antonio.calanducci
/
pep-container-image
forked from D4Science/pep-container-image
1
0
Fork 0
Code Pull Requests Activity

Add support for multple authorization scopes for legacy token; JWT token will use only the first authorized scope defined in config.js

This commit is contained in:
Antonio Calanducci 2024-05-22 10:18:12 +02:00
parent fc991a110c
commit 3c3bcdf838
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/config.js
View File

@ -5,7 +5,7 @@ var config = {
"debug": true,
"legacy": true,
"accounting": {
"scope": "authorized_scope",
"scopes": ["authorized_scope1", "authorizeed_scope2"],
"service_name": "docker_stack_name",
"host": "service_hostname"
},

4
src/pep.js
View File

@ -39,7 +39,7 @@ function enforce_legacy(r) {
}
debug(context, JSON.stringify(context.config["accounting"], null, 2));
var allowedcontexts = [context.config["accounting"]["scope"]]
var allowedcontexts = context.config["accounting"]["scopes"]
log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
debug(context, "debug is " + JSON.stringify(defaultExport["config"]))
const token = getGCubeToken(context)
@ -456,7 +456,7 @@ function buildAccountingRecord(context) {
"serviceName": defaultExport["accounting"]["service_name"],
"duration": 0,
"maxInvocationTime": 0,
"scope": defaultExport["accounting"]["scope"],
"scope": defaultExport["accounting"]["scopes"], // qui va cambiato per capire quale è lo scope corretto dell'utente
"host": defaultExport["accounting"]["host"],
"startTime": t,
"id": uuid(),