-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.php
More file actions
143 lines (126 loc) · 3.78 KB
/
main.php
File metadata and controls
143 lines (126 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
declare(strict_types=1);
/*
* lease_revocation — warehouse DB admin agent. Reads pre-granted;
* writes prompt operator. `lease.revoked` mid-flight drops the cache so
* the next call re-prompts.
*
* RFC §15.4 (permission challenge), §15.5 (lease lifecycle, revocation).
*/
require __DIR__ . '/../../vendor/autoload.php';
require __DIR__ . '/sql.php';
use Arcp\Client\ARCPClient;
use Arcp\Envelope\Envelope;
use Arcp\Errors\InvalidArgumentException;
use Arcp\Messages\Permissions\LeaseRevoked;
use function Arcp\Samples\LeaseRevocation\classify;
const PRE_GRANTED = [
'public.orders',
'public.customers',
'warehouse.fct_revenue_daily',
];
const READ_LEASE_SECONDS = 60 * 60;
const WRITE_LEASE_SECONDS = 5 * 60;
/**
* @return array{0: string, 1: \DateTimeImmutable} (lease_id, expires_at)
*/
function requestLease(
ARCPClient $client,
string $permission,
string $table,
string $operation,
int $seconds,
string $reason,
): array {
// Real impl: send `permission.request`, await `lease.granted` /
// `permission.deny`. PermissionDenyException raised on deny.
throw new \RuntimeException('not implemented');
}
/**
* @param array<string, array{0: string, 1: \DateTimeImmutable}> $leases keyed "table|op"
*/
function authorize(ARCPClient $client, string $sql, array &$leases): string
{
$klass = classify($sql);
if ($klass->tables === []) {
throw new InvalidArgumentException('no table referenced');
}
$op = $klass->op; // "read" / "write" / "ddl"
$seconds = $op === 'read' ? READ_LEASE_SECONDS : WRITE_LEASE_SECONDS;
$now = new \DateTimeImmutable('now');
foreach ($klass->tables as $table) {
$key = "{$table}|{$op}";
$cached = $leases[$key] ?? null;
if ($cached !== null && $cached[1] > $now) {
continue;
}
$leases[$key] = requestLease(
$client,
"db.{$op}",
$table,
$op,
$seconds,
sprintf('%s on %s: %s', strtoupper($op), $table, substr($sql, 0, 80)),
);
}
return $op;
}
/**
* @param array<string, array{0: string, 1: \DateTimeImmutable}> $leases
*/
function handleInbound(Envelope $env, array &$leases): void
{
$msg = $env->payload;
if ($msg instanceof LeaseRevoked) {
$lid = (string) $msg->leaseId;
foreach ($leases as $k => $v) {
if ($v[0] === $lid) {
unset($leases[$k]);
}
}
}
}
function main(): void
{
/** @var ARCPClient $client */
$client = elided(); // transport, identity, auth elided
/** @var array<string, array{0: string, 1: \DateTimeImmutable}> $leases */
$leases = [];
// Subscribe to lease lifecycle events; revocations drop cache entries.
$client->subscribe(
['types' => ['lease.revoked', 'lease.extended']],
static function (Envelope $env) use (&$leases): void {
handleInbound($env, $leases);
},
);
// Pre-grant the broad reads at session open. From here on, SELECT
// against these tables runs free.
foreach (PRE_GRANTED as $table) {
$leases["{$table}|read"] = requestLease(
$client,
'db.read',
$table,
'read',
READ_LEASE_SECONDS,
'bootstrap',
);
}
// SELECT — covered by the bootstrap lease.
authorize(
$client,
'SELECT count(*) FROM public.orders WHERE shipped_at::date = current_date - 1',
$leases,
);
// UPDATE — triggers permission.request; operator must approve.
authorize(
$client,
"UPDATE public.orders SET status='refunded' WHERE id=4812",
$leases,
);
$client->close();
}
function elided(): ARCPClient
{
throw new \RuntimeException('not implemented');
}
main();