Search code examples
herokuloopbackjsstrongloopbuildpack

Deploying to Heroku with LoopBack buildpack overwrites my changes to LoopBack code

I'm deploying my LoopBack project in Heroku using the buildpack in:

https://github.com/strongloop/strongloop-buildpacks.git

However I have a few changes I made to the LoopBack User model (specifically, I changed the ACLs to deny access to User creation by $everyone) and when I deploy it in Heroku those changes are overwritten with the default values (i.e. the ACL allows $everyone to POST to /Users)

My guess is that when deploying in Heroku, my changes are put first and then the buildpack is installed so any changes to the LB source code are overwritten.

Is there any way I can make changes to the LoopBack source code and deploy to Heroku?

Do I have to create my own buildpack with my changes? any recommended resources on how to create a buildpack?

Thanks!

Solution

  • After some research it seems that my assumtions on why this was failing were right. It turns out that the reason why the changes are being overwritten is indeed because the buildpack installs everything on top of whatever project structure you commit to your Heroku app.

    In my case, since my changes involved changing StrongLoop's files, whenever the SL buildpack was installed those changes where lost.

    Solution:

    The way I solved this was by forking StrongLoop's buildpack and then adding a few lines to the bin/compile file to use sed to delete the ACL entries that allow anyone ("$everyone" role) to POST a new User instance:

    status "Removing CREATE permissions for User model"
sed '42,47d' $build_dir/node_modules/loopback/common/models/user.json > $build_dir/node_modules/loopback/common/models/user.tmp
mv $build_dir/node_modules/loopback/common/models/user.tmp $build_dir/node_modules/loopback/common/models/user.json

    (link to the position of the lines is here)

    In the version of SL that I'm using this deletes the following lines:

     },
 {
   "principalType": "ROLE",
   "principalId": "$everyone",
   "permission": "ALLOW",
   "property": "login"

    (link to GitHub lines here)

    I then used this new buildpack to create a new Heroku app which now has disabled access to creating new Users by "$everyone" role.

    Caveats

    This is of course a very crude way of accomplishing this, and I would think that the correct way would be to actually fork the StrongLoop repo, make the changes there, and then use a buildpack that installs the forked repo, however in my case it meant that I had to be paying attention to fixes commited to the original StrongLoop repo and merge them back, which for the small change I needed seemed unnecessary.