Expert pubsub backend

[Steve-Mcl]

Description

Adds backend support for Expert requests/responses and inflight request/response messages over pubsub.

Key parts:

• New endpoint /api/v1/user/expert-creds (POST) in forge/routes/api/user.js for Expert User to get creds for MQTT client
• New admin endpoints /api/v1/admin/expert-agent-creds (DELETE and POST) in forge/routes/api/admin.js
• New controller function createClientForExpertClient in forge/db/controllers/BrokerClient.js for FE broker client
• New controller functions createClientForExpertAgent, removeClientForExpertAgent for generating BE agent broker client
• Adds to forge/comms/aclManager.js
  • new verify function checkExpertTopic
  • new ACLs for FE user expert-client:* as expertClient
  • new ACLs for BE agent expert-agent:* as expertAgent

Tests added:

test/unit/forge/db/controllers/BrokerClient_spec.js

▼ BrokerClient
  ▼ authenticateCredentials
    ✔ should return true if password matches
    ✔ should return false if password does not match
    ✔ should return false if user not found
    ✔ should return false if password is missing
    ✔ should delete broker client if username starts with frontend: and password is correct
    ✔ should delete broker client if username starts with expert-client: and password is correct
  ▼ createClientForExpertAgent
    ✔ should create broker client and return username and password
    ✔ should update password if client already exists
    ✔ should return null if app.comms is not available
  ▼ removeClientForExpertAgent
    ✔ should remove broker client
  ▼ createClientForExpertClient
    ✔ should create broker client for expert client
    ✔ should destroy existing client before creating new one
    ✔ should return null if app.comms is not available

test/unit/forge/comms/authRoutesV2_spec.js

      Expert Acls
        Expert Client
          ✔ denies subscription to project topics
          ✔ denies publish to project topics
          ✔ denies subscription to device topics
          ✔ denies publish to device topics
          ✔ denies publish/subscribe to platform topics
          ✔ allows subscription to chat response topics (instance)
          ✔ allows subscription to chat response topics (device)
          ✔ denies publish to chat response topics (instance)
          ✔ denies publish to chat response topics (device)
          ✔ denies subscription to another client's chat response topics
          ✔ denies publish to another client's chat response topics
          ✔ denies subscription with mismatching session id
          ✔ denies subscription with invalid entity type
          ✔ denies subscription with invalid entity id
          ✔ allows publish to chat request topics (instance)
          ✔ allows publish to chat request topics (device)
          ✔ denies subscription to chat request topics (instance)
          ✔ denies subscription to chat request topics (device)
          ✔ denies publish with invalid entity id
          ✔ allows subscription to inflight request topics (instance)
          ✔ allows subscription to inflight request topics (device)
          ✔ denies publish to inflight request topics (instance)
          ✔ denies publish to inflight request topics (device)
          ✔ denies subscription to another client's chat response topics
          ✔ denies publish to another client's chat response topics
          ✔ denies subscription to inflight request with mismatching session id
          ✔ allows publish to inflight response topics (instance)
          ✔ allows publish to inflight response topics (device)
          ✔ denies publish to inflight response with mismatching session id
        Expert Agent
          ✔ denies subscription to project topics
          ✔ denies publish to project topics
          ✔ denies subscription to device topics
          ✔ denies publish to device topics
          ✔ denies publish/subscribe to platform topics
          ✔ allows subscription to chat request topics
          ✔ denies subscription to wildcard request topics
          ✔ denies publish to chat request topics (instance)
          ✔ denies publish to chat request topics (device)
          ✔ allows publish to chat response topics (instance)
          ✔ allows publish to chat response topics (device)
          ✔ denies subscription to chat response topics
          ✔ denies publish with invalid entity type
          ✔ denies publish with invalid entity id
          ✔ allows subscription to inflight response topics
          ✔ denies publish to inflight response topics (instance)
          ✔ denies publish to inflight response topics (device)
          ✔ allows publish to inflight request topics (instance)
          ✔ allows publish to inflight request topics (device)
          ✔ denies publish to inflight request with bad entity type
          ✔ denies publish to inflight request with bad entity id

test/unit/forge/routes/api/user_spec.js

  User API
    User Expert Creds
      ✔ user can request expert credentials (111ms)
      ✔ user cannot request expert credentials without sessionId (49ms)
      ✔ user cannot request expert credentials with invalid sessionId (49ms)
      ✔ user cannot request expert credentials if not logged in

Related Issue(s)

Checklist

• I have read the contribution guidelines
• Suitable unit/system level tests have been added and they pass
• Documentation has been updated
  • Upgrade instructions
  • Configuration details
  • Concepts
• Changes flowforge.yml?
  • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
  • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production
• Link to Changelog Entry PR, or note why one is not needed.

Labels

• Includes a DB migration? -> add the area:migration label

[codecov]

Codecov Report

❌ Patch coverage is 76.59574% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.27%. Comparing base (03f683e) to head (e21605f).

Files with missing lines	Patch %	Lines
forge/comms/aclManager.js	71.87%	27 Missing ⚠️
forge/routes/api/admin.js	25.00%	6 Missing ⚠️

Additional details and impacted files

@@                     Coverage Diff                      @@
##           expert/mqtt-fe-scaffolding    #7008    +/-   ##
============================================================
  Coverage                       76.26%   76.27%            
============================================================
  Files                             403      403            
  Lines                           20317    20451   +134     
  Branches                         4890     4933    +43     
============================================================
+ Hits                            15495    15598   +103     
- Misses                           4822     4853    +31     

Flag	Coverage Δ
backend	76.27% <76.59%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[hardillb]

OK, I've read it all apart from the aclManager.js

What I've read looks OK, but need to spend time to actually step through the acl matching.