The Grafterizer dispatch service is a server component in the DataGraft platform that handles request authentication for Grafterizer and dispatches requests for input and output across the multiple services.
To enable secure interaction with the Grafterizer user interface, the dispatch service supports a set of features, which are briefly described in this section.
The dispatch service uses cookies to store information about user sessions when interacting with Grafterizer. In order to prevent users from tampering with the session data, the service encrypts and signs the cookies using a server key specified in the environment of the server where the dispatch service is deployed.
The DataGraft platform ensures secure access to user assets through the OAuth2 authorisation framework. In its interaction with the platform, Grafterizer dispatch service enacts the role of the client application in the OAuth2 authorisation code flow (a good description of the roles and flows in OAuth2 can be found here). Thereby, the dispatch service is configured with a OAuth2 client identifier and client secret and provides a callback URL (at /oauth/callback relative to the base address) for the DataGraft platform to communicate with. The client identifier and secret are obtained when the application is registered by the administrator of the DataGraft platform instance (through the OAuth application registration UI).
Finally, the Grafterizer dispatch service implements HTTP access control through the use of a CORS filter. The accepted origin (i.e., Grafterizer) is enabled by configuring an environmental variable on the server where the service is deployed.
The dispatch service uses the Node.js runtime, version 4.x (or higher) and the Node package manager.
The component has been packaged in a Docker container and published on the official DataGraft DockerHub.
- Clone the repository
git clone https://github.com/datagraft/grafterizer-dispatch-service.git - Install project dependencies using the Node package manager
npm install
- Set the environmental variables for the service. That includes the setup for the security features and the URLs (accessible over the Internet) of the DataGraft platform, Grafterizer, Graftwerk (or Graftwerk load balancer), and Graftwerk cache.
SET COOKIE_STORE_SECRET = Cookie store secret key
SET OAUTH2_CLIENT_ID = OAuth2 client identifier
SET OAUTH2_CLIENT_SECRET = OAuth2 client secret
SET DATAGRAFT_URI = URL of a DataGraft platform instance
SET CORS_ORIGIN = Public URL of the Grafterizer component
SET GRAFTWERK_URI= Public URL of the Graftwerk component or (optionally) a Graftwerk load balancer component
SET GRAFTWERK_CACHE_URI = Public URL of the Graftwerk cache component
- Run the Node server
node server.js
In the folder where you cloned the project, build the image:
docker build -t grafterizer-dispatch-service .
Then run it in the host networking stack using the parameters for security and the URLs of the necessary components:
docker run \
--net host \
--name grafterizer-dispatch-service \
-p <dispatcher service port>:8082 \
-e COOKIE_STORE_SECRET=randomlongstring \
-e OAUTH2_CLIENT_ID=clientidfromdatagraft \
-e OAUTH2_CLIENT_SECRET=clientsecretfromdatagraft \
-e DATAGRAFT_URI=http://<DataGraft platform URL>:<DataGraft platform port> \
-e CORS_ORIGIN=http://<grafterizer URL>:<grafterizer port> \
-e GRAFTWERK_URI=http://<graftwerk URL>:<graftwerk port> \
-e GRAFTWERK_CACHE_URI=http://<graftwerk cache URL>:<graftwerk cache port> \
-e PUBLIC_CALLBACK_SERVER=http://<dispatcher service URL>:<dispatcher service port> \
-e PUBLIC_OAUTH2_SITE=http://<DataGraft platform URL>:<DataGraft platform port> \
-d grafterizer-dispatch-service
For posting information about bugs, questions and discussions please use the Github Issues feature.
- Antoine Pultier (author)
- Nikolay Nikolov
- Ana Tarita
Available under the Eclipse Public License (v1.0).
Created by Antoine Pultier, 2016.