Merge pull request #92 from CloudEcosystemDev/CredPassing

Cred passing updates
CloudEcosystemDev · Nov 20, 2023 · bbf157b · bbf157b
2 parents 75614bc + ac0e08e
commit bbf157b
Show file tree

Hide file tree

Showing 8 changed files with 112 additions and 4 deletions.
diff --git a/lib/component-repository/package.json b/lib/component-repository/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@openintegrationhub/component-repository",
   "description": "Component repository",
-  "version": "0.7.2",
+  "version": "0.7.3",
   "author": "Open Integration Hub",
   "engines": {
     "node": ">=12"

diff --git a/lib/component-repository/src/routes/virtual-components/GetVirtualComponentConfig.js b/lib/component-repository/src/routes/virtual-components/GetVirtualComponentConfig.js
@@ -0,0 +1,30 @@
+const VirtualComponent = require('../../models/VirtualComponent');
+const ComponentConfig = require('../../models/ComponentConfig');
+
+module.exports = async function (req, res) {
+  //const { user } = req;
+  const { user, virtualComponent } = req;
+  const componentVersionId = req.params.componentVersionId;
+
+  let configQuery = user.isAdmin
+    ? {}
+    : {
+        $and: [
+          {
+            tenant: user.tenant,
+          },
+          {
+            componentVersionId: componentVersionId || virtualComponent.defaultVersionId,
+          },
+        ],
+      };
+
+  const componentConfig = await ComponentConfig.findOne(configQuery)
+    .lean()
+    .exec();
+
+  return res.send({
+    data: componentConfig,
+
+  });
+};
diff --git a/lib/component-repository/src/routes/virtual-components/index.js b/lib/component-repository/src/routes/virtual-components/index.js
@@ -65,6 +65,7 @@ module.exports = ({ iam }) => {
     require('./UpdateComponentVersion')
   );
   const GetVirtualComponent = asyncHandler(require('./GetOneVirtualComponent'));
+  const GetVirtualComponentConfig = asyncHandler(require('./GetVirtualComponentConfig'));
   const CreateComponentVersion = asyncHandler(
     require('./CreateComponentVersion')
   );
@@ -149,6 +150,7 @@ module.exports = ({ iam }) => {
   );
 
   router.get('/:id/:componentVersionId', loadVirtualComp, GetComponentVersion);
+  router.get('/:id/:componentVersionId/config', loadVirtualComp, GetVirtualComponentConfig);
   router.post(
     '/:id/:componentVersionId/config',
     can(config.componentWritePermission),

diff --git a/services/component-repository/package.json b/services/component-repository/package.json
@@ -2,7 +2,7 @@
   "name": "component-repository",
   "description": "Component repository",
   "private": true,
-  "version": "1.8.2",
+  "version": "1.8.3",
   "author": "Open Integration Hub",
   "engines": {
     "node": ">=12"

diff --git a/services/iam/package.json b/services/iam/package.json
@@ -1,6 +1,6 @@
 {
   "name": "iam",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Identity and Access Management Service",
   "main": "index.js",
   "scripts": {

diff --git a/services/iam/src/conf/index.js b/services/iam/src/conf/index.js
@@ -28,6 +28,9 @@ const config = {
 
         mongodb_url: optional('IAM_MONGODB_CONNECTION', 'mongodb://localhost:27017/accounts'),
         rabbitmqUrl: optional('RABBITMQ_URI', 'amqp://guest:guest@localhost:5672'),
+        secretServiceUrl: process.env.SECRET_SERVICE_URL || 'http://secret-service.oih-dev-ns.svc.cluster.local:3000/api/v1',
+        componentRepositoryUrl: process.env.COMP_REPO_URL || 'http://component-repository-service.oih-dev-ns.svc.cluster.local:1234/',
+
         originWhitelist: originwhitelist.concat(optional('NODE_ENV') !== 'production' ? [
             // development only
             '127.0.0.1', 

diff --git a/services/iam/src/models/schemas/tenant.js b/services/iam/src/models/schemas/tenant.js
@@ -2,6 +2,11 @@ const mongoose = require('mongoose');
 
 const { Schema } = mongoose;
 const CONSTANTS = require('../../constants');
+const settings = new Schema({
+    key: { type: String},
+    value: { type: String},
+    label: { type: String},
+})
 
 const TenantSchema = new Schema({
     name: { type: String, index: true,unique:true },
@@ -18,7 +23,7 @@ const TenantSchema = new Schema({
         ],
         default: CONSTANTS.STATUS.ACTIVE,
     },
-
+    settings: [ settings ],
 }, {
     timestamps: true,
 });

diff --git a/services/iam/src/routes/impersonate.js b/services/iam/src/routes/impersonate.js
@@ -5,13 +5,15 @@ const CONSTANTS = require('../constants/index');
 const CONF = require('../conf');
 const AccountDAO = require('../dao/accounts');
 const Account = require('../models/account');
+const TenantDAO = require('../dao/tenants');
 
 const TokenUtils = require('../util/tokens');
 
 const router = express.Router();
 const logger = Logger.getLogger(`${CONF.general.loggingNameSpace}/general`, {
     level: 'debug',
 });
+const compRepoUrl = CONF.general.componentRepositoryUrl;
 
 const endUserPermissions = [
     'flows.read',
@@ -59,6 +61,72 @@ const impersonateLogin = async (req, res, next) => {
             logger.error(JSON.stringify(error));
             return next({ status: 500, message: 'Internal Server Error' });
         }
+
+        // create new Secret if a default credential has been passed
+        if (req.body.credential) {
+            try {
+                //get tenant config
+                const tenant = await TenantDAO.findOne({
+                    _id: req.user.tenant
+                });
+                const defaultComponent = tenant.settings?.find((element) => element.key==="defaultComponent")?.value;
+
+                    if (defaultComponent) {
+                        //POST secret to /secrets endpoint with auth client
+                        //${CONF.general.secretServiceUrl}
+                        const componentInfo = await fetch(`${compRepoUrl}/virtual-components/${defaultComponent}`);
+                        const versionInfo = await fetch(`${compRepoUrl}/virtual-components/${defaultComponent}/${componentInfo.data.defaultVersionId}`);
+                        const {authType} = versionInfo.data?.authorization;
+                        let secret_body = {...req.body.credential,owners: [{type:'user',id:user._id}]};
+
+                        if (authType === 'OA2_AUTHORIZATION_CODE' || authType === 'SESSION_AUTH') {
+                            //get auth client info for OAuth from Tenant Config
+                            const authClientInfo = await fetch(`${compRepoUrl}/virtual-components/${defaultComponent}/${componentInfo.data.defaultVersionId}/config`);
+                            secret_body.authClient = authClientInfo?.data?.authClientId;
+                        }
+                        /*if (authType === 'SESSION_AUTH') {
+                            //get auth client from ComponentConfig above
+                        }*/
+
+                        const endpoint = `${CONF.general.secretServiceUrl}/secrets`;
+                        const method = 'POST';
+                        const response = await fetch(endpoint, {
+                            method: method,
+                            body: secret_body
+                        });
+                        if (response.data?._id && authType !== 'OA2_AUTHORIZATION_CODE') {
+                            //With auth types not equal to OAuth, POST the secret to the userConfig in the component-repository
+                            const config = {
+                                ...req.body.credential, 
+                                owners: [{type:'user',id:user._id}],
+                                authClient: tenant.settings?.defaultAuth?.authClient
+                            };
+                            const componentConfigEndpoint = `${compRepoUrl}/user-cfg`;
+                            //If no user config exists, create one using POST, otherwise, add new one via PUT
+                            const checkConfig = await fetch(`${componentConfigEndpoint}/${defaultComponent}`);
+                            if (checkConfig.status === 404) {
+                                await fetch(componentConfigEndpoint, {
+                                    method: 'POST',
+                                    body: {
+                                        secretIds: [response.data?._id],
+                                    },
+                                });
+                            } else {
+                                await fetch(`${componentConfigEndpoint}/${defaultComponent}`, {
+                                    method: 'PUT',
+                                    body: {
+                                        secretIds: [response.data?._id],
+                                    },
+                                });
+                            }
+                        }
+
+                    }
+                } catch (error) {
+                logger.error(JSON.stringify(error));
+                //return next({ status: 500, message: 'Could not Create Default Credential' });
+            }
+        }
     }
 
     authMiddleware.logIn(req, next, user, {