feat!: Refactored topic structure for more granular flow and access (#…

…100)

* draft: refactor naming and chat

* demark topic version scheme as v1, test http client upgrade

* update terms

* config app_name for all url reverse lookups, allow url versioning

* update working schema

* test redirect web vs rest

* split persist token subs by version, 1 min exp

* Add topics constants

* Remove camera_ prefix on camid

* major refactor topic api v1, before adding v2

* correct scene/device namespace split more for sanity

* first pass at v2 topics token

* update pubsub_api_v2 topics for new schema

* Add example of string sub w/ topic constants

* move template example to v2, not v1

* update clean_topics with MQTTMatcher for +/#

* shelve topic template atm (runtime issue)

* add missing paho mqtt match file

* only non-specific scene/device should monitor latency data

* missing sub u and proc scene only

* fix topic template

* keep g/a open for render fusion for now

* consolidate device rights, another pass at scene rights

* separate scope for r/e/d

* setting full priv/unpriv

* Update mqtt-v1.md with examples

* flesh out v2 doc

* update private topics

* moer accurate private perms

* scope owners provate messages better

* remove ids from general scope

* restore private, set explict priv to none

* set objects access excplicity avoiding user presense override

* only add scene perms when sceneid defined

* fix deny anon token, remove global session sub

* scope cat subs to public read

* eliminate v1 for token use endpoints

* Add wildcard to private subs

* Re-allow private subs to own user

* chore: lint

* fix(token): role-based subs should be for all categoties, repair public_read

* undo public_read change

* let scene owners pub as remote render server

* also allow remote render server to sub -

* render fusion allows server to sent private

---------

Co-authored-by: Ivan Liang <[email protected]>

arena_account/settings.py

@@ -124,6 +124,7 @@
         "rest_framework.parsers.MultiPartParser",
         "rest_framework.parsers.JSONParser",
     ],
+    "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.NamespaceVersioning",
 }
 
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'

arena_account/urls.py

@@ -18,7 +18,11 @@
 from django.urls import include, path
 
 urlpatterns = [
-    path("user/", include("users.urls")),
+    # configure user api version based endpoints
+    path("user/", include("users.urls", namespace="v1")),
+    path("user/v2/", include("users.urls", namespace="v2")),
+
+    # include admin paths
     path("user/admin/", admin.site.urls),
     path("user/accounts/", include("allauth.urls")),
 ]

docs/mqtt-v1.md

@@ -0,0 +1,101 @@
+# Sample MQTT JWT Topic Permissions v1 (deprecated)
+
+## Specific Scene Context
+Page (3d scene), Python, Unity
+
+### Scene Unprivileged
+
+User: anonymous-mike
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/c/mwfarbnook/o/2559945886_anonymous-mikeMjU1OTk0NTg4Nl9hbm9ueW1vdXMtbWlrZQ==
+- realm/c/mwfarbnook/p/+/2559945886_anonymous-mikeMjU1OTk0NTg4Nl9hbm9ueW1vdXMtbWlrZQ==
+- realm/env/mwfarbnook/test/#
+- realm/env/public/#
+- realm/g/a/#
+- realm/proc/#
+- realm/s/mwfarbnook/test/camera_2559945886_anonymous-mike
+- realm/s/mwfarbnook/test/camera_2559945886_anonymous-mike/#
+- realm/s/mwfarbnook/test/handLeft_2559945886_anonymous-mike
+- realm/s/mwfarbnook/test/handRight_2559945886_anonymous-mike
+
+MQTT Subscribe topics:
+- $NETWORK
+- realm/c/mwfarbnook/o/#
+- realm/c/mwfarbnook/p/2559945886_anonymous-mike/#
+- realm/g/a/#
+- realm/proc/#
+- realm/s/mwfarbnook/test/#
+- realm/s/public/#
+
+### Scene Privileged
+
+User: mwfarbnook
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/c/mwfarbnook/o/3368381823_mwfarbnookMzM2ODM4MTgyM19td2ZhcmJub29r
+- realm/c/mwfarbnook/p/+/3368381823_mwfarbnookMzM2ODM4MTgyM19td2ZhcmJub29r
+- realm/d/mwfarbnook/#
+- realm/env/mwfarbnook/#
+- realm/env/public/#
+- realm/g/a/#
+- realm/proc/#
+- realm/s/mwfarbnook/#
+
+MQTT Subscribe topics:
+- $NETWORK
+- realm/c/mwfarbnook/o/#
+- realm/c/mwfarbnook/p/3368381823_mwfarbnook/#
+- realm/d/mwfarbnook/#
+- realm/env/mwfarbnook/#
+- realm/g/a/#
+- realm/proc/#
+- realm/s/mwfarbnook/#
+- realm/s/public/#
+
+## General Context
+Page (scenes, build, network)
+
+### General Unprivileged
+
+User: anonymous-mike
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/env/public/#
+- realm/proc/#
+
+MQTT Subscribe topics:
+- $NETWORK
+- realm/proc/#
+- realm/s/public/#
+
+### General Privileged
+
+User: mwfarbnook
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/d/mwfarbnook/#
+- realm/env/mwfarb/allow-editors/#
+- realm/env/mwfarb/json8/#
+- realm/env/mwfarbnook/#
+- realm/env/public/#
+- realm/proc/#
+- realm/s/mwfarb/allow-editors/#
+- realm/s/mwfarb/json8/#
+- realm/s/mwfarbnook/#
+
+MQTT Subscribe topics:
+- $NETWORK
+- realm/d/mwfarbnook/#
+- realm/env/mwfarb/allow-editors/#
+- realm/env/mwfarb/json8/#
+- realm/env/mwfarbnook/#
+- realm/proc/#
+- realm/s/mwfarb/allow-editors/#
+- realm/s/mwfarb/json8/#
+- realm/s/mwfarbnook/#
+- realm/s/public/#

docs/mqtt-v2.md

@@ -0,0 +1,80 @@
+# Sample MQTT JWT Topic Permissions v2
+
+## Specific Scene Context
+Page (3d scene), Python, Unity
+
+### Scene Unprivileged
+
+User: anonymous-mike
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/proc/#
+- realm/s/mwfarbnook/test/c/0799265009_anonymous-mike
+- realm/s/mwfarbnook/test/c/0799265009_anonymous-mike/+
+- realm/s/mwfarbnook/test/d/0799265009_anonymous-mike/-
+- realm/s/mwfarbnook/test/e/0799265009_anonymous-mike/-
+- realm/s/mwfarbnook/test/p/0799265009_anonymous-mike
+- realm/s/mwfarbnook/test/p/0799265009_anonymous-mike/+
+- realm/s/mwfarbnook/test/r/0799265009_anonymous-mike/-
+- realm/s/mwfarbnook/test/u/0799265009_anonymous-mike
+- realm/s/mwfarbnook/test/u/0799265009_anonymous-mike/+
+- realm/s/mwfarbnook/test/u/handLeft_0799265009_anonymous-mike
+- realm/s/mwfarbnook/test/u/handLeft_0799265009_anonymous-mike/+
+- realm/s/mwfarbnook/test/u/handRight_0799265009_anonymous-mike
+- realm/s/mwfarbnook/test/u/handRight_0799265009_anonymous-mike/+
+- realm/s/mwfarbnook/test/x/0799265009_anonymous-mike
+- realm/s/mwfarbnook/test/x/0799265009_anonymous-mike/+
+
+MQTT Subscribe topics:
+- realm/proc/#
+- realm/s/mwfarbnook/test/+/+
+- realm/s/mwfarbnook/test/+/+/0799265009_anonymous-mike
+
+### Scene Privileged
+
+User: mwfarbnook
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/d/mwfarbnook/#
+- realm/proc/#
+- realm/s/mwfarbnook/+/+/+
+- realm/s/mwfarbnook/+/+/+/+
+
+MQTT Subscribe topics:
+- realm/d/mwfarbnook/#
+- realm/proc/#
+- realm/s/mwfarbnook/+/+/+
+- realm/s/mwfarbnook/+/+/+/0799265009_mwfarbnook
+
+## General Context
+Page (scenes, build, network)
+
+### General Unprivileged
+
+User: anonymous-mike
+
+MQTT Publish topics:
+- $NETWORK/latency
+
+MQTT Subscribe topics:
+- $NETWORK
+- realm/s/public/+/+/+
+
+### General Privileged
+
+User: mwfarbnook
+
+MQTT Publish topics:
+- $NETWORK/latency
+- realm/s/mwfarb/allow-editors/+/+
+- realm/s/mwfarb/json8/+/+
+- realm/s/mwfarbnook/+/+/+
+
+MQTT Subscribe topics:
+- $NETWORK
+- realm/s/mwfarb/allow-editors/+/+
+- realm/s/mwfarb/json8/+/+
+- realm/s/mwfarbnook/+/+/+
+- realm/s/public/+/+/+

users/forms.py

@@ -44,7 +44,7 @@ class SceneForm(forms.ModelForm):
     editors = forms.ModelMultipleChoiceField(
         queryset=User.objects.all().order_by('username'),
         widget=autocomplete.ModelSelect2Multiple(
-            url='user-autocomplete',
+            url='users:user-autocomplete',
             forward=(forward.Self(), ),
             attrs={'data-minimum-input-length': 2},
         ), required=False)