Merge pull request #331 from teharrison/master

updates and fixes

Dockerfile

@@ -3,7 +3,7 @@
 # docker build -t mgrast/shock .
 # docker run --rm --name test -ti mgrast/shock /bin/ash
 
-FROM golang:1.7.5-alpine
+FROM golang:1.7.6-alpine
 
 ENV DIR=/go/src/github.com/MG-RAST/Shock
 WORKDIR /go/bin

Dockerfile.old

@@ -1,6 +1,6 @@
 # creates statically compiled shock-server binary: /go/bin/shock-server
 
-FROM golang:1.7.5-alpine
+FROM golang:1.7.6-alpine
 
 RUN apk update && apk add git make gcc libc-dev cyrus-sasl-dev
 

RELEASE_NOTES.txt

@@ -1,8 +1,15 @@
+# v0.9.22
+- update to golang 1.7.6
+- added ability to download multiple files (.tar or .zip format) from a list (POST)
+- auth update. now support multiple oauth services at once. requires config file update
+- update error handling in config init / parse
+- bug fix: chunkrecord regex
+
 # v0.9.21
 
 - graceful error handling of missing .bson file
 - add more to preauth return: file size, options used
-- added ability to download multiple files (.tar or .zip format) from a query
+- added ability to download multiple files (.tar or .zip format) from a query (GET)
 
 # v0.9.20
 

VERSION

@@ -1 +1 @@
-0.9.21
+0.9.22

shock-server.conf.template

@@ -1,10 +1,3 @@
-[Address]
-# IP and port for api
-# Note: use of port 80 may require root access
-# 0.0.0.0 will bind Shock to all IP's
-api-ip=0.0.0.0
-api-port=7445
-
 [Admin]
 # Email address is displayed at base URL
 email=admin@host.com
@@ -15,36 +8,52 @@ users=
 # Controls an anonymous user's ability to read/write
 # values: true/false
 read=true
-write=false
-delete=false
+write=true
+delete=true
 
-[Auth]
-# defaults to local user management with basis auth
-#basic=true
-# comment line above and uncomment below to use Globus Online as auth provider
-globus_token_url=https://nexus.api.globusonline.org/goauth/token?grant_type=client_credentials
-globus_profile_url=https://nexus.api.globusonline.org/users
-cache_timeout = 60
-#mgrast_oauth_url=https://api.metagenomics.anl.gov/user/authenticate
+[Address]
+# IP and port for api
+# Note: use of port 80 may require root access
+# 0.0.0.0 will bind Shock to all IP's
+api-ip=0.0.0.0
+api-port=7445
 
 [External]
 # URL displayed at base URL
 api-url=http://localhost
 
+[Auth]
+# defaults to local user management with basic auth
+basic=false
+globus_token_url=
+globus_profile_url=
+oauth_urls=
+oauth_bearers=
+cache_timeout=60
+
+[Runtime]
+# wait time in minutes before expiration reaper runs
+expire_wait=60
+# golang setting: The GOMAXPROCS variable limits the number of operating system threads that can execute user-level Go code simultaneously.
+GOMAXPROCS=
+# maximum number of most recent revisions to keep. 0 means keep none, -1 means keep all
+max_revisions=3
+
 [Log]
 # Logs performance of some Shock operations
 perf_log=false
 rotate=true
+logoutput=both
 
 [Mongodb]
 # Mongodb configuration
 # Hostnames and ports hosts=host1[,host2:port,...,hostN]
 # attribute_indexes defines a list of fields in the Node's attribute struct that will be indexed
-hosts=localhost
+attribute_indexes=
 database=ShockDB
+hosts=localhost
 user=
 password=
-attribute_indexes=
 
 [Paths]
 # site directory should contain the documentation files
@@ -58,14 +67,6 @@ local_paths=
 # pidfile should be the path to a file that Shock can use to store the server's process ID
 pidfile=
 
-[Runtime]
-# maximum number of most recent revisions to keep. 0 means keep none, -1 means keep all
-max_revisions=3
-# wait time in minutes before expiration reaper runs
-expire_wait=60
-# golang setting: The GOMAXPROCS variable limits the number of operating system threads that can execute user-level Go code simultaneously.
-GOMAXPROCS=
-
 [SSL]
 enable=false
 #key=<path_to_key_file>

shock-server/auth/auth.go

@@ -5,7 +5,7 @@ import (
 	"errors"
 	//"github.com/MG-RAST/Shock/shock-server/auth/basic"
 	"github.com/MG-RAST/Shock/shock-server/auth/globus"
-	"github.com/MG-RAST/Shock/shock-server/auth/mgrast"
+	"github.com/MG-RAST/Shock/shock-server/auth/oauth"
 	"github.com/MG-RAST/Shock/shock-server/conf"
 	e "github.com/MG-RAST/Shock/shock-server/errors"
 	"github.com/MG-RAST/Shock/shock-server/user"
@@ -21,8 +21,8 @@ func Initialize() {
 	if conf.AUTH_GLOBUS_TOKEN_URL != "" && conf.AUTH_GLOBUS_PROFILE_URL != "" {
 		authMethods = append(authMethods, globus.Auth)
 	}
-	if conf.AUTH_MGRAST_OAUTH_URL != "" {
-		authMethods = append(authMethods, mgrast.Auth)
+	if len(conf.AUTH_OAUTH) > 0 {
+		authMethods = append(authMethods, oauth.Auth)
 	}
 }
 

shock-server/auth/cache.go

@@ -1,8 +1,8 @@
 package auth
 
 import (
+	"github.com/MG-RAST/Shock/shock-server/conf"
 	"github.com/MG-RAST/Shock/shock-server/user"
-        "github.com/MG-RAST/Shock/shock-server/conf"
 	"sync"
 	"time"
 )
@@ -36,7 +36,7 @@ func (c *cache) add(header string, u *user.User) {
 	c.m[header] = cacheValue{
 		expires: time.Now().Add(time.Duration(conf.AUTH_CACHE_TIMEOUT) * time.Minute),
 		//expires: time.Now().Add(1 * time.Minute),
-		user:    u,
+		user: u,
 	}
 	return
 }

shock-server/auth/globus/globus.go

@@ -42,7 +42,7 @@ func authHeaderType(header string) string {
 // user
 func Auth(header string) (usr *user.User, err error) {
 	switch authHeaderType(header) {
-	case "globus-goauthtoken", "oauth":
+	case "globus-goauthtoken", "globus", "goauth":
 		return fetchProfile(strings.Split(header, " ")[1])
 	case "basic":
 		if username, password, err := basic.DecodeHeader(header); err == nil {
@@ -140,7 +140,7 @@ func clientId(t string) string {
 		Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}},
 	}
 	req, err := http.NewRequest("GET", conf.AUTH_GLOBUS_TOKEN_URL, nil)
-        //logger.Error("URL: " + conf.AUTH_GLOBUS_TOKEN_URL)
+	//logger.Error("URL: " + conf.AUTH_GLOBUS_TOKEN_URL)
 
 	if err != nil {
 		logger.Error("Failed contact with auth server")

shock-server/auth/mgrast/mgrast.go → shock-server/auth/oauth/oauth.go

@@ -1,5 +1,5 @@
 // Package globus implements MG-RAST OAuth authentication
-package mgrast
+package oauth
 
 import (
 	"crypto/tls"
@@ -20,6 +20,7 @@ type resErr struct {
 
 type credentials struct {
 	Uname string `json:"login"`
+	Name  string `json:"name"`
 	Fname string `json:"firstname"`
 	Lname string `json:"lastname"`
 	Email string `json:"email"`
@@ -33,29 +34,35 @@ func authHeaderType(header string) string {
 	return ""
 }
 
-// Auth takes the request authorization header and returns
-// user
+// Auth takes the request authorization header and returns user
+// bearer token "oauth" returns default url (first item in auth_oauth_url conf value)
 func Auth(header string) (*user.User, error) {
-	switch authHeaderType(header) {
-	case "mgrast", "oauth":
-		return authToken(strings.Split(header, " ")[1])
-	case "basic":
-		return nil, errors.New("This authentication method does not support username/password authentication. Please use your MG-RAST token.")
-	default:
-		return nil, errors.New("Invalid authentication header.")
+	bearer := authHeaderType(header)
+	if bearer == "" {
+		return nil, errors.New("Invalid authentication header, missing bearer token.")
+	}
+	oauth_url, found_url := conf.AUTH_OAUTH[bearer]
+	if bearer == "basic" {
+		return nil, errors.New("This authentication method does not support username/password authentication. Please use your OAuth token.")
+	} else if bearer == "oauth" {
+		return authToken(strings.Split(header, " ")[1], conf.OAUTH_DEFAULT)
+	} else if found_url {
+		return authToken(strings.Split(header, " ")[1], oauth_url)
+	} else {
+		return nil, errors.New("Invalid authentication header, unknown bearer token: " + bearer)
 	}
 }
 
 // authToken validiates token by fetching user information.
-func authToken(t string) (u *user.User, err error) {
+func authToken(token string, url string) (u *user.User, err error) {
 	client := &http.Client{
 		Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}},
 	}
-	req, err := http.NewRequest("GET", conf.AUTH_MGRAST_OAUTH_URL, nil)
+	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, err
 	}
-	req.Header.Add("Auth", t)
+	req.Header.Add("Auth", token)
 	if resp, err := client.Do(req); err == nil {
 		defer resp.Body.Close()
 		if resp.StatusCode == http.StatusOK {
@@ -69,7 +76,11 @@ func authToken(t string) (u *user.User, err error) {
 						return nil, errors.New(e.InvalidAuth)
 					}
 					u.Username = c.Uname
-					u.Fullname = c.Fname + " " + c.Lname
+					if c.Name != "" {
+						u.Fullname = c.Name
+					} else {
+						u.Fullname = c.Fname + " " + c.Lname
+					}
 					u.Email = c.Email
 					if err = u.SetMongoInfo(); err != nil {
 						return nil, err