Add support for legacy gcube_token
This commit is contained in:
parent
de98129d8c
commit
c9a7439cdd
|
@ -0,0 +1,32 @@
|
|||
export default { config };
|
||||
|
||||
var config = {
|
||||
"pep_credentials" : "w1mXHx5agliwL2dc3Bf14jwCduG1NUgf",
|
||||
"debug": true,
|
||||
"accounting": {
|
||||
"scope": "/d4science.research-infrastructures.eu/D4OS/EcologicalRestorationLab",
|
||||
"service_name": "shinyproxy_bluecloud_erl",
|
||||
"host": "shinyproxy-ecologicalrestorationlab-pep.d4science.org"
|
||||
},
|
||||
"hosts": [
|
||||
{
|
||||
"host": ["shinyproxy-ecologicalrestorationlab-pep.d4science.org"],
|
||||
"audience": "shinyproxy_bluecloud-erl",
|
||||
"allow-basic-auth": "false",
|
||||
"paths": [
|
||||
{
|
||||
"name": "Default Resource",
|
||||
"path": "^/?.*$",
|
||||
"methods": [
|
||||
{
|
||||
"method": "GET"
|
||||
},
|
||||
{
|
||||
"method": "POST"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -104,4 +104,13 @@ server {
|
|||
proxy_set_header Content-Type "application/json";
|
||||
proxy_pass "${ACCOUNTING_SERVICE_BASEURL}/record";
|
||||
}
|
||||
|
||||
location /_accounting_legacy {
|
||||
internal;
|
||||
proxy_method POST;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header gcube-token "$auth_token";
|
||||
proxy_set_header Content-Type "application/json";
|
||||
proxy_pass https://accounting-service.d4science.org/accounting-service/record;
|
||||
}
|
||||
}
|
||||
|
|
103
src/pep.js
103
src/pep.js
|
@ -1,12 +1,16 @@
|
|||
export default { enforce_legacy };
|
||||
|
||||
import defaultExport from './config.js';
|
||||
import defaultExport from './config2.js';
|
||||
|
||||
function log(c, s) {
|
||||
c.request.log(s)
|
||||
}
|
||||
|
||||
var _debug = defaultExport["debug"]
|
||||
var _debug = defaultExport["config"]["debug"]
|
||||
var _debug = true
|
||||
|
||||
njs.dump(_debug);
|
||||
|
||||
function debug(c, s) {
|
||||
if (_debug === true) {
|
||||
log(c, s)
|
||||
|
@ -33,14 +37,20 @@ function enforce(r) {
|
|||
function enforce_legacy(r) {
|
||||
|
||||
var context = {
|
||||
request: r
|
||||
request: r,
|
||||
config: defaultExport["config"]
|
||||
}
|
||||
|
||||
var allowedcontexts = [defaultExport["accounting"]["scope"]]
|
||||
|
||||
//log(context, JSON.stringify(context.config["accounting"], null, 2));
|
||||
var allowedcontexts = [context.config["accounting"]["scope"]]
|
||||
|
||||
|
||||
log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
|
||||
|
||||
log(context, "debug is " + JSON.stringify(defaultExport["config"]))
|
||||
const token = getGCubeToken(context)
|
||||
//log(context, JSON.stringify(context, null, 2))
|
||||
log(context, "gcube token" + token)
|
||||
if (token != null) {
|
||||
debug(context, "[PEP] token is " + token)
|
||||
exportVariable(context, "auth_token", token)
|
||||
|
@ -55,18 +65,21 @@ function enforce_legacy(r) {
|
|||
}
|
||||
return response
|
||||
} else {
|
||||
debug(context, "[Social Service] failed " + reply.status + ":" + reply.responseBody)
|
||||
log(context, "[Social Service] failed " + reply.status + ":" + reply.responseBody)
|
||||
throw new Error("Unauthorized")
|
||||
}
|
||||
}).then(userinfo => {
|
||||
debug(context, "[Social Service] username is " + userinfo.result.username)
|
||||
//log(context, njs.dump(context));
|
||||
context.userinfo = userinfo
|
||||
context.record = buildAccountingRecord(context)
|
||||
return context.request.subrequest("/_backend", { method : context.request.method, args : context.request.args, headers : context.request.headersIn})
|
||||
context.record = buildAccountingRecord_legacy(context)
|
||||
|
||||
return context.request.subrequest("/_backend", { method: context.request.method, args: JSON.stringify(context.request.args), headers: context.request.headersIn })
|
||||
}).then(reply => {
|
||||
debug(context, "[{{ sobigdata_ontotagme_service_name }}] response status: " + reply.status)
|
||||
closeAccountingRecord(context.record, (reply.status === 200 || reply.status === 201 || reply.status === 204))
|
||||
context.request.subrequest("/_accounting", { detached : true, body : JSON.stringify([context.record]) })
|
||||
debug(context, reply.responseBody);
|
||||
closeAccountingRecord_legacy(context.record, (reply.status === 200 || reply.status === 201 || reply.status === 204))
|
||||
context.request.subrequest("/_accounting_legacy", { detached: true, body: JSON.stringify([context.record]) })
|
||||
r.return(reply.status, reply.responseBody)
|
||||
}).catch(e => { log(context, "Error .... " + njs.dump(e)); context.request.return(e.message === "Unauthorized" ? 403 : 500) })
|
||||
|
||||
|
@ -142,7 +155,7 @@ var wkf = {
|
|||
|
||||
function getGCubeToken(context) {
|
||||
if (context.request.args["gcube-token"]) {
|
||||
return context.request["gcube-token"];
|
||||
return context.request.args["gcube-token"];
|
||||
} else if (context.request.headersIn['gcube-token']) {
|
||||
return context.request.headersIn['gcube-token'];
|
||||
}
|
||||
|
@ -453,6 +466,72 @@ function buildAccountingRecord(context){
|
|||
return context
|
||||
}
|
||||
|
||||
function __buildAccountingRecord_legacy(context) {
|
||||
log(context, "Inside build accounting record");
|
||||
const t = (new Date()).getTime()
|
||||
context.record = {
|
||||
"recordType": "ServiceUsageRecord",
|
||||
"operationCount": 1,
|
||||
"creationTime": t,
|
||||
"callerHost": context.request.headersIn["x-forwarded-for"],
|
||||
"serviceClass": "Application",
|
||||
"callerQualifier": "TOKEN",
|
||||
"consumerId": context.userinfo.username,
|
||||
"aggregated": true,
|
||||
"serviceName": context.config["accounting"]["service_name"],
|
||||
"duration": 0,
|
||||
"maxInvocationTime": 0,
|
||||
"scope": context.config["accounting"]["scope"],
|
||||
"host": context.config["accounting"]["host"],
|
||||
"startTime": t,
|
||||
"id": uuid(),
|
||||
"calledMethod": context.request.method + " " + context.request.uri,
|
||||
"endTime": 0,
|
||||
"minInvocationTime": 0,
|
||||
"operationResult": null
|
||||
}
|
||||
log(context, "Record is " + JSON.stringify(context.record))
|
||||
return context
|
||||
}
|
||||
|
||||
function buildAccountingRecord_legacy(context) {
|
||||
const t = (new Date()).getTime()
|
||||
return {
|
||||
"recordType": "ServiceUsageRecord",
|
||||
"operationCount": 1,
|
||||
"creationTime": t,
|
||||
"callerHost": context.request.remoteAddress,
|
||||
"serviceClass": "ShinyApp",
|
||||
"callerQualifier": "TOKEN",
|
||||
"consumerId": context.userinfo.username,
|
||||
"aggregated": true,
|
||||
"serviceName": context.request.uri.split("app/")[1],
|
||||
"duration": 0,
|
||||
"maxInvocationTime": 0,
|
||||
"scope": context.userinfo.context,
|
||||
"host": context.request.headersIn.host,
|
||||
"startTime": t,
|
||||
"id": uuid(),
|
||||
"calledMethod": context.request.method + " " + context.request.uri,
|
||||
"endTime": 0,
|
||||
"minInvocationTime": 0,
|
||||
"operationResult": null
|
||||
}
|
||||
}
|
||||
|
||||
function closeAccountingRecord_legacy(record, success) {
|
||||
const t = (new Date()).getTime()
|
||||
record.duration = t - record.startTime
|
||||
record.endTime = t
|
||||
record.minInvocationTime = record.duration
|
||||
record.operationResult = success ? "SUCCESS" : "FAILED";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function closeAccountingRecord(context, success) {
|
||||
log(context, "Inside close accounting");
|
||||
const t = (new Date()).getTime()
|
||||
|
@ -460,7 +539,7 @@ function buildAccountingRecord(context){
|
|||
context.record.endTime = t
|
||||
context.record.minInvocationTime = context.record.duration
|
||||
context.record.operationResult = success ? "SUCCESS" : "FAILED";
|
||||
debug(context, "Record is " + JSON.stringify(context.record))
|
||||
log(context, "Record is " + njs.dump(context.record))
|
||||
return context
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue