wip: authenticate using teams instead of local services #449

api/config/default.cjs

@@ -6,8 +6,10 @@ var containerized = require('containerized')()
 
 const N = parseInt(process.env.NODE_APP_NB_INSTANCES)
 const serverPort = process.env.PORT || process.env.HTTPS_PORT || 8081
+const serverPortTeams = process.env.PORT_TEAMS || process.env.HTTPS_PORT_TEAMS || 8081
 // Required to know webpack port so that in dev we can build correct URLs
 const clientPort = process.env.CLIENT_PORT || process.env.HTTPS_CLIENT_PORT || 8080
+const clientPortTeams = process.env.CLIENT_PORT_TEAMS || process.env.HTTPS_CLIENT_PORT_TEAMS || 8082
 const API_PREFIX = '/api'
 // Start blocking after N requests or N auth requests
 let nbRequestsPerMinute = 60 * 4
@@ -42,23 +44,28 @@ let limiter = {
     interval: 60*1000 // 1 minute window
   }
 }
-let domain, weacastApi
+let domain, domainTeams, weacastApi
 // If we build a specific staging instance
 if (process.env.NODE_APP_INSTANCE === 'dev') {
   // For benchmarking
   apiLimiter = null
   limiter = null
   domain = 'https://crisis.dev.kalisio.xyz'
+  domainTeams = 'https://teams.dev.kalisio.xyz'
 } else if (process.env.NODE_APP_INSTANCE === 'test') {
   domain = 'https://crisis.test.kalisio.xyz'
+  domainTeams = 'https://teams.test.kalisio.xyz'
 } else if (process.env.NODE_APP_INSTANCE === 'prod') {
   domain = 'https://crisis.planet.kalisio.com'
+  domainTeams = 'https://teams.planet.kalisio.com'
 } else {
   // Otherwise we are on a developer machine
   if (process.env.NODE_ENV === 'development') {
     domain = 'http://localhost:' + clientPort // Crisis app client/server port = 8080/8081
+    domainTeams = 'http://localhost:' + clientPortTeams
   } else {
     domain = 'http://localhost:' + serverPort // Crisis app client/server port = 8081
+    domainTeams = 'http://localhost:' + serverPortTeams
   }
   // For benchmarking
   //apiLimiter = null
@@ -77,6 +84,7 @@ module.exports = {
   // https://github.com/chimurai/http-proxy-middleware
   proxyTable: {},
   domain,
+  domainTeams,
   gateway,
   host: process.env.HOSTNAME || 'localhost',
   port: serverPort,

api/src/app.hooks.js

@@ -39,7 +39,7 @@ export default {
         // If not exception process IDs
         return true
       }, coreHooks.processObjectIDs),
-      coreHooks.authorise
+      // coreHooks.authorise
     ],
     find: [coreHooks.marshallCollationQuery],
     get: [],

api/src/services/index.js

@@ -322,6 +322,7 @@ export default async function () {
       const response = {
         name: 'crisis',
         domain: app.get('domain'),
+        domainTeams: app.get('domainTeams'),
         gateway: app.get('gateway'),
         version: packageInfo.version,
         quotas: app.get('quotas'),
@@ -333,8 +334,8 @@ export default async function () {
       }
       res.json(response)
     })
-    app.on('service', async service => {
-      // Add app-specific hooks to required services initialized externally
+    app.on('service', async service => { 
+      // Add app-specific hooks to required services initialized externally  
       if (service.name === 'users' ||
           service.name === 'authorisations' ||
           service.name === 'organisations' ||
@@ -353,7 +354,7 @@ export default async function () {
         }
       }
       // Make remote services compliant with our internal app services so that permissions can be used
-      if (service.key === 'kano' || service.key === 'weacast') {
+      if (service.key === 'kano' || service.key === 'weacast' || service.key === 'teams') {
         debug('Configuring remote service', service)
         // Remote service are registered according to their path, ie with API prefix (but without trailing /)
         const remoteService = app.service(service.path)
@@ -374,6 +375,18 @@ export default async function () {
         })
       }
     })
+
+    // wait 30 seconds for the distributed user service to configure
+    function sleep(ms) {
+      return new Promise((resolve) => {
+        setTimeout(resolve, ms)
+      })
+    }
+    await sleep(30000)
+    // add user service id
+    // missing because it's a distributed service
+    app.getService('users').id = '_id'
+
     await app.configure(kCore)
     // This one is created by feathers under the hood so we cannot configure using the previous event listener,
     // which will only emit our own services

src/boot/kdk.js

@@ -16,7 +16,7 @@ import { Geolocation } from '@kalisio/kdk/map.client.map'
   if (theme) Theme.apply(theme)
 } */
 
-export default async ({ app }) => {
+export default async ({ app, router }) => {
   // Required to make injections reactively linked to the provider
   // https://vuejs.org/guide/components/provide-inject.html#working-with-reactivity
   app.config.unwrapInjectedRef = true
@@ -114,6 +114,12 @@ export default async ({ app }) => {
     api.get('storage').removeItem(config.gatewayJwt)
   })
 
+  router.afterEach(async (to, from, next) => {
+    // redirect to teams
+    if (to.path === '/login') window.location.href = Store.get('capabilities.api.domainTeams', '') + '/#/login?redirect_url=' + config.domain
+    next()
+  })
+
   // Install listener to log push notifications
   if (navigator.serviceWorker) {
     navigator.serviceWorker.onmessage = (event) => {

src/router/routes.js

@@ -2,7 +2,7 @@ const _ = require('lodash')
 const tours = require('../tours')
 
 module.exports = [{
-  path: '/',
+  path: '/:token?',
   name: 'index',
   component: 'Index',
   meta: { unauthenticated: true },

yarn.lock

@@ -3758,19 +3758,6 @@
     lodash "^4.17.21"
     moment "^2.29.4"
 
-"@kalisio/feathers-s3@^1.1.0":
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/@kalisio/feathers-s3/-/feathers-s3-1.1.0.tgz#bec52326dc6dacb3210243560c1b12a7e2bb7a7a"
-  integrity sha512-ED49LqFvWV/CfKqF/BAoVvos+zB7BC0XQU80oGryQs8NlsZ2lKEL5kDkAUlWhSKUgxSw9o6Z8fFmJ3gbTwYy1A==
-  dependencies:
-    "@aws-sdk/client-s3" "^3.209.0"
-    "@aws-sdk/s3-request-presigner" "^3.209.0"
-    "@feathersjs/commons" "^5.0.5"
-    "@feathersjs/errors" "^5.0.5"
-    debug "^4.1.0"
-    lodash "^4.17.21"
-    moment "^2.29.4"
-
 "@kalisio/feathers-s3@^1.2.0":
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/@kalisio/feathers-s3/-/feathers-s3-1.2.0.tgz#ba4178e02c15973a1262e49d083e22fc086e91ac"