diff --git a/server/backend/src/Server.ts b/server/backend/src/Server.ts index 814926cf5..44278e24c 100644 --- a/server/backend/src/Server.ts +++ b/server/backend/src/Server.ts @@ -3,7 +3,6 @@ import dotenv from 'dotenv'; dotenv.config(); - import { loadSecrets } from './secrets/Index'; import cors from '@koa/cors'; import Koa from 'koa'; @@ -15,6 +14,10 @@ import { catchAll, httpRequestLogger, setupDbConnection, mainLogger as logger } import { createBlobContainers, createLocalFolders, setupBlobStore } from '@karya/common'; import { envGetNumber, envGetString } from '@karya/misc-utils'; +// enable this next line in case you are facing issue : "UNABLE_TO_FIND_LOCAL_ISSUER_CERTIFICATE" while registering into application +// process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0'; + + // Setup Koa application const app = new Koa(); diff --git a/server/backend/src/scripts/AuthBootstrap.ts b/server/backend/src/scripts/AuthBootstrap.ts index fb7c28b5a..9c0cbd1f0 100644 --- a/server/backend/src/scripts/AuthBootstrap.ts +++ b/server/backend/src/scripts/AuthBootstrap.ts @@ -6,7 +6,7 @@ import { BasicModel } from '@karya/common'; import { ServerUser } from '@karya/core'; import { getCreationCode } from '@karya/misc-utils'; -import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler'; +// import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler'; /** * Function to bootstrap authentication. Creates an admin user and outputs a creation code. @@ -30,6 +30,9 @@ export async function bootstrapAuth() { /** Create an admin user */ const workProvider: ServerUser = { role: 'ADMIN', + role_mappings: { + role_mappings: ['ADMIN'] + }, access_code, full_name: '', email: '', @@ -40,7 +43,7 @@ export async function bootstrapAuth() { const insertedRecord = await BasicModel.insertRecord('server_user', workProvider); /**Create role for admin */ - await TokenAuthHandler.assignRole(insertedRecord, 'ADMIN'); + // await TokenAuthHandler.assignRole(insertedRecord, 'ADMIN'); if (insertedRecord === null) { throw new Error('Failed to create record'); diff --git a/server/backend/src/scripts/ResetDB.ts b/server/backend/src/scripts/ResetDB.ts index 446239f42..242912532 100644 --- a/server/backend/src/scripts/ResetDB.ts +++ b/server/backend/src/scripts/ResetDB.ts @@ -12,7 +12,7 @@ import { Promise as BBPromise } from 'bluebird'; import { knex, setupDbConnection, ServerDbFunctions, mainLogger as logger, BasicModel } from '@karya/common'; import { bootstrapAuth } from './AuthBootstrap'; import { createAllMatViews } from '../models/MatViewModel'; -import * as KeycloakUtils from '../utils/auth/KeycloakUtils'; +// import * as KeycloakUtils from '../utils/auth/KeycloakUtils'; /** * Function to recreate all tables in the database @@ -46,8 +46,13 @@ let scriptSequence = ['recreate-tables', 'auth-bootstrap']; setupDbConnection(); // Remove server users from keycloak - const allServerUsers = await BasicModel.getRecords('server_user', {}); - await KeycloakUtils.removeAllUsers(); + // try { + // const allServerUsers = await BasicModel.getRecords('server_user', {}); + // await KeycloakUtils.removeAllUsers(); + // } catch (e) { + // logger.warn(e) + // } + await BBPromise.mapSeries(scriptSequence, async (action) => { switch (action) { diff --git a/server/backend/src/user-routes-controllers/ServerUserController.ts b/server/backend/src/user-routes-controllers/ServerUserController.ts index 264717c13..473fde024 100644 --- a/server/backend/src/user-routes-controllers/ServerUserController.ts +++ b/server/backend/src/user-routes-controllers/ServerUserController.ts @@ -8,7 +8,8 @@ import { ServerUser } from '@karya/core'; import { getCreationCode } from '@karya/misc-utils'; import { UserRouteMiddleware } from '../routes/UserRoutes'; import * as HttpResponse from '@karya/http-response'; -import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler'; +import RoleMappings from "../utils/auth/tokenAuthoriser/RoleMappings"; +// import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler'; /** * Create a new server user. Cannot create an admin through this endpoint. @@ -20,6 +21,13 @@ export const create: UserRouteMiddleware = async (ctx) => { if (server_user.role === 'ADMIN') { return HttpResponse.BadRequest(ctx, 'Cannot create user with ADMIN role'); } + if (server_user.role === 'WORK_PROVIDER') { + server_user.role_mappings = RoleMappings.WORK_PROVIDER + } + if (server_user.role === 'COORDINATOR'){ + server_user.role_mappings = RoleMappings.COORDINATOR + + } // Generate access code and ensure it is not repeated let access_code: string = ''; @@ -38,7 +46,7 @@ export const create: UserRouteMiddleware = async (ctx) => { const record = await BasicModel.insertRecord('server_user', server_user); // Assign work-provider role - await TokenAuthHandler.assignRole(record, server_user.role!); + // await TokenAuthHandler.assignRole(record, server_user.role!); HttpResponse.OK(ctx, record); }; diff --git a/server/backend/src/user-routes-controllers/TaskController.ts b/server/backend/src/user-routes-controllers/TaskController.ts index 6ef319807..f8402b253 100644 --- a/server/backend/src/user-routes-controllers/TaskController.ts +++ b/server/backend/src/user-routes-controllers/TaskController.ts @@ -23,7 +23,7 @@ import { upsertKaryaFile } from '../models/KaryaFileModel'; import { inputProcessorQ, outputGeneratorQ } from '../task-ops/Index'; import { csvToJson } from '../scenarios/Common'; import { Promise as BBPromise } from 'bluebird'; -import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler'; +// import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler'; // Task route state for routes dealing with a specific task type TaskState = { task: TaskRecordType }; @@ -69,7 +69,7 @@ export const create: UserRouteMiddleware = async (ctx) => { try { const insertedRecord = await BasicModel.insertRecord('task', task); - await TokenAuthHandler.grantTaskPermission(user, insertedRecord.id, ['read', 'edit']); + // await TokenAuthHandler.grantTaskPermission(user, insertedRecord.id, ['read', 'edit']); HttpResponse.OK(ctx, insertedRecord); } catch (e) { // Internal server error diff --git a/server/backend/src/utils/auth/tokenAuthoriser/Index.ts b/server/backend/src/utils/auth/tokenAuthoriser/Index.ts index aa78febcd..44f64dd92 100644 --- a/server/backend/src/utils/auth/tokenAuthoriser/Index.ts +++ b/server/backend/src/utils/auth/tokenAuthoriser/Index.ts @@ -8,9 +8,9 @@ import * as HttpResponse from '@karya/http-response'; const policyParser = new PolicyParser(Policy); export const tokenAuthoriser: UserRouteMiddleware = async (ctx, next) => { - const resourceTokens = policyParser.getResourceTokens(ctx); + const resourceTokens = policyParser.getResourceTokens(ctx); //reource == api const serverUser = await BasicModel.getSingle('server_user', { id: ctx.state.entity.id }); - const userTokens = await TokenAuthHandler.getTokens(serverUser); + const userTokens = serverUser.role_mappings ? serverUser.role_mappings.role_mappings : []; const accessAllowed = isAccessAllowed(userTokens, resourceTokens); if (!accessAllowed) return HttpResponse.Forbidden(ctx, 'User does not have enough permissions, please contact admin'); diff --git a/server/backend/src/utils/auth/tokenAuthoriser/RoleMappings.ts b/server/backend/src/utils/auth/tokenAuthoriser/RoleMappings.ts new file mode 100644 index 000000000..998809144 --- /dev/null +++ b/server/backend/src/utils/auth/tokenAuthoriser/RoleMappings.ts @@ -0,0 +1,5 @@ +export default { + ADMIN: {role_mappings:['ADMIN']}, + WORK_PROVIDER: {role_mappings:['WORK_PROVIDER']}, + COORDINATOR: {role_mappings:['COORDINATOR']} + }; \ No newline at end of file diff --git a/server/core/schema/specs/KaryaDb.ts b/server/core/schema/specs/KaryaDb.ts index 9407498d1..fd689d291 100644 --- a/server/core/schema/specs/KaryaDb.ts +++ b/server/core/schema/specs/KaryaDb.ts @@ -72,6 +72,7 @@ const karyaDb: DatabaseSpec = { ['auth_id', ['string', 64], 'not unique', 'nullable', 'mutable'], ['id_token', ['text'], 'unique', 'nullable', 'mutable'], ['role', ['string', 32, 'ServerRole'], 'not unique', 'not nullable', 'not mutable'], + ['role_mappings', ['stringarray'], 'not unique', 'nullable', 'mutable'], ['full_name', ['string', 64], 'not unique', 'nullable', 'mutable'], ['email', ['string', 64], 'not unique', 'nullable', 'mutable'], ],