Merge pull request #91 from RADAR-base/release-2.0

Release 2.0

.editorconfig

@@ -0,0 +1,25 @@
+# EditorConfig helps developers define and maintain consistent
+# coding styles between different editors and IDEs
+# editorconfig.org
+
+root = true
+
+[*]
+# Change these settings to your own preference
+indent_style = space
+indent_size = 4
+continuation_indent_size = 8
+
+# We recommend you to keep these unchanged
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.{json,yaml,yml}]
+indent_style = space
+indent_size = 2
+continuation_indent_size = 4

.gitignore

@@ -1,5 +1,6 @@
 .gradle
-/build/
+build/
+out/
 !gradle/wrapper/gradle-wrapper.jar
 
 ### STS ###
@@ -26,4 +27,4 @@ local.properties
 /nbdist/
 /.nb-gradle/
 
-/src/main/docker/etc/rest_source_clients_configs.yml
+/src/main/docker/etc/rest_source_clients_configs.yml

README.md

@@ -6,74 +6,50 @@ An application to get authorization from users to access their data through 3rd
 1. It has one active entity where we store user properties.
 2. Has liquibase support to enable seamless database schema migration.
 3. Has a simple web-service with REST Endpoints to share configured source-type client details and authorized users.
-4. Currently various source-types can be configured using a YAML file and these entries are stored in memory.
+4. Currently various source-types can be configured using the configuration file and these entries are stored in memory.
 
 ## APIs to be used by REST Source-Connectors
 `RADAR REST Source-Connectors` can use the APIs as follows.
- 1. To get all configured users for a particular source-type use `GET */users/{source-type}` .
+ 1. To get all configured users for a particular source-type use `GET */users?source-type={source-type}` .
  2. To get details of a particular user use `GET */users/{id}`.
  3. To get the token details of a particular user use `GET */users/{id}/token`.
  4. To refresh the token of a particular user use `POST /users/{id}/token`.
 
-## Usage
-To run this application from source:
-
-```$cmd
-./gradlew build assemble
-java -jar radar-rest-sources-authorizer*.jar
-```
 ## Installation
 To install functional RADAR-base Rest-Sources Authorizer application with minimal dependencies from source, please use the `docker-compose.yml` under the root directory
-1. Copy the `docker/etc/rest-sources-authorizer/rest_source_clients_configs.yml.template` into `docker/etc/rest-sources-authorizer/rest_source_clients_configs.yml` and modify the `client_id` and `client_secret` with your Fitbit client application credentials.
+1. Copy the `docker/etc/rest-source-authorizer/authorizer.yml.template` into `docker/etc/rest-source-authorizer/authorizer.yml` and modify the `restSourceClients.FitBit.clientId` and `restSourceClients.FitBit.clientSecret` with your Fitbit client application credentials.
 ```bash
 docker-compose up -d --build
 ```
 You can find the Authorizer app running on `http://localhost:8080/rest-sources/authorizer/`
 You can find the Management Portal app running on `http://localhost:8080/managementportal/`
 ## Validation
 
-There is validation available for the properties of the subject entered by the user. These are currenlty validated using the details from the Management portal. You can configure this according to your requirements as follows -
-
-### If don't need validation
-Add the `REST_SOURCE_AUTHORIZER_VALIDATOR` env var to your docker-compose service to disable validation-
-```yaml
-  radar-rest-sources-backend:
-    image: radarbase/radar-rest-source-auth-backend:1.2.1
-...
-    environment:
-...
-      - REST_SOURCE_AUTHORIZER_VALIDATOR=""
-    volumes:
-      - ./etc/rest-source-authorizer/:/app-includes/
-...
-
-```
-**Note: This will only disable backend validation. The frontend validation(based on Regex) will still exist.**
-
-### Enable validation using Management Portal
+All users registered with the application will be validated against ManagementPortal for integrity and security.
+Front-end application will perform additional validation based on regex to improve user experience.
 
-#### First Create a new oAuth client in Management Portal
+### Registering OAuth Clients with ManagementPortal
 To add new OAuth clients, you can add at runtime through the UI on Management Portal, or you can add them to the OAuth clients file referenced by the MANAGEMENTPORTAL_OAUTH_CLIENTS_FILE configuration option. For more info, see [officail docs](https://github.com/RADAR-base/ManagementPortal#oauth-clients)
-The OAuth client should have the following properties-
-
-1. scope - `PROJECT.READ, SUBJECT.READ`
-2. grant_type - `client_credentials`
+The OAuth client for authorizer-app-backend should have the following properties.
+```properties
+client-id: radar_rest_sources_auth_backend
+client-secret: Confidential
+grant-type: client_credentials
+resources: res_ManagementPortal
+scope: PROJECT.READ,SUBJECT.READ
+```
 
-#### Then add the following to your rest authoriser service
-Add the following env vars to your docker-compose service-
-```yaml
-  radar-rest-sources-backend:
-    image: radarbase/radar-rest-source-auth-backend:1.2.1
-...
-    environment:
-...
-      - REST_SOURCE_AUTHORIZER_VALIDATOR=managementportal
-      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_BASE_URL=http://managementportal-app:8080/managementportal/
-      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_OAUTH_CLIENT_ID=radar_rest_sources_auth
-      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_OAUTH_CLIENT_SECRET=secret
-    volumes:
-      - ./etc/rest-source-authorizer/:/app-includes/
-...
+The OAuth client for authorizer-app should have the following properties.
+```properties
+client-id: radar_rest_sources_authorizer
+client-secret: Empty
+grant-type: authorization_code
+resources: res_restAuthorizer
+scope: SOURCETYPE.READ,PROJECT.READ,SUBJECT.READ,SUBJECT.UPDATE
+callback-url: <advertised-url-of-rest-sources-authorizer-app>/login 
+# the callback-url should be resolvable and match with the environment variable of radar-rest-sources-authorizer -> AUTH_CALLBACK_URL in the docker-compose.yml file. 
 ```
+## Migrating from 1.*.* version to 2.*
 
-**Note**: Make sure to configure the client id and client secret as created in the Management portal
+1. Move configurations from application.yml and environment variables to `authorizer.yml` following the description in `authorizer.yml.template`.
+2. Move configurations from rest_source_clients_configs.yml to `restSourceClients` in corresponding YAML format in `authorizer.yml`.

authorizer-app-backend/API-Documentation.md

@@ -0,0 +1,49 @@
+#API Documentation
+
+## API documentation
+
+1. Request for authorized projects
+
+```bash
+GET /projects
+```
+Response format
+```json
+{
+  "projects": [
+    {
+      "id": "test",
+      "location": "test",
+      "description": "test"
+    }
+  ]
+}
+```
+2. Request for project details by id
+```bash
+GET /projects/test
+```
+Response format
+```json
+{
+  "id": "test",
+  "location": "test",
+  "description": "test"
+}
+```
+3. Requests for subjects/participants of a project
+```bash
+GET /projects/test/users
+```
+Response format
+```json
+{
+  "users": [
+    {
+      "id": "628277bb-239e-4137-9d15-9d8f6bb05618",
+      "projectId": "test",
+      "status": "ACTIVATED"
+    }
+  ]
+}
+```

authorizer-app-backend/Dockerfile

@@ -0,0 +1,43 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gradle:6.6.1-jdk11 as builder
+
+RUN mkdir /code
+WORKDIR /code
+ENV GRADLE_USER_HOME=/code/.gradlecache
+
+COPY ./build.gradle.kts ./settings.gradle.kts ./gradle.properties /code/
+COPY authorizer-app-backend/build.gradle.kts  /code/authorizer-app-backend/
+RUN gradle :authorizer-app-backend:downloadDependencies
+
+COPY authorizer-app-backend/src /code/authorizer-app-backend/src
+
+RUN gradle -Dkotlin.compiler.execution.strategy="in-process" -Dorg.gradle.parallel=false -Pkotlin.incremental=false :authorizer-app-backend:distTar \
+    && cd authorizer-app-backend/build/distributions \
+    && tar xf *.tar \
+    && rm *.tar authorizer-app-backend-*/lib/authorizer-app-backend-*.jar
+
+FROM openjdk:11-jre-slim
+
+MAINTAINER @nivemaham @blootsvoets
+
+LABEL description="RADAR-base rest sources authorizer backend application"
+
+COPY --from=builder /code/authorizer-app-backend/build/distributions/authorizer-app-backend-*/bin/* /usr/bin/
+COPY --from=builder /code/authorizer-app-backend/build/distributions/authorizer-app-backend-*/lib/* /usr/lib/
+COPY --from=builder /code/authorizer-app-backend/build/libs/authorizer-app-backend-*.jar /usr/lib/
+
+EXPOSE 8085
+
+CMD ["authorizer-app-backend"]
+

authorizer-app-backend/authorizer.yml

@@ -0,0 +1,28 @@
+service:
+  # Interval time in minutes for syncing projects and subjects.
+  baseUri: http://0.0.0.0:8085/rest-sources/backend/
+  advertisedBaseUri: http://0.0.0.0:8080/rest-sources/backend/
+  enableCors: true
+
+auth:
+  # Management Portal URL
+  managementPortalUrl: https://radar-test.thehyve.net/managementportal/
+  # OAuth2 Client id of rest source auth application
+  clientId: radar_rest_sources_auth
+  # OAuth2 Client Secret of rest source auth client
+  clientSecret: <MP_CLIENT_SECRET>
+
+database:
+  driver: org.postgresql.Driver
+  url: jdbc:postgresql://localhost:5432/managementportal
+  user: radar
+  password: radar_test
+  dialect: org.hibernate.dialect.PostgreSQLDialect
+
+restSourceClients:
+  - sourceType: FitBit
+    authorizationEndpoint: https://www.fitbit.com/oauth2/authorize
+    tokenEndpoint: https://api.fitbit.com/oauth2/token
+    clientId: <CLIENT_ID>
+    clientSecret: <CLIENT_SECRET>
+    scope: activity heartrate sleep profile

authorizer-app-backend/build.gradle.kts

@@ -0,0 +1,94 @@
+import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
+
+plugins {
+    application
+    kotlin("jvm")
+    id("org.jetbrains.kotlin.plugin.noarg")
+    id("org.jetbrains.kotlin.plugin.jpa")
+    id("org.jetbrains.kotlin.plugin.allopen")
+}
+
+
+application {
+    mainClassName = "org.radarbase.authorizer.MainKt"
+}
+
+project.extra.apply {
+    set("okhttpVersion", "4.9.0")
+    set("radarJerseyVersion", "0.4.2.1")
+    set("jacksonVersion", "2.11.3")
+    set("slf4jVersion", "1.7.30")
+    set("logbackVersion", "1.2.3")
+    set("jerseyVersion", "2.32")
+    set("liquibaseVersion", "3.10.2")
+    set("junitVersion", "5.7.0")
+    set("mockitoKotlinVersion", "2.2.0")
+    set("githubRepoName", "RADAR-base/RADAR-Rest-Source-Auth")
+    set("githubUrl", "https://github.com/RADAR-base/RADAR-Rest-Source-Auth.git")
+    set("issueUrl", "https://github.com/RADAR-base/RADAR-Rest-Source-Auth/issues")
+    set("website", "http://radar-base.org")
+    set("description", "RADAR Rest Source Authorizer handles authorization for data access from third party APIs for wearable devices or other connected sources.")
+}
+
+
+repositories {
+    jcenter()
+    mavenCentral()
+    maven(url = "https://dl.bintray.com/radar-base/org.radarbase")
+    maven(url = "https://dl.bintray.com/radar-cns/org.radarcns")
+    maven(url = "https://repo.thehyve.nl/content/repositories/snapshots")
+    maven(url = "https://oss.jfrog.org/artifactory/libs-snapshot/")
+}
+
+dependencies {
+    api(kotlin("stdlib-jdk8"))
+    implementation(kotlin("reflect"))
+
+    implementation("org.radarbase:radar-jersey:${project.extra["radarJerseyVersion"]}")
+    implementation("org.radarbase:radar-jersey-hibernate:${project.extra["radarJerseyVersion"]}")
+
+    implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${project.extra["jacksonVersion"]}")
+    implementation("com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${project.extra["jacksonVersion"]}")
+    implementation("com.fasterxml.jackson.module:jackson-module-kotlin:${project.extra["jacksonVersion"]}")
+
+    implementation("org.slf4j:slf4j-api:${project.extra["slf4jVersion"]}")
+
+    implementation("com.squareup.okhttp3:okhttp:${project.extra["okhttpVersion"]}")
+
+    runtimeOnly("ch.qos.logback:logback-classic:${project.extra["logbackVersion"]}")
+
+    testImplementation("org.junit.jupiter:junit-jupiter:${project.extra["junitVersion"]}")
+    testImplementation("org.hamcrest:hamcrest-all:1.3")
+    testImplementation("com.nhaarman.mockitokotlin2:mockito-kotlin:${project.extra["mockitoKotlinVersion"]}")
+
+    testImplementation("org.glassfish.jersey.test-framework.providers:jersey-test-framework-provider-grizzly2:${project.extra["jerseyVersion"]}")
+}
+
+tasks.withType<KotlinCompile> {
+    kotlinOptions {
+        jvmTarget = "11"
+        apiVersion = "1.4"
+        languageVersion = "1.4"
+    }
+}
+
+tasks.withType<Test> {
+    useJUnitPlatform()
+    testLogging {
+        events("passed", "skipped", "failed")
+    }
+}
+
+allOpen {
+    annotation("javax.persistence.Entity")
+    annotation("javax.persistence.MappedSuperclass")
+    annotation("javax.persistence.Embeddable")
+}
+
+tasks.register("downloadDependencies") {
+    doLast {
+        configurations["runtimeClasspath"].files
+        configurations["compileClasspath"].files
+        println("Downloaded all dependencies")
+    }
+}