Add Design Document for AuthWebhook Design (#152)

* Add design document for backend * Change typo in directory name * Add auth webhook desgin document * Add hyperlink to design document
yorkie-team · Feb 6, 2024 · a7955c3 · a7955c3
1 parent b19c0be
commit a7955c3
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 3 deletions.
diff --git a/backend/README.md b/backend/README.md
@@ -91,4 +91,5 @@ backend/
 
 ## Contributing
 
-Please see the [CONTRIBUTING.md](../CONTRIBUTING.md) file for details on how to contribute to this project.
+Please see the [CONTRIBUTING.md](../CONTRIBUTING.md) file for details on how to contribute to this project.  
+If you are interested in internal design, please refer to the [Design Document](./design/).
diff --git a/backend/design/README.md b/backend/design/README.md
@@ -0,0 +1,18 @@
+# Design Document
+
+## Contents
+
+- [Yorkie Auth Webhook](./auth-webhook.md): Auth Webhook to prevent users from accessing unauthorized documents using a Public Key
+
+## Maintaining the Document
+
+For significant scope and complex new features, it is recommended to write a Design Document before starting any implementation work. On the other hand, we don't need to design documentation for small, simple features and bug fixes.
+
+Writing a design document for big features has many advantages:
+
+- It helps new visitors or contributors understand the inner workings or the architecture of the project.
+- We can agree with the community before code is written that could waste effort in the wrong direction.
+
+While working on your design, writing code to prototype your functionality may be useful to refine your approach.
+
+Authoring Design document is also proceeded in the same [contribution flow](../../CONTRIBUTING.md) as normal Pull Request such as function implementation or bug fixing.
diff --git a/backend/design/auth-webhook.md b/backend/design/auth-webhook.md
@@ -0,0 +1,38 @@
+# Yorkie Auth Webhook
+
+This document covers the structure of the Auth Webhook to prevent users from accessing unauthorized documents using a Public Key.
+
+## What is Yorkie Auth Webhook?
+
+A webhook is an HTTP POST that is called when something happens. If the Auth Webhook has been configured, when a Server receives a request from a Client, the Server checks if the Client has been authorized for a certain Document by asking an outside service with a REST request.
+
+- [Yorkie Auth Webhook](https://yorkie.dev/docs/cli#auth-webhook)
+
+In a production environment, it is strongly recommended to enable the Auth Webhook.
+
+## Overall Flow
+
+```
+(5) response the request  (4) handle the request
+     ┌─────────────────┐  ┌──┐
+     │                 │  │  │  (3) response
+     ▼                 │  ▼  │    - allowed
+ ┌──────┐             ┌┴─────┤    - reason   ┌───────────────┐
+ │Client├────────────►│Yorkie│◄──────────────┤CodePair Server│
+ └──────┘ (1)request  └────┬─┘               └───────────────┘
+           - token         │                      ▲
+           - dockey        └──────────────────────┘
+                               (2) call webhook
+                                - token
+                                - dockey
+                                - verb: r or rw
+```
+**Webhook URL**: `<BACKEND_URL>/check/yorkie`  
+**Token Format**: `share:<SHARE_TOKEN>` or `default:<ACCESS_TOKEN>`
+
+## Set Up
+
+The code related to AuthWebhook is already implemented in [`useYorkieDocument`](../../frontend/src/hooks/useYorkieDocument.ts) and [`check.controller.ts`](../src/check/check.controller.ts).  
+Simply visit the Yorkie Project Dashboard and add `<YOUR_BACKEND_URL>/check/yorkie` to the Settings > Webhook > Auth webhook URL.
+
+Note that if `YOUR_BACKEND_URL` is `http://localhost` and Yorkie is not running on `http://localhost`, this will not work.
diff --git a/backend/src/check/check.controller.ts b/backend/src/check/check.controller.ts
@@ -32,8 +32,8 @@ export class CheckController {
 		summary: "Check Whether The Access is Authorized",
 		description: "If the user doesn't have the permission, reject the access",
 	})
-	@ApiBody({ type: CheckNameConflictDto })
-	@ApiOkResponse({ type: CheckNameConflicReponse })
+	@ApiBody({ type: CheckYorkieDto })
+	@ApiOkResponse({ type: CheckYorkieResponse })
 	@HttpCode(HttpStatus.OK)
 	async checkYorkie(@Body() checkYorkieDto: CheckYorkieDto): Promise<CheckYorkieResponse> {
 		return this.checkService.checkYorkie(checkYorkieDto);