KeepFactory

The KeepFactory provides access to singleton caches for:

  • KeepConfig
  • DesignCache
  • LoggedOutUserList
  • JWTManager

It also provides a holder for the relevant user session, a KeepJnxSession object. This is why each instance of AsyncDominoJNXRequest creates a new KeepFactory object, to ensure no pollution of KeepJnxSessions.

KeepFactory will often need to be mocked for JUnit tests. This is why instances of AbstractKeepVerticle (and AsyncDominoJNXRequest) create their own instance of KeepFactory and have a setter.

The KeepFactory is also used by the HttpListener and AbstractKeepDataVerticle to load handler classes according to the OpenAPI spec.

KeepConfig

The KeepConfig contains two main objects:

  • a map of KeepApiInfo objects, one for each endpoint in the OpenAPI spec with an operationId. The key in the map is the operationId. The contents are loaded when Keep loads. The KeepApiInfo object also checks whether it can work as a JSON handling endpoint, if it a) responds with JSON and b) receives only JSON or expects no body.
  • a map of KeepDbInfo objects, one for each database exposed for Keep access. The key in the map is the Keep name for the database. The structure is:
  • apiName.
  • filePath.
  • icon.
  • iconName.
  • description.
  • list of owners, for reference purposes only.
  • formulaEngine (currently just “domino”, future plan will include OpenFormula.
  • whether or not it’s active.
  • unid of the Notes Document in Keep Config database.
  • configInfo, containing:
    • whether or not the database allows access from browsers (openAccess).
    • whether or not the database allows code to be submitted via the “/run/code” and “/run/codejs” endpoints (allowCode).
    • formula (applied according to the formulaEngine) to define whether DQL can be run against the database (dqlAccess).
    • list of excluded views, views that cannot be used from Keep (excludedViews).
    • list of agents than can be run from Keep (agents).
    • list of stored procedures (code that the Keep Administrator has added to be run) - NOT YET IMPLEMENTED (storedProcedures).
    • list of people who must approve requests for external applications to use this database - NOT YET IMPLEMENTED (applicationAccessApprovers).
    • map of FormAccessModeInfo objects (formConfigs) where the modeName is the key. Every form exposed must have at least one FormAccessModeInfo for a modeName “default”. Each FormAccessModeInfo contains:
    • modeName.
    • list of fields exposed to read access (readAccessFields).
    • list of fields exposed to write access (writeAccessFields).
    • formula (applied according to the formulaEngine) for read access (readAccessFormula).
    • formula (applied according to the formulaEngine) for write access (writeAccessFormula). This can include validation of the payload.
    • formula(s) to be applied for any GET requests for the form mode (onLoad).
    • formula(s) to be applied before saving any documents for this form mode (onSave).
    • whether or not the Input Translation and Input Validation formulas on the underlying Notes Form should be applied (computeWithForm).
    • whether or not a POST request should be rejected if the content does not conform with the list of fields expected for write access (strictInput). If set to false, any fields not in the writeAccessFields are just ignored.

The KeepConfig is also used to: - get and retrieve the system username. - check if local users are allowed, managed via the GodMode environment variable. - scan and retrieve actual database names for Keep Admin module. - read the JSON OpenAPI spec.

DesignCache

This is a cache for a database’s actual design. It’s populated from DesignFetchdxlRequest. Requests for individual design elements automatically route through DesignFetchdxlRequest if the design has not yet been cached. There are two buckets of data:

  • bucket, containing the design extracted as a JSON object.
  • dxlbucket, containing the raw DXL.

Entries are removed from the caches after 8 hours. There is also a specific endpoint to evict the whole cache.

The design cache is used by the Keep Admin module to provide the actuals from which to select:

  • views to exclude from Keep access.
  • forms to enable for Keep access.
  • agents to expose for Keep access. As a result, anyone using the Keep Admin module will need minimum Designer access to the databases they are enabling for Keep access.

JWTManager

This is responsible for generating JWT tokens.

LoggedOutUserList

This uses an ExpiringMap to auto-expire JWT tokens. The “/logout” endpoint also expires a JWT token. The expired tokens are checked by the “jwt” security handler, ExpiringJwtHandler.