Merge branch 'main' into alarm-events

.gitignore

@@ -4,5 +4,5 @@ watched/
 .env
 *.log
 log.json
-bundle.js
+bundle.cjs
 coverage/

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing to STIGMAN-Watcher
 
-**NOTE: This CONTRIBUTING.md describes our software contribution policy. You do not need to follow the Developer's Certificate of Origin (DCO) process for commenting on the STIG Manager repository documentation, such as CONTRIBUTING.md, INTENT.md, etc. or for submitting issues. For more information about developing and contributing to the project, please see the [STIG Manager Contribution Guide](https://stig-manager.readthedocs.io/en/latest/the-project/contributing.html) that is part of our [overall documentation](https://stig-manager.readthedocs.io/en/latest/index.html)**
+**NOTE: This CONTRIBUTING.md describes our software contribution policy. You do not need to follow the Developer's Certificate of Origin (DCO) process for commenting on the STIGMAN-Watcher repository documentation, such as CONTRIBUTING.md, INTENT.md, etc. or for submitting issues. For more information about developing and contributing to the project, please see the [STIG Manager Contribution Guide](https://stig-manager.readthedocs.io/en/latest/the-project/contributing.html) that is part of our [overall documentation](https://stig-manager.readthedocs.io/en/latest/index.html)**
 
 ## Policy
 

build.sh

@@ -37,7 +37,7 @@ npm install -g pkg
 
 # Bundle
 printf "[BUILD_TASK] Bundling\n"
-npx esbuild index.js --bundle --platform=node --outfile=bundle.js
+npx esbuild index.js --bundle --platform=node --outfile=bundle.cjs
 check_exit_status "Bundling" 1
 
 # version=$(git describe --tags | sed 's/\(.*\)-.*/\1/')

lib/args.js

@@ -1,20 +1,31 @@
-const version = '1.4.2'
 
 import help_default from './help.js'
 help_default()
 import { Command, Option, InvalidOptionArgumentError } from 'commander'
-import { readFileSync } from 'fs'
+import { readFileSync } from 'node:fs'
 import * as logger from './logger.js'
 import { config } from 'dotenv' 
-import { resolve, sep, posix } from 'path'
+import { dirname, resolve, sep, posix } from 'node:path'
 import promptSync from 'prompt-sync'
 import { createPrivateKey } from 'crypto'
 
 const prompt = promptSync({ sigint:true })
 const component = 'args'
 
+function getVersion() {
+  try {
+    const packageJsonText = readFileSync(`${dirname(process?.pkg?.defaultEntrypoint ?? '.')}/package.json`, 'utf8')
+    return JSON.parse(packageJsonText).version
+  } 
+  catch (error) {
+    console.error('Error reading package.json:', error.message)
+    return '0.0.0'
+  }
+}
+
 let configValid = true
 
+const version = getVersion()
 
 // Use .env, if present, to setup the environment
 config()
@@ -78,6 +89,8 @@ program
 .requiredOption('--api <url>', 'Base URL of the STIG Manager API service (`WATCHER_API_BASE`).', pe.WATCHER_API_BASE)
 .requiredOption('--authority <url>', 'Base URL of the OIDC authentication service that issues OAuth2 tokens for the API (`WATCHER_AUTHORITY`)', pe.WATCHER_AUTHORITY)
 .requiredOption('--client-id <string>', 'OIDC clientId to authenticate (`WATCHER_CLIENT_ID`). You will be prompted for the client secret if `--client-key` is not present and `--prompt` is present, unless `WATCHER_CLIENT_SECRET` is set', pe.WATCHER_CLIENT_ID)
+.option('--scope-prefix <string>', 'String used as a prefix for default stig-manager scopes (except `openid`) when authenticating to the OIDC Provider.',  pe.WATCHER_SCOPE_PREFIX ?? '')
+.option('--extra-scopes <string>', 'Space separated OAuth2 scopes to request in addition to the default scopes. Will not be automatically prefixed with WATCHER_SCOPE_PREFIX value.',  pe.WATCHER_EXTRA_SCOPES)
 .option('--client-key <path>', 'Path to a PEM encoded private key (`WATCHER_CLIENT_KEY`). If the key is encrypted, you will be prompted for the passphrase if `--prompt` is present, unless `WATCHER_CLIENT_KEY_PASSPHRASE` is set.',  pe.WATCHER_CLIENT_KEY)
 .option('--add-existing', 'For `--mode events`, existing files in the path will generate an `add` event (`WATCHER_ADD_EXISTING=1`). Ignored if `--mode scan`, negate with `--no-add-existing`.',  getBoolean('WATCHER_ADD_EXISTING', false))
 .option('--no-add-existing', 'Ignore existing files in the watched path (`WATCHER_ADD_EXISTING=0`).')
@@ -87,7 +100,7 @@ program
 .option('--create-objects', 'Create Assets or STIG Assignments as needed (`WATCHER_CREATE_OBJECTS=1`). Negate with `--no-create-objects`.', getBoolean('WATCHER_CREATE_OBJECTS', true))
 .option('--no-create-objects', 'Do not create Assets or STIG Assignments (`WATCHER_CREATE_OBJECTS=0`).')
 .option('--ignore-dir [name...]', 'DEPRECATED, use --ignore-glob. Sub-directory name to ignore. Can be invoked multiple times.(`WATCHER_IGNORE_DIRS=<csv>`)', pe.WATCHER_IGNORE_DIRS?.split(','))
-.option('--ignore-glob [glob...]', 'File or diectory glob(s) to ignore. Can be invoked multiple times.(`WATCHER_IGNORE_GLOBS=<csv>`)', pe.WATCHER_IGNORE_GLOBS?.split(','))
+.option('--ignore-glob [glob...]', 'File or directory glob(s) to ignore. Can be invoked multiple times.(`WATCHER_IGNORE_GLOBS=<csv>`)', pe.WATCHER_IGNORE_GLOBS?.split(','))
 .option('--event-polling', 'Use polling with `--mode events`, necessary for watching network files (`WATCHER_EVENT_POLLING=1`). Ignored if `--mode scan`, negate with `--no-event-polling`.', getBoolean('WATCHER_EVENT_POLLING', true))
 .option('--no-event-polling', 'Don\'t use polling with `--mode events`, reduces CPU usage (`WATCHER_EVENT_POLLING=0`).')
 .option('--stability-threshold <ms>', 'If `--mode events`, milliseconds to wait for file size to stabilize. May be helpful when watching network shares. (`WATCHER_STABILITY_THRESHOLD`). Igonred with `--mode scan`', parseIntegerArg, parseIntegerEnv(pe.WATCHER_STABILITY_THRESHOLD) ?? 0)
@@ -101,6 +114,7 @@ program
 .option('--no-strict-revision-check', 'For CKL, allow checklist of uninstalled STIG revision (`WATCHER_STRICT_REVISION_CHECK=0`). This is the default behavior.')
 
 // Parse ARGV and get the parsed options object
+// Options properties are created as camelCase versions of the long option name
 program.parse(process.argv)
 const options = program.opts()
 

lib/auth.js

@@ -10,12 +10,25 @@ import * as CONSTANTS from './consts.js'
 const self = {}
 
 self.url = null
-self.threshold = 10 // seconds
-self.scope = 'openid stig-manager:collection stig-manager:stig:read stig-manager:user:read'
+self.threshold = 10
 self.key = options.clientKey
 self.authenticateFn = options.clientKey ? authenticateSignedJwt : authenticateClientSecret
 self.authentication = options.clientKey ? 'signed-jwt' : 'client-secret'
 
+const scopePrefix = options.scopePrefix
+
+const scopeArray= [
+  `openid`,
+  `${scopePrefix}stig-manager:stig:read`,
+  `${scopePrefix}stig-manager:collection`,
+  `${scopePrefix}stig-manager:user:read`,
+]
+if (options.extraScopes) {
+  scopeArray.push(...options.extraScopes.split(" "))
+}
+
+self.scope = scopeArray.join(" ")
+
 let tokens, tokenDecoded
 const component = 'auth'
 /**

pkg.config.json

@@ -1,9 +1,9 @@
 {
     "name": "stigman-watcher",
-    "bin": "./bundle.js",
+    "bin": "./bundle.cjs",
     "pkg": {
         "targets": [ "node18-win", "node18-linuxstatic" ],
-        "assets": ["./node_modules/better-queue-memory/**"],
+        "assets": ["./node_modules/better-queue-memory/**", "./package.json"],
         "outputPath": "./bin"
     }
 }