proxify | portable proxy for capturing manipulating | Proxy library

I have a Poco (v1.9.4) based class

I'm working on a opensource library that makes Proxies of Rx Observables.

(I'll use Box instead of Observable for simplicity)

It takes in a Box and returns a type { [P in keyof A]: Box }.

I get this error when I'm running my unit tests on gitlab pipeline, but it work fine on my local environement:

I'm taking the mongoDB course on how to connect node to MongoDB. I only wrote this ( in the file they gave for the course) :

How can I create a deep/recursive Proxy?

Specifically, I want to know whenever a property is set or modified anywhere in the object tree.

Here's what I've got so far:

I'm having the following TypeScript class

In a nutshell: What is the best way to give and control end user access to files stored in a S3 bucket with specific access rules determined for each files by which “group” the end user belong to and what is his role in that “group”, when there is a lot of dynamically defined “group” (more than 100 000) and each user can be part of several “groups” (more than 1000).

I am in a team where we are developing a product based on AWS lambda, accessible with a web app. The product is developed using micro service architecture. To explain our use case, let's imagine we have 3 micro services:

• User service, that is in fact AWS Cognito (handle user and authorization in the whole platform)
• Company service. Developed by us, based on AWS Lambda and dynamoDB. That manage company information (name, people, and other metadata that I will not explain here)
• Document service. This service, that we need to develop, need to handle documents that belongs to a company.

In terms of architecture, we have some difficulty to handle the following use case:

We would like that people that belong to one or multiple companies can have access to that documents (files). These people may have some role inside the company (Executive, HR, Sales). Depending of these roles, people may have access to only a subpart of company documents. Of course, people that do not belong to a company will not have access to that company documents.

To handle such use cases, we would like to use AWS S3, and if possible, without redeveloping our own micro service that may proxify AWS S3.

The problem is: How we can manage rights with AWS S3 for our use case ?

We have investigated multiple solutions.

1. Using IAM policies that restrict S3 file access (the WEB app access S3 directly, no proxy). If our S3 bucket is organized by company name/UUID (folders at the root dir of S3), we can think about creating an IAM policy every time we create a company and configure it so that every user in a company have access to the company folder, and only that folder.

2. Create a bucket for each company is not possible because AWS limit the number of S3 bucket to 100 (or 1000) per AWS account. And our product may have more than 1000 companies

3. Putting user in group (group == 1 company) is not possible because the number of groups per user pool is 500.

4. Using lamda@edge that proxify AWS S3 call to verify that file URI in S3 is authorized for the requested user (user belongs to the company and have the right roles to read its documents). This Lambda@edge will call an internal service to know if this user is authorized to get files from this company (based on the called URL)

5. Using AWS S3 Pre Signed URL. We can create our own document-service, that expose CREATE, GET, DELETE api, that will contact AWS S3 service after having done authorization checking (user belongs to the company) and generate pre signed URL to upload or get a file. Then the user (WebApp) will call S3 directly.

In fact, If I try to summarize our problem, we have some difficulties to handle a mix of RBAC and authorization control inside an AWS product developed with AWS lambda, and exposing AWS S3 to end user.

If you have experience or recommendation for this kind of use case, you advice will be very welcome.

I wrote a small wrapper to return undefined in place of typeError when accessing properties that don't exist using a Proxy. Here is the code:

I'd like to detect an event of attaching shadow to the host element.

Use-case: using MutationObserver to watch any DOM changes and post-process the changed content as part of binding (tying) framework's logic.

Why do I need to detect this event? In order to be able to watch for a changes within the shadowDOM, another MutationObserver should be created and set on the shadowRoot - this works just fine, so the only issue is with detecting newly created shadows.

Needless to say, that plainly MutationObserver does not detect attachShadow action, tried that with all of the options flags set to true.

Note: I'm aware of this question on this forum, yet it's not exactly the same problem, IMHO.

UPDATE:

I'm marking the answer of @Supersharp as the answer to the question, since looks like proxifying the native attachShadow method is currently the only way to observe this action.

Yet, similarly to the fact that we are not proxifying appendChild, removeChild, innerHTML/textContent and others, but relaying on well defined MutationObserver APIs, in this case too, there must be a way to achieve the same without potentially breaking native API behavior or catching up and plumbering any other possible future way to attach shadow (and probably there will be removal too?, already there is an override) etc.

I've issued a proposal to support attachShadow by MutationObserver here.