From 7adb57d8bd0f9ec0b0df081079d58403406160da Mon Sep 17 00:00:00 2001 From: "Mark A. Matney, Jr" Date: Wed, 7 Jun 2023 13:47:53 -0700 Subject: [PATCH] Allow requests from all client origins to obtain access cookie (#51) --- pom.xml | 2 +- .../library/iiif/auth/CookieJsonKeys.java | 8 +-- .../ucla/library/iiif/auth/TemplateKeys.java | 5 -- .../auth/handlers/AccessCookieHandler.java | 46 +++++---------- .../auth/services/AccessCookieService.java | 3 +- .../services/AccessCookieServiceImpl.java | 6 +- .../iiif/auth/services/DatabaseService.java | 17 ------ .../auth/services/DatabaseServiceImpl.java | 34 ----------- src/main/resources/templates/cookie.hbs | 8 +-- .../iiif/auth/handlers/AbstractHandlerIT.java | 3 +- .../auth/handlers/AccessCookieHandlerIT.java | 23 -------- .../services/AccessCookieServiceTest.java | 15 ++--- .../iiif/auth/services/DatabaseServiceIT.java | 58 ------------------- src/test/resources/db/authzdb.sql | 41 ------------- 14 files changed, 27 insertions(+), 242 deletions(-) diff --git a/pom.xml b/pom.xml index 45838d4..3d6cc65 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ 3.3.0 1.0.1 1.15 - 4.3.8 + 4.4.2 3.1.0 diff --git a/src/main/java/edu/ucla/library/iiif/auth/CookieJsonKeys.java b/src/main/java/edu/ucla/library/iiif/auth/CookieJsonKeys.java index 1a31be0..f91d7b5 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/CookieJsonKeys.java +++ b/src/main/java/edu/ucla/library/iiif/auth/CookieJsonKeys.java @@ -19,8 +19,7 @@ * 
  * {
  *   "clientIpAddress": "127.0.0.1",
- *   "campusNetwork": false,
- *   "degradedAllowed": true
+ *   "campusNetwork": false
  * }
  *
*/ @@ -51,11 +50,6 @@ public final class CookieJsonKeys { */ public static final String CAMPUS_NETWORK = "campusNetwork"; - /** - * The JSON key for whether degraded content is available at the origin for which the cookie applies. - */ - public static final String DEGRADED_ALLOWED = "degradedAllowed"; - /** * Private constructor for utility class. */ diff --git a/src/main/java/edu/ucla/library/iiif/auth/TemplateKeys.java b/src/main/java/edu/ucla/library/iiif/auth/TemplateKeys.java index 6175331..ed088a4 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/TemplateKeys.java +++ b/src/main/java/edu/ucla/library/iiif/auth/TemplateKeys.java @@ -21,11 +21,6 @@ public final class TemplateKeys { */ public static final String CLIENT_IP_ADDRESS = "clientIpAddress"; - /** - * The degraded allowed key. - */ - public static final String DEGRADED_ALLOWED = "degradedAllowed"; - /** * The window close delay key. */ diff --git a/src/main/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandler.java b/src/main/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandler.java index 54eea89..cbdb0f9 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandler.java +++ b/src/main/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandler.java @@ -20,14 +20,12 @@ import edu.ucla.library.iiif.auth.Param; import edu.ucla.library.iiif.auth.TemplateKeys; import edu.ucla.library.iiif.auth.services.AccessCookieService; -import edu.ucla.library.iiif.auth.services.DatabaseService; import edu.ucla.library.iiif.auth.utils.MediaType; import info.freelibrary.util.HTTP; import info.freelibrary.util.Logger; import info.freelibrary.util.LoggerFactory; -import io.vertx.core.Future; import io.vertx.core.Handler; import io.vertx.core.Vertx; import io.vertx.core.http.Cookie; @@ -56,11 +54,6 @@ public class AccessCookieHandler implements Handler { */ private final JsonObject myConfig; - /** - * The service proxy for accessing the database. - */ - private final DatabaseService myDatabaseServiceProxy; - /** * The template engine for rendering the response. */ @@ -94,7 +87,6 @@ public class AccessCookieHandler implements Handler { */ public AccessCookieHandler(final Vertx aVertx, final JsonObject aConfig) { myConfig = aConfig; - myDatabaseServiceProxy = DatabaseService.createProxy(aVertx); myHtmlTemplateEngine = HandlebarsTemplateEngine.create(aVertx); myCampusNetworkSubnets = new Cidr4Trie<>(); myAccessCookieService = AccessCookieService.createProxy(aVertx); @@ -136,32 +128,26 @@ public void handle(final RoutingContext aContext) { isOnCampusNetwork = isOnNetwork(clientIpAddress, myCampusNetworkSubnets); - myDatabaseServiceProxy.getDegradedAllowed(origin.toString()).compose(isDegradedAllowed -> { - final Future cookieGeneration = myAccessCookieService.generateCookie(clientIpAddress.getAddress(), - isOnCampusNetwork, isDegradedAllowed); - - return cookieGeneration.compose(cookieValue -> { - final Cookie cookie = - Cookie.cookie(CookieNames.HAUTH, cookieValue).setSameSite(CookieSameSite.NONE).setSecure(true); + myAccessCookieService.generateCookie(clientIpAddress.getAddress(), isOnCampusNetwork).compose(cookieValue -> { + final Cookie cookie = + Cookie.cookie(CookieNames.HAUTH, cookieValue).setSameSite(CookieSameSite.NONE).setSecure(true); - // Along with the origin, pass all the cookie data to the HTML template - final JsonObject templateData = new JsonObject().put(TemplateKeys.ORIGIN, origin) - .put(TemplateKeys.VERSION, myConfig.getString(Config.HAUTH_VERSION)) - .put(TemplateKeys.CLIENT_IP_ADDRESS, clientIpAddress) - .put(TemplateKeys.CAMPUS_NETWORK, isOnCampusNetwork) - .put(TemplateKeys.DEGRADED_ALLOWED, isDegradedAllowed); + // Along with the origin, pass all the cookie data to the HTML template + final JsonObject templateData = new JsonObject().put(TemplateKeys.ORIGIN, origin) + .put(TemplateKeys.VERSION, myConfig.getString(Config.HAUTH_VERSION)) + .put(TemplateKeys.CLIENT_IP_ADDRESS, clientIpAddress) + .put(TemplateKeys.CAMPUS_NETWORK, isOnCampusNetwork); - myWindowCloseDelay.ifPresent(delay -> { - if (delay >= 0) { - templateData.put(TemplateKeys.WINDOW_CLOSE_DELAY, delay); - } - }); - myCookieDomain.ifPresent(cookie::setDomain); + myWindowCloseDelay.ifPresent(delay -> { + if (delay >= 0) { + templateData.put(TemplateKeys.WINDOW_CLOSE_DELAY, delay); + } + }); + myCookieDomain.ifPresent(cookie::setDomain); - response.addCookie(cookie); + response.addCookie(cookie); - return myHtmlTemplateEngine.render(templateData, "templates/cookie.hbs"); - }); + return myHtmlTemplateEngine.render(templateData, "templates/cookie.hbs"); }).onSuccess(renderedHtmlTemplate -> { response.setStatusCode(HTTP.OK).end(renderedHtmlTemplate); }).onFailure(error -> { diff --git a/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieService.java b/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieService.java index 1dec6f8..53c9d44 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieService.java +++ b/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieService.java @@ -60,11 +60,10 @@ static AccessCookieService createProxy(final Vertx aVertx) { * * @param aClientIpAddress The IP address of the client * @param aIsOnCampusNetwork If the client is on a campus network subnet - * @param aIsDegradedAllowed If the origin allows degraded access to content * @return A Future that resolves to a value that can be used to create a cookie with * {@link Cookie#cookie(String, String)} */ - Future generateCookie(String aClientIpAddress, boolean aIsOnCampusNetwork, boolean aIsDegradedAllowed); + Future generateCookie(String aClientIpAddress, boolean aIsOnCampusNetwork); /** * Decrypts an access cookie value. diff --git a/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceImpl.java b/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceImpl.java index 69612b1..0431069 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceImpl.java +++ b/src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceImpl.java @@ -166,11 +166,9 @@ public Future close() { } @Override - public Future generateCookie(final String aClientIpAddress, final boolean aIsOnCampusNetwork, - final boolean aIsDegradedAllowed) { + public Future generateCookie(final String aClientIpAddress, final boolean aIsOnCampusNetwork) { final JsonObject cookieData = new JsonObject().put(CookieJsonKeys.CLIENT_IP_ADDRESS, aClientIpAddress) - .put(CookieJsonKeys.CAMPUS_NETWORK, aIsOnCampusNetwork) - .put(CookieJsonKeys.DEGRADED_ALLOWED, aIsDegradedAllowed); + .put(CookieJsonKeys.CAMPUS_NETWORK, aIsOnCampusNetwork); final byte[] encryptedCookieData; final JsonObject unencodedCookie; final String cookie; diff --git a/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseService.java b/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseService.java index 46e403a..46fcd28 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseService.java +++ b/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseService.java @@ -76,21 +76,4 @@ static DatabaseService createProxy(final Vertx aVertx) { * @return A Future that resolves once the items have been set */ Future setItems(JsonArray aItems); - - /** - * Gets the "degraded allowed" for content hosted at the given origin. - * - * @param aOrigin The origin - * @return A Future that resolves to the degraded allowed once it's been fetched - */ - Future getDegradedAllowed(String aOrigin); - - /** - * Sets the given "degraded allowed" for content hosted at the given origin. - * - * @param aOrigin The origin - * @param aDegradedAllowed The degraded allowed to set for the origin - * @return A Future that resolves once the degraded allowed has been set - */ - Future setDegradedAllowed(String aOrigin, boolean aDegradedAllowed); } diff --git a/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseServiceImpl.java b/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseServiceImpl.java index 6605f6a..b50008b 100644 --- a/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseServiceImpl.java +++ b/src/main/java/edu/ucla/library/iiif/auth/services/DatabaseServiceImpl.java @@ -61,17 +61,6 @@ public class DatabaseServiceImpl implements DatabaseService { private static final String UPSERT_ACCESS_MODE = String.join(SPACE, "INSERT INTO items VALUES ($1, $2)", "ON CONFLICT (uid) DO", "UPDATE SET access_mode = EXCLUDED.access_mode"); - /** - * The PreparedQuery template for selecting an origin's "degraded allowed". - */ - private static final String SELECT_DEGRADED_ALLOWED = "SELECT degraded_allowed FROM origins WHERE url = $1"; - - /** - * The PreparedQuery template for upserting an origin's "degraded allowed". - */ - private static final String UPSERT_DEGRADED_ALLOWED = String.join(SPACE, "INSERT INTO origins VALUES ($1, $2)", - "ON CONFLICT (url) DO", "UPDATE SET degraded_allowed = EXCLUDED.degraded_allowed"); - /** * The database's default hostname. */ @@ -163,29 +152,6 @@ public Future setItems(final JsonArray aItems) { }).compose(result -> Future.succeededFuture()); } - @Override - public Future getDegradedAllowed(final String aOrigin) { - return myDbConnectionPool.withConnection(connection -> { - return connection.preparedQuery(SELECT_DEGRADED_ALLOWED).execute(Tuple.of(aOrigin)); - }).recover(error -> { - return Future.failedFuture(new ServiceException(INTERNAL_ERROR, error.getMessage())); - }).compose(select -> { - if (hasSingleRow(select)) { - return Future.succeededFuture(select.iterator().next().getBoolean("degraded_allowed")); - } - return Future.failedFuture(new ServiceException(NOT_FOUND_ERROR, aOrigin)); - }); - } - - @Override - public Future setDegradedAllowed(final String aOrigin, final boolean aDegradedAllowed) { - return myDbConnectionPool.withConnection(connection -> { - return connection.preparedQuery(UPSERT_DEGRADED_ALLOWED).execute(Tuple.of(aOrigin, aDegradedAllowed)); - }).recover(error -> { - return Future.failedFuture(new ServiceException(INTERNAL_ERROR, error.getMessage())); - }).compose(result -> Future.succeededFuture()); - } - /** * Gets the options for the database connection pool. * diff --git a/src/main/resources/templates/cookie.hbs b/src/main/resources/templates/cookie.hbs index 08b1c61..5ff7f73 100644 --- a/src/main/resources/templates/cookie.hbs +++ b/src/main/resources/templates/cookie.hbs @@ -11,13 +11,7 @@ hosted at: {{origin}}

- {{#if degradedAllowed}} - Degraded versions of the content are accessible - {{else}} - The content is not accessible - {{/if}} - - to users outside of the Campus Network. + Degraded versions of the content are accessible to users outside of the Campus Network.

Your current IP address: {{clientIpAddress}} diff --git a/src/test/java/edu/ucla/library/iiif/auth/handlers/AbstractHandlerIT.java b/src/test/java/edu/ucla/library/iiif/auth/handlers/AbstractHandlerIT.java index e66fce0..e217650 100644 --- a/src/test/java/edu/ucla/library/iiif/auth/handlers/AbstractHandlerIT.java +++ b/src/test/java/edu/ucla/library/iiif/auth/handlers/AbstractHandlerIT.java @@ -149,8 +149,7 @@ public void setUp(final Vertx aVertx, final VertxTestContext aContext) { final DatabaseService db = DatabaseService.create(aVertx, config); @SuppressWarnings("rawtypes") final List dbOps = List.of(db.setAccessMode(TEST_ID_OPEN_ACCESS, 0), - db.setAccessMode(TEST_ID_TIERED_ACCESS, 1), db.setAccessMode(TEST_ID_ALL_OR_NOTHING_ACCESS, 2), - db.setDegradedAllowed(TEST_ORIGIN, true)); + db.setAccessMode(TEST_ID_TIERED_ACCESS, 1), db.setAccessMode(TEST_ID_ALL_OR_NOTHING_ACCESS, 2)); myConfig = config; myWebClient = WebClient.create(aVertx); diff --git a/src/test/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandlerIT.java b/src/test/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandlerIT.java index 8053965..15406e5 100644 --- a/src/test/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandlerIT.java +++ b/src/test/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandlerIT.java @@ -14,7 +14,6 @@ import io.netty.handler.codec.http.cookie.DefaultCookie; import org.jsoup.Jsoup; -import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ValueSource; @@ -83,26 +82,4 @@ public void testGetCookie(final boolean aReverseProxyDeployment, final Vertx aVe }); }).onFailure(aContext::failNow); } - - /** - * Tests that a client can't obtain an access cookie for an unknown origin. - * - * @param aVertx A Vert.x instance - * @param aContext A test context - */ - @Test - public void testGetCookieUnknownOrigin(final Vertx aVertx, final VertxTestContext aContext) { - final String requestURI = StringUtils.format(GET_COOKIE_PATH, - URLEncoder.encode("https://iiif.unknown.library.ucla.edu", StandardCharsets.UTF_8)); - final HttpRequest getCookie = myWebClient.get(myPort, Constants.INADDR_ANY, requestURI); - - getCookie.send().onSuccess(response -> { - aContext.verify(() -> { - assertEquals(HTTP.BAD_REQUEST, response.statusCode()); - assertEquals(MediaType.TEXT_HTML.toString(), response.headers().get(HttpHeaders.CONTENT_TYPE)); - - aContext.completeNow(); - }); - }).onFailure(aContext::failNow); - } } diff --git a/src/test/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceTest.java b/src/test/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceTest.java index 4538e1f..9f64a10 100644 --- a/src/test/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceTest.java +++ b/src/test/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceTest.java @@ -140,9 +140,7 @@ public final void tearDown(final Vertx aVertx, final VertxTestContext aContext) public final void testValidateGeneratedCookie(final Vertx aVertx, final VertxTestContext aContext) { final String clientIpAddress = LOCALHOST; final boolean isCampusNetwork = true; - final boolean isDegradedAllowed = false; - final Future generateCookie = - myServiceProxy.generateCookie(clientIpAddress, isCampusNetwork, isDegradedAllowed); + final Future generateCookie = myServiceProxy.generateCookie(clientIpAddress, isCampusNetwork); generateCookie.compose(cookie -> { // The result is base64-encoded JSON with three keys @@ -157,8 +155,7 @@ public final void testValidateGeneratedCookie(final Vertx aVertx, final VertxTes return myServiceProxy.decryptCookie(cookie, clientIpAddress); }).onSuccess(decryptedCookie -> { final JsonObject expected = new JsonObject().put(CookieJsonKeys.CLIENT_IP_ADDRESS, clientIpAddress) - .put(CookieJsonKeys.CAMPUS_NETWORK, isCampusNetwork) - .put(CookieJsonKeys.DEGRADED_ALLOWED, isDegradedAllowed); + .put(CookieJsonKeys.CAMPUS_NETWORK, isCampusNetwork); completeIfExpectedElseFail(decryptedCookie, expected, aContext); }).onFailure(aContext::failNow); @@ -175,9 +172,7 @@ public final void testValidateGeneratedCookie(final Vertx aVertx, final VertxTes public final void testInvalidateTamperedCookie(final Vertx aVertx, final VertxTestContext aContext) { final String clientIpAddress = LOCALHOST; final boolean isCampusNetwork = false; - final boolean isDegradedAllowed = false; - final Future generateCookie = - myServiceProxy.generateCookie(clientIpAddress, isCampusNetwork, isDegradedAllowed); + final Future generateCookie = myServiceProxy.generateCookie(clientIpAddress, isCampusNetwork); generateCookie.compose(cookie -> { final JsonObject decodedCookie = new JsonObject(new String(Base64.getDecoder().decode(cookie.getBytes()))); @@ -203,9 +198,7 @@ public final void testInvalidateTamperedCookie(final Vertx aVertx, final VertxTe if (decryptedCookie.containsKey(CookieJsonKeys.CLIENT_IP_ADDRESS) && decryptedCookie.getString(CookieJsonKeys.CLIENT_IP_ADDRESS).equals(clientIpAddress) && decryptedCookie.containsKey(CookieJsonKeys.CAMPUS_NETWORK) && - decryptedCookie.getBoolean(CookieJsonKeys.CAMPUS_NETWORK) == isCampusNetwork && - decryptedCookie.containsKey(CookieJsonKeys.DEGRADED_ALLOWED) && - decryptedCookie.getBoolean(CookieJsonKeys.DEGRADED_ALLOWED) == isDegradedAllowed) { + decryptedCookie.getBoolean(CookieJsonKeys.CAMPUS_NETWORK) == isCampusNetwork) { aContext.failNow(StringUtils.format(MessageCodes.AUTH_009, decryptedCookie)); } else { aContext.completeNow(); diff --git a/src/test/java/edu/ucla/library/iiif/auth/services/DatabaseServiceIT.java b/src/test/java/edu/ucla/library/iiif/auth/services/DatabaseServiceIT.java index b6ed526..0af2a8c 100644 --- a/src/test/java/edu/ucla/library/iiif/auth/services/DatabaseServiceIT.java +++ b/src/test/java/edu/ucla/library/iiif/auth/services/DatabaseServiceIT.java @@ -194,64 +194,6 @@ final void testSetItemsInvalidItem(final VertxTestContext aContext) { }); } - /** - * Tests reading an origin whose "degraded allowed" has not been set. - * - * @param aContext A test context - */ - @Test - final void testGetDegradedAllowedUnset(final VertxTestContext aContext) { - final String url = "https://library.ucla.edu"; - final String expected = NULL; - - myServiceProxy.getDegradedAllowed(url).onFailure(details -> { - final ServiceException error = (ServiceException) details; - - aContext.verify(() -> { - assertEquals(Error.NOT_FOUND.ordinal(), error.failureCode()); - assertEquals(url, error.getMessage()); - - aContext.completeNow(); - }); - }).onSuccess(result -> { - // The following will always fail - completeIfExpectedElseFail(result, expected, aContext); - }); - } - - /** - * Tests reading an origin whose "degraded allowed" has been set once. - * - * @param aContext A test context - */ - @Test - final void testGetDegradedAllowedSetOnce(final VertxTestContext aContext) { - final String url = "https://iiif.library.ucla.edu"; - final boolean expected = true; - final Future setOnce = myServiceProxy.setDegradedAllowed(url, expected); - - setOnce.compose(put -> myServiceProxy.getDegradedAllowed(url)).onSuccess(result -> { - completeIfExpectedElseFail(result, expected, aContext); - }).onFailure(aContext::failNow); - } - - /** - * Tests reading an origin whose "degraded allowed" has been set more than once. - * - * @param aContext A test context - */ - @Test - final void testGetDegradedAllowedSetTwice(final VertxTestContext aContext) { - final String url = "https://iiif.sinaimanuscripts.library.ucla.edu"; - final boolean expected = true; - final Future setTwice = myServiceProxy.setDegradedAllowed(url, false) - .compose(put -> myServiceProxy.setDegradedAllowed(url, expected)); - - setTwice.compose(put -> myServiceProxy.getDegradedAllowed(url)).onSuccess(result -> { - completeIfExpectedElseFail(result, expected, aContext); - }).onFailure(aContext::failNow); - } - protected Logger getLogger() { return LOGGER; } diff --git a/src/test/resources/db/authzdb.sql b/src/test/resources/db/authzdb.sql index 4aae962..4b0899d 100644 --- a/src/test/resources/db/authzdb.sql +++ b/src/test/resources/db/authzdb.sql @@ -41,15 +41,8 @@ CREATE TABLE public.items ( access_mode smallint DEFAULT 0 NOT NULL ); -CREATE TABLE public.origins ( - url text NOT NULL, - degraded_allowed boolean DEFAULT FALSE NOT NULL -); - ALTER TABLE public.items OWNER TO postgres; -ALTER TABLE public.origins OWNER TO postgres; - -- -- Name: COLUMN items.uid; Type: COMMENT; Schema: public; Owner: postgres -- @@ -62,19 +55,6 @@ COMMENT ON COLUMN public.items.uid IS 'The unique identifier of the requested ob COMMENT ON COLUMN public.items.access_mode IS 'The access mode of the requested item: 0 is open, 1 is restricted to campus network users'; --- --- Name: COLUMN origins.url; Type: COMMENT; Schema: public; Owner: postgres --- - -COMMENT ON COLUMN public.origins.url IS 'The URL origin of an access request'; - --- --- Name: COLUMN origins.degraded_allowed; Type: COMMENT; Schema: public; Owner: postgres --- - -COMMENT ON COLUMN public.origins.degraded_allowed IS 'Whether this origin allows degraded access'; - - -- -- Name: items; Type: TABLE DATA; Schema: public; Owner: postgres -- @@ -82,13 +62,6 @@ COMMENT ON COLUMN public.origins.degraded_allowed IS 'Whether this origin allows COPY public.items (uid, access_mode) FROM stdin; \. --- --- Name: origins; Type: TABLE DATA; Schema: public; Owner: postgres --- - -COPY public.origins (url, degraded_allowed) FROM stdin; -\. - -- -- Name: items_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres -- @@ -96,23 +69,9 @@ COPY public.origins (url, degraded_allowed) FROM stdin; ALTER TABLE ONLY public.items ADD CONSTRAINT items_pkey PRIMARY KEY (uid); --- --- Name: origins_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres --- - -ALTER TABLE ONLY public.origins - ADD CONSTRAINT origins_pkey PRIMARY KEY (url); - -- -- Name: TABLE items; Type: ACL; Schema: public; Owner: postgres -- GRANT SELECT ON TABLE public.items TO authz_reader; GRANT ALL ON TABLE public.items TO authz_writer; - --- --- Name: TABLE origins; Type: ACL; Schema: public; Owner: postgres --- - -GRANT SELECT ON TABLE public.origins TO authz_reader; -GRANT ALL ON TABLE public.origins TO authz_writer;