biscuit-auth / biscuit-haskell Goto Github PK

When trying to build it, it does indeed fail on tests:

$ NIXPKGS_ALLOW_BROKEN=1 nix-build '<nixpkgs>' -A haskellPackages.biscuit-haskell
... truncated ...
Running 1 test suites...
Test suite biscuit-haskell-test: RUNNING...
biscuit-haskell-test: test/samples/v2/samples.json: openBinaryFile: does not exist (No such file or directory)

Test suite biscuit-haskell-test: FAIL

And it is consistent with the content of the source archive built by cabal2nix from the cabal file:

$ tree biscuit-haskell-0.2.1.0/
biscuit-haskell-0.2.1.0/
├── benchmarks
│   └── Bench.hs
├── biscuit-haskell.cabal
├── ChangeLog.md
├── LICENSE
├── README.md
├── Setup.hs
├── src
│   └── Auth
│       ├── Biscuit
│       │   ├── Crypto.hs
│       │   ├── Datalog
│       │   │   ├── AST.hs
│       │   │   ├── Executor.hs
│       │   │   ├── Parser.hs
│       │   │   └── ScopedExecutor.hs
│       │   ├── Example.hs
│       │   ├── ProtoBufAdapter.hs
│       │   ├── Proto.hs
│       │   ├── Symbols.hs
│       │   ├── Timer.hs
│       │   ├── Token.hs
│       │   └── Utils.hs
│       └── Biscuit.hs
└── test
    ├── Spec
    │   ├── Executor.hs
    │   ├── NewCrypto.hs
    │   ├── Parser.hs
    │   ├── Quasiquoter.hs
    │   ├── Roundtrip.hs
    │   ├── SampleReader.hs
    │   ├── ScopedExecutor.hs
    │   └── Verification.hs
    └── Spec.hs

7 directories, 28 files

I'm not yet sure how to properly fix that. I guess we could simply add the test/samples/v2/*.(bc|json) files either to extra-source-files or data-files. I don't have the proper setup to test this hypothesis yet.

Right now the parser is polymorphic (sub-parsers depend on the context they're called in). This makes the parser produce a semantically valid AST in a single pass, at the expense of error reporting (syntactically valid but semantically valid statements are rejected as parse errors).

To add insult to injury, the parser library is attoparsec, so parse errors are 99% of the time non informative.

A good solution would be to:

• use megaparsec, in order to get actually useful error messages on syntax errors
• make the parsing phase accept semantically invalid states, and forbid those in a separate pass, with appropriate error messages

It's quite a bit of work, but i've been working on a PoC a long time ago, with promising results. Working on this would also be a good opportunity to expose runtime parameter substitution in addition to compile-time slicing. Writing an error-reporting optimized megaparsec parser is extra work, but can be made incrementally. The baseline error reporting would be miles ahead of the current situation anyway.

The documentation for getRevocationIds states that the function is only supposed to be used for debugging. But there doesn't seem to be any other way to retrieve the revocation id for a token, and according to the Biscuit docs you are supposed to store the revocation ids for all tokens created. Then I figure getRevocationIds is not just for debugging, and the docs are wrong?

Every variable that appears in expressions should be introduced by a predicate.

I'm not 100% sure the implementation explicitly checks it before evaluation. This is not a big issue because unbound variables will cause evaluation to fail anyway, but it should be caught early.

Right now the build is tested against GHC 8.10.4 and libs are based off stackage lts 17.10.

biscuit-auth/biscuit#112