From de2f3dadb4f7f7880aae939e41a653605bb43a21 Mon Sep 17 00:00:00 2001 From: Tristan Greffe Date: Fri, 20 Oct 2023 17:32:59 +0200 Subject: [PATCH] wip: authenticate using teams instead of local services #449 --- api/config/default.cjs | 10 +++++++++- api/src/app.hooks.js | 2 +- api/src/services/index.js | 19 ++++++++++++++++--- src/boot/kdk.js | 8 +++++++- src/router/routes.js | 2 +- yarn.lock | 13 ------------- 6 files changed, 34 insertions(+), 20 deletions(-) diff --git a/api/config/default.cjs b/api/config/default.cjs index 621925c0..75c26dd5 100644 --- a/api/config/default.cjs +++ b/api/config/default.cjs @@ -6,8 +6,10 @@ var containerized = require('containerized')() const N = parseInt(process.env.NODE_APP_NB_INSTANCES) const serverPort = process.env.PORT || process.env.HTTPS_PORT || 8081 +const serverPortTeams = process.env.PORT_TEAMS || process.env.HTTPS_PORT_TEAMS || 8081 // Required to know webpack port so that in dev we can build correct URLs const clientPort = process.env.CLIENT_PORT || process.env.HTTPS_CLIENT_PORT || 8080 +const clientPortTeams = process.env.CLIENT_PORT_TEAMS || process.env.HTTPS_CLIENT_PORT_TEAMS || 8082 const API_PREFIX = '/api' // Start blocking after N requests or N auth requests let nbRequestsPerMinute = 60 * 4 @@ -42,23 +44,28 @@ let limiter = { interval: 60*1000 // 1 minute window } } -let domain, weacastApi +let domain, domainTeams, weacastApi // If we build a specific staging instance if (process.env.NODE_APP_INSTANCE === 'dev') { // For benchmarking apiLimiter = null limiter = null domain = 'https://crisis.dev.kalisio.xyz' + domainTeams = 'https://teams.dev.kalisio.xyz' } else if (process.env.NODE_APP_INSTANCE === 'test') { domain = 'https://crisis.test.kalisio.xyz' + domainTeams = 'https://teams.test.kalisio.xyz' } else if (process.env.NODE_APP_INSTANCE === 'prod') { domain = 'https://crisis.planet.kalisio.com' + domainTeams = 'https://teams.planet.kalisio.com' } else { // Otherwise we are on a developer machine if (process.env.NODE_ENV === 'development') { domain = 'http://localhost:' + clientPort // Crisis app client/server port = 8080/8081 + domainTeams = 'http://localhost:' + clientPortTeams } else { domain = 'http://localhost:' + serverPort // Crisis app client/server port = 8081 + domainTeams = 'http://localhost:' + serverPortTeams } // For benchmarking //apiLimiter = null @@ -77,6 +84,7 @@ module.exports = { // https://github.com/chimurai/http-proxy-middleware proxyTable: {}, domain, + domainTeams, gateway, host: process.env.HOSTNAME || 'localhost', port: serverPort, diff --git a/api/src/app.hooks.js b/api/src/app.hooks.js index 5fb01842..ba54a696 100644 --- a/api/src/app.hooks.js +++ b/api/src/app.hooks.js @@ -39,7 +39,7 @@ export default { // If not exception process IDs return true }, coreHooks.processObjectIDs), - coreHooks.authorise + // coreHooks.authorise ], find: [coreHooks.marshallCollationQuery], get: [], diff --git a/api/src/services/index.js b/api/src/services/index.js index d3106ab1..00f0413c 100644 --- a/api/src/services/index.js +++ b/api/src/services/index.js @@ -322,6 +322,7 @@ export default async function () { const response = { name: 'crisis', domain: app.get('domain'), + domainTeams: app.get('domainTeams'), gateway: app.get('gateway'), version: packageInfo.version, quotas: app.get('quotas'), @@ -333,8 +334,8 @@ export default async function () { } res.json(response) }) - app.on('service', async service => { - // Add app-specific hooks to required services initialized externally + app.on('service', async service => { + // Add app-specific hooks to required services initialized externally if (service.name === 'users' || service.name === 'authorisations' || service.name === 'organisations' || @@ -353,7 +354,7 @@ export default async function () { } } // Make remote services compliant with our internal app services so that permissions can be used - if (service.key === 'kano' || service.key === 'weacast') { + if (service.key === 'kano' || service.key === 'weacast' || service.key === 'teams') { debug('Configuring remote service', service) // Remote service are registered according to their path, ie with API prefix (but without trailing /) const remoteService = app.service(service.path) @@ -374,6 +375,18 @@ export default async function () { }) } }) + + // wait 30 seconds for the distributed user service to configure + function sleep(ms) { + return new Promise((resolve) => { + setTimeout(resolve, ms) + }) + } + await sleep(30000) + // add user service id + // missing because it's a distributed service + app.getService('users').id = '_id' + await app.configure(kCore) // This one is created by feathers under the hood so we cannot configure using the previous event listener, // which will only emit our own services diff --git a/src/boot/kdk.js b/src/boot/kdk.js index 16f055d2..f54145dd 100644 --- a/src/boot/kdk.js +++ b/src/boot/kdk.js @@ -16,7 +16,7 @@ import { Geolocation } from '@kalisio/kdk/map.client.map' if (theme) Theme.apply(theme) } */ -export default async ({ app }) => { +export default async ({ app, router }) => { // Required to make injections reactively linked to the provider // https://vuejs.org/guide/components/provide-inject.html#working-with-reactivity app.config.unwrapInjectedRef = true @@ -114,6 +114,12 @@ export default async ({ app }) => { api.get('storage').removeItem(config.gatewayJwt) }) + router.afterEach(async (to, from, next) => { + // redirect to teams + if (to.path === '/login') window.location.href = Store.get('capabilities.api.domainTeams', '') + '/#/login?redirect_url=' + config.domain + next() + }) + // Install listener to log push notifications if (navigator.serviceWorker) { navigator.serviceWorker.onmessage = (event) => { diff --git a/src/router/routes.js b/src/router/routes.js index 4b6a4f57..9a02c498 100644 --- a/src/router/routes.js +++ b/src/router/routes.js @@ -2,7 +2,7 @@ const _ = require('lodash') const tours = require('../tours') module.exports = [{ - path: '/', + path: '/:token?', name: 'index', component: 'Index', meta: { unauthenticated: true }, diff --git a/yarn.lock b/yarn.lock index 6805b949..83f7e1d3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3758,19 +3758,6 @@ lodash "^4.17.21" moment "^2.29.4" -"@kalisio/feathers-s3@^1.1.0": - version "1.1.0" - resolved "https://registry.yarnpkg.com/@kalisio/feathers-s3/-/feathers-s3-1.1.0.tgz#bec52326dc6dacb3210243560c1b12a7e2bb7a7a" - integrity sha512-ED49LqFvWV/CfKqF/BAoVvos+zB7BC0XQU80oGryQs8NlsZ2lKEL5kDkAUlWhSKUgxSw9o6Z8fFmJ3gbTwYy1A== - dependencies: - "@aws-sdk/client-s3" "^3.209.0" - "@aws-sdk/s3-request-presigner" "^3.209.0" - "@feathersjs/commons" "^5.0.5" - "@feathersjs/errors" "^5.0.5" - debug "^4.1.0" - lodash "^4.17.21" - moment "^2.29.4" - "@kalisio/feathers-s3@^1.2.0": version "1.2.0" resolved "https://registry.yarnpkg.com/@kalisio/feathers-s3/-/feathers-s3-1.2.0.tgz#ba4178e02c15973a1262e49d083e22fc086e91ac"