Merge pull request 'Add support for multiple authorization scopes for legacy token; JWT token will use only the first authorized scope defined in config.js' (!1) from antonio.calanducci/pep-container-image:master into master

Reviewed-on: D4Science/pep-container-image#1

src/config.js

@@ -3,8 +3,9 @@ export default { config };
 var config = {
     "pep_credentials" : "pep_credentials",
     "debug": true,
+    "legacy": true,
     "accounting": {
-        "scope":        "authorized_scope",
+        "scopes":       ["authorized_scope1", "authorizeed_scope2"],
         "service_name": "docker_stack_name",
         "host":         "service_hostname"
     },

src/nginx.conf

@@ -21,7 +21,8 @@ http {
     js_import pep.js;
     
     # added to bind enforce function 
-    js_set $authorization pep.enforce_legacy;
+    # it seems it's not used anywhere
+    # js_set $authorization pep.enforce_legacy;
     
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;

src/pep.js

@@ -39,7 +39,7 @@ function enforce_legacy(r) {
   }
 
   debug(context, JSON.stringify(context.config["accounting"], null, 2));
-  var allowedcontexts = [context.config["accounting"]["scope"]]
+  var allowedcontexts = context.config["accounting"]["scopes"]
   log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
   debug(context, "debug is " + JSON.stringify(defaultExport["config"]))
   const token = getGCubeToken(context)
@@ -456,7 +456,7 @@ function buildAccountingRecord(context) {
     "serviceName": defaultExport["accounting"]["service_name"],
     "duration": 0,
     "maxInvocationTime": 0,
-    "scope": defaultExport["accounting"]["scope"],
+    "scope": defaultExport["accounting"]["scopes"][0], // qui va cambiato per capire quale è lo scope corretto dell'utente, al momento viene preso il primo
     "host": defaultExport["accounting"]["host"],
     "startTime": t,
     "id": uuid(),