Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🛠️ Removing Keycloak Dependency #153

Merged
merged 5 commits into from
Jan 10, 2023
Merged

🛠️ Removing Keycloak Dependency #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
659aeee
Fix: server user query error on first time resetting db
anuragshukla06 Oct 25, 2022
21ab34f
:hammer: Fetching role directly from server_user table
Nov 4, 2022
c43a38a
:hammer: Adding a new column of role_mappings in server_user which ma…
Nov 8, 2022
6f39373
:hammer: Fixing bug of role-mappings column not inserting the mapping…
Nov 14, 2022
ab7755a
Fix: use role_mappings instead of role to get user tokens
anuragshukla06 Jan 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion server/backend/src/Server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@

import dotenv from 'dotenv';
dotenv.config();

import { loadSecrets } from './secrets/Index';
import cors from '@koa/cors';
import Koa from 'koa';
Expand All @@ -15,6 +14,10 @@ import { catchAll, httpRequestLogger, setupDbConnection, mainLogger as logger }
import { createBlobContainers, createLocalFolders, setupBlobStore } from '@karya/common';
import { envGetNumber, envGetString } from '@karya/misc-utils';

// enable this next line in case you are facing issue : "UNABLE_TO_FIND_LOCAL_ISSUER_CERTIFICATE" while registering into application
// process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';


Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you add these comments?

// Setup Koa application
const app = new Koa();

Expand Down
7 changes: 5 additions & 2 deletions server/backend/src/scripts/AuthBootstrap.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import { BasicModel } from '@karya/common';
import { ServerUser } from '@karya/core';
import { getCreationCode } from '@karya/misc-utils';
import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler';
// import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler';

/**
* Function to bootstrap authentication. Creates an admin user and outputs a creation code.
Expand All @@ -30,6 +30,9 @@ export async function bootstrapAuth() {
/** Create an admin user */
const workProvider: ServerUser = {
role: 'ADMIN',
role_mappings: {
role_mappings: ['ADMIN']
},
access_code,
full_name: '',
email: '',
Expand All @@ -40,7 +43,7 @@ export async function bootstrapAuth() {
const insertedRecord = await BasicModel.insertRecord('server_user', workProvider);

/**Create role for admin */
await TokenAuthHandler.assignRole(insertedRecord, 'ADMIN');
// await TokenAuthHandler.assignRole(insertedRecord, 'ADMIN');

if (insertedRecord === null) {
throw new Error('Failed to create record');
Expand Down
11 changes: 8 additions & 3 deletions server/backend/src/scripts/ResetDB.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import { Promise as BBPromise } from 'bluebird';
import { knex, setupDbConnection, ServerDbFunctions, mainLogger as logger, BasicModel } from '@karya/common';
import { bootstrapAuth } from './AuthBootstrap';
import { createAllMatViews } from '../models/MatViewModel';
import * as KeycloakUtils from '../utils/auth/KeycloakUtils';
// import * as KeycloakUtils from '../utils/auth/KeycloakUtils';

/**
* Function to recreate all tables in the database
Expand Down Expand Up @@ -46,8 +46,13 @@ let scriptSequence = ['recreate-tables', 'auth-bootstrap'];
setupDbConnection();

// Remove server users from keycloak
const allServerUsers = await BasicModel.getRecords('server_user', {});
await KeycloakUtils.removeAllUsers();
// try {
// const allServerUsers = await BasicModel.getRecords('server_user', {});
// await KeycloakUtils.removeAllUsers();
// } catch (e) {
// logger.warn(e)
// }


await BBPromise.mapSeries(scriptSequence, async (action) => {
switch (action) {
Expand Down
12 changes: 10 additions & 2 deletions server/backend/src/user-routes-controllers/ServerUserController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ import { ServerUser } from '@karya/core';
import { getCreationCode } from '@karya/misc-utils';
import { UserRouteMiddleware } from '../routes/UserRoutes';
import * as HttpResponse from '@karya/http-response';
import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler';
import RoleMappings from "../utils/auth/tokenAuthoriser/RoleMappings";
// import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler';

/**
* Create a new server user. Cannot create an admin through this endpoint.
Expand All @@ -20,6 +21,13 @@ export const create: UserRouteMiddleware = async (ctx) => {
if (server_user.role === 'ADMIN') {
return HttpResponse.BadRequest(ctx, 'Cannot create user with ADMIN role');
}
if (server_user.role === 'WORK_PROVIDER') {
server_user.role_mappings = RoleMappings.WORK_PROVIDER
}
if (server_user.role === 'COORDINATOR'){
server_user.role_mappings = RoleMappings.COORDINATOR

}

// Generate access code and ensure it is not repeated
let access_code: string = '';
Expand All @@ -38,7 +46,7 @@ export const create: UserRouteMiddleware = async (ctx) => {

const record = await BasicModel.insertRecord('server_user', server_user);
// Assign work-provider role
await TokenAuthHandler.assignRole(record, server_user.role!);
// await TokenAuthHandler.assignRole(record, server_user.role!);
HttpResponse.OK(ctx, record);
};

Expand Down
4 changes: 2 additions & 2 deletions server/backend/src/user-routes-controllers/TaskController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import { upsertKaryaFile } from '../models/KaryaFileModel';
import { inputProcessorQ, outputGeneratorQ } from '../task-ops/Index';
import { csvToJson } from '../scenarios/Common';
import { Promise as BBPromise } from 'bluebird';
import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler';
// import * as TokenAuthHandler from '../utils/auth/tokenAuthoriser/tokenAuthHandler/TokenAuthHandler';

// Task route state for routes dealing with a specific task
type TaskState = { task: TaskRecordType };
Expand Down Expand Up @@ -69,7 +69,7 @@ export const create: UserRouteMiddleware = async (ctx) => {

try {
const insertedRecord = await BasicModel.insertRecord('task', task);
await TokenAuthHandler.grantTaskPermission(user, insertedRecord.id, ['read', 'edit']);
// await TokenAuthHandler.grantTaskPermission(user, insertedRecord.id, ['read', 'edit']);
HttpResponse.OK(ctx, insertedRecord);
} catch (e) {
// Internal server error
Expand Down
4 changes: 2 additions & 2 deletions server/backend/src/utils/auth/tokenAuthoriser/Index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ import * as HttpResponse from '@karya/http-response';
const policyParser = new PolicyParser(Policy);

export const tokenAuthoriser: UserRouteMiddleware = async (ctx, next) => {
const resourceTokens = policyParser.getResourceTokens(ctx);
const resourceTokens = policyParser.getResourceTokens(ctx); //reource == api
const serverUser = await BasicModel.getSingle('server_user', { id: ctx.state.entity.id });
const userTokens = await TokenAuthHandler.getTokens(serverUser);
const userTokens = serverUser.role_mappings ? serverUser.role_mappings.role_mappings : [];

const accessAllowed = isAccessAllowed(userTokens, resourceTokens);
if (!accessAllowed) return HttpResponse.Forbidden(ctx, 'User does not have enough permissions, please contact admin');
Expand Down
5 changes: 5 additions & 0 deletions server/backend/src/utils/auth/tokenAuthoriser/RoleMappings.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
export default {
ADMIN: {role_mappings:['ADMIN']},
WORK_PROVIDER: {role_mappings:['WORK_PROVIDER']},
COORDINATOR: {role_mappings:['COORDINATOR']}
};
1 change: 1 addition & 0 deletions server/core/schema/specs/KaryaDb.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ const karyaDb: DatabaseSpec<KaryaTableName, KaryaString, KaryaObject> = {
['auth_id', ['string', 64], 'not unique', 'nullable', 'mutable'],
['id_token', ['text'], 'unique', 'nullable', 'mutable'],
['role', ['string', 32, 'ServerRole'], 'not unique', 'not nullable', 'not mutable'],
['role_mappings', ['stringarray'], 'not unique', 'nullable', 'mutable'],
['full_name', ['string', 64], 'not unique', 'nullable', 'mutable'],
['email', ['string', 64], 'not unique', 'nullable', 'mutable'],
],
Expand Down