@nestjs/common';
+import { CommandBus } from '@nestjs/cqrs';
+import {
+	ApiBearerAuth,
+	ApiInternalServerErrorResponse,
+	ApiOkResponse,
+	ApiOperation,
+	ApiTags,
+	ApiUnauthorizedResponse,
+} from '@nestjs/swagger';
+
+import { CurrentUserId } from '@/decorators/current-user-id.decorator';
+
+import Routes from './inline-policies.routes';
+import { BelongingInlinePolicyGuard } from './guards/belonging-inline-policy.guard';
+import { SetCodeConfigurationDto } from './classes/set-code-configuration.dto';
+import { SetCodeConfigurationContract } from './commands/contracts/set-code-configuration.contract';
+
+@ApiTags('Inline Policies')
+@Controller(Routes.CONTROLLER)
+export class SetCodeConfigurationController {
+	private readonly logger = new Logger(SetCodeConfigurationController.name);
+
+	constructor(private readonly commandBus: CommandBus) {}
+
+	@ApiOperation({ description: "Set policy's configuration using a code" })
+	@ApiBearerAuth('access-token')
+	@ApiOkResponse({ description: 'If successfully set configuration of the policy' })
+	@ApiUnauthorizedResponse({
+		description: 'If access token is either missing or invalid, or policy does not belong to user',
+	})
+	@ApiInternalServerErrorResponse({ description: 'If failed to set configuration of the policy' })
+	@UseGuards(BelongingInlinePolicyGuard)
+	@Patch(Routes.SET_CODE_CONFIGURATION)
+	@HttpCode(HttpStatus.OK)
+	public async setCodeConfiguration(
+		@CurrentUserId() userId: string,
+		@Body() setCodeConfigurationDto: SetCodeConfigurationDto,
+		@Param('policy_id') policyId: string,
+	): Promise<void> {
+		this.logger.log(
+			`Will try to set a policy's configuration with an ID: "${policyId}" for a user with an ID: "${userId}"`,
+		);
+
+		await this.commandBus.execute<SetCodeConfigurationContract, void>(
+			new SetCodeConfigurationContract(
+				policyId,
+				setCodeConfigurationDto.code,
+				setCodeConfigurationDto.type,
+			),
+		);
+
+		this.logger.log(
+			`Successfully set a policy configuration an ID: "${policyId}" for a user with an Id: "${userId}"`,
+		);
+	}
+}

apps/backend/src/modules/user/modules/inline-policies/set-file-list.controller.ts

@@ -29,7 +29,7 @@ export class SetFileListController {
 		description: 'If set the file list successfully',
 	})
 	@ApiUnauthorizedResponse({
-		description: 'If access token is missing or invalid',
+		description: 'If access token is missing or invalid, or policy does not belong to user',
 	})
 	@ApiInternalServerErrorResponse({ description: 'If failed to set the file list' })
 	@UseGuards(BelongingInlinePolicyGuard)

apps/backend/src/modules/user/modules/inline-policies/utils/parsers.ts

@@ -0,0 +1,86 @@
+import { BadRequestException } from '@nestjs/common';
+import yaml from 'js-yaml';
+import { VM } from 'vm2';
+
+import { FileType } from '@/models/file-type';
+
+const nodeVirtualMachine = new VM({ sandbox: { module: {} } });
+
+/**
+ * The function receives a JSON-like input and parse it to an object
+ * @param input the input to parse
+ * @returns parsed object
+ */
+const parseJson = (input: string) => {
+	try {
+		const parsedObject = JSON.parse(input);
+
+		if (typeof parsedObject !== 'object') {
+			throw new BadRequestException();
+		}
+
+		return parsedObject as object;
+	} catch {
+		throw new BadRequestException();
+	}
+};
+
+/**
+ * The function receives a YAML-like input and parse it to an object
+ * @param input the input to parse
+ * @returns parsed object
+ */
+const parseYaml = (input: string) => {
+	try {
+		const parsedObject = yaml.load(input);
+
+		if (typeof parsedObject !== 'object') {
+			throw new BadRequestException();
+		}
+
+		return parsedObject as object;
+	} catch {
+		throw new BadRequestException();
+	}
+};
+
+/**
+ * The function receives a commonJs-exported-like input and parse it to an object
+ * @param input the input to parse
+ * @returns parsed object
+ */
+const parseJs = (input: string) => {
+	try {
+		const parsedObject = nodeVirtualMachine.run(input);
+
+		if (typeof parsedObject !== 'object') {
+			throw new BadRequestException();
+		}
+
+		return parsedObject as object;
+	} catch {
+		throw new BadRequestException();
+	}
+};
+
+/**
+ * The function receives an input (string, or null) and parses it to an object (or null if received null)
+ * @param input the input to parse
+ * @param type the representation type of the input
+ * @returns parsed object
+ */
+export const parseInput = (input: string | null, type: FileType) => {
+	if (input === null) {
+		return null;
+	}
+
+	if (type === FileType.Json) {
+		return parseJson(input);
+	}
+
+	if (type === FileType.Yaml) {
+		return parseYaml(input);
+	}
+
+	return parseJs(input);
+};

apps/frontend/src/components/containers/Policy/Configurations/Configuration/Code/Code.tsx

@@ -18,7 +18,7 @@ const Code: React.FC<IProps> = () => {
 	const [selectedFileTypeIndexState, setSelectedFileTypeIndexState] = useState<number>(0);
 
 	const isSaveChangesDisabled = useMemo(
-		() => (codeInServerState ?? '') === codeInputState,
+		() => (codeInServerState ?? '') === (codeInputState ?? ''),
 		[codeInServerState, codeInputState],
 	);
 
@@ -51,7 +51,7 @@ const Code: React.FC<IProps> = () => {
 		backendApi
 			.patch(`/user/inline-policies/code-configuration/${params.policyId}`, {
 				code: codeInputState,
-				type: selectedFileTypeValue,
+				type: selectedFileTypeValue.value,
 			})
 			.then(() => setCodeInServerState(() => codeInputState))
 			.catch(() => {

apps/frontend/src/components/ui/EDConfigCode/EDConfigCode.view.tsx

@@ -65,7 +65,7 @@ const EDConfigCodeView: React.FC<IProps> = (props: React.PropsWithChildren<IProp
 	}
 
 	return (
-		<div className={classes['container']}>
+		<form className={classes['container']} onSubmit={props.onSubmit}>
 			<div className={classes['actionContainer']}>
 				<span className={classes['actionContainer__instruction']}>
 					{t('configCode.fileType')}
@@ -99,7 +99,7 @@ const EDConfigCodeView: React.FC<IProps> = (props: React.PropsWithChildren<IProp
 				extensions={[chosenExtension]}
 				onChange={(value) => props.onInputChange(value)}
 			/>
-		</div>
+		</form>
 	);
 };