feat(core-api): jwt authorization #770

Primary change(s): ------------------ 1. Verification of JSON web tokens for all endpoints by default. 2. The ability for endpoints to control on top of JWT valdity the requirement of the JWT payload containing a certain scope Miscellaneous change(s): ------------------------ 1. Refactor of all the endpoints and plugins to make this change technically possible. Fixes #770 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
hyperledger · Apr 21, 2021 · 2016750 · 2016750
1 parent 48d67a7
commit 2016750
Show file tree

Hide file tree

Showing 74 changed files with 6,490 additions and 146 deletions.
diff --git a/...ness-logic-plugin/src/main/typescript/business-logic-plugin/supply-chain-cactus-plugin.ts b/...ness-logic-plugin/src/main/typescript/business-logic-plugin/supply-chain-cactus-plugin.ts
@@ -80,7 +80,7 @@ export class SupplyChainCactusPlugin
 
   async registerWebServices(app: Express): Promise<IWebServiceEndpoint[]> {
     const webServices = await this.getOrCreateWebServices();
-    webServices.forEach((ws) => ws.registerExpress(app));
+    await Promise.all(webServices.map((ws) => ws.registerExpress(app)));
     return webServices;
   }
 

diff --git a/.../src/main/typescript/business-logic-plugin/web-services/insert-bamboo-harvest-endpoint.ts b/.../src/main/typescript/business-logic-plugin/web-services/insert-bamboo-harvest-endpoint.ts
@@ -5,12 +5,19 @@ import {
   Checks,
   LogLevelDesc,
   LoggerProvider,
+  IAsyncProvider,
 } from "@hyperledger/cactus-common";
 import {
+  IEndpointAuthzOptions,
   IExpressRequestHandler,
   IWebServiceEndpoint,
 } from "@hyperledger/cactus-core-api";
-import { registerWebServiceEndpoint } from "@hyperledger/cactus-core";
+
+import {
+  AuthorizationOptionsProvider,
+  registerWebServiceEndpoint,
+} from "@hyperledger/cactus-core";
+
 import {
   DefaultApi as QuorumApi,
   EthContractInvocationType,
@@ -27,8 +34,14 @@ export interface IInsertBambooHarvestEndpointOptions {
   apiClient: QuorumApi;
   web3SigningCredential: Web3SigningCredential;
   keychainId: string;
+  authorizationOptionsProvider?: AuthorizationOptionsProvider;
 }
 
+const K_DEFAULT_AUTHORIZATION_OPTIONS: IEndpointAuthzOptions = {
+  isProtected: true,
+  requiredRoles: [],
+};
+
 export class InsertBambooHarvestEndpoint implements IWebServiceEndpoint {
   public static readonly HTTP_PATH = Constants.HTTP_PATH;
 
@@ -39,6 +52,7 @@ export class InsertBambooHarvestEndpoint implements IWebServiceEndpoint {
   public static readonly CLASS_NAME = "InsertBambooHarvestEndpoint";
 
   private readonly log: Logger;
+  private readonly authorizationOptionsProvider: AuthorizationOptionsProvider;
 
   public get className(): string {
     return InsertBambooHarvestEndpoint.CLASS_NAME;
@@ -58,10 +72,22 @@ export class InsertBambooHarvestEndpoint implements IWebServiceEndpoint {
     const level = this.opts.logLevel || "INFO";
     const label = this.className;
     this.log = LoggerProvider.getOrCreate({ level, label });
+
+    this.authorizationOptionsProvider =
+      opts.authorizationOptionsProvider ||
+      AuthorizationOptionsProvider.of(K_DEFAULT_AUTHORIZATION_OPTIONS, level);
+
+    this.log.debug(`Instantiated ${this.className} OK`);
+  }
+
+  getAuthorizationOptionsProvider(): IAsyncProvider<IEndpointAuthzOptions> {
+    return this.authorizationOptionsProvider;
   }
 
-  public registerExpress(expressApp: Express): IWebServiceEndpoint {
-    registerWebServiceEndpoint(expressApp, this);
+  public async registerExpress(
+    expressApp: Express,
+  ): Promise<IWebServiceEndpoint> {
+    await registerWebServiceEndpoint(expressApp, this);
     return this;
   }
 

diff --git a/...lugin/src/main/typescript/business-logic-plugin/web-services/insert-bookshelf-endpoint.ts b/...lugin/src/main/typescript/business-logic-plugin/web-services/insert-bookshelf-endpoint.ts
@@ -5,8 +5,10 @@ import {
   Checks,
   LogLevelDesc,
   LoggerProvider,
+  IAsyncProvider,
 } from "@hyperledger/cactus-common";
 import {
+  IEndpointAuthzOptions,
   IExpressRequestHandler,
   IWebServiceEndpoint,
 } from "@hyperledger/cactus-core-api";
@@ -61,8 +63,20 @@ export class InsertBookshelfEndpoint implements IWebServiceEndpoint {
     this.log = LoggerProvider.getOrCreate({ level, label });
   }
 
-  public registerExpress(expressApp: Express): IWebServiceEndpoint {
-    registerWebServiceEndpoint(expressApp, this);
+  getAuthorizationOptionsProvider(): IAsyncProvider<IEndpointAuthzOptions> {
+    // TODO: make this an injectable dependency in the constructor
+    return {
+      get: async () => ({
+        isProtected: true,
+        requiredRoles: [],
+      }),
+    };
+  }
+
+  public async registerExpress(
+    expressApp: Express,
+  ): Promise<IWebServiceEndpoint> {
+    await registerWebServiceEndpoint(expressApp, this);
     return this;
   }
 

diff --git a/...plugin/src/main/typescript/business-logic-plugin/web-services/insert-shipment-endpoint.ts b/...plugin/src/main/typescript/business-logic-plugin/web-services/insert-shipment-endpoint.ts
@@ -5,8 +5,10 @@ import {
   Checks,
   LogLevelDesc,
   LoggerProvider,
+  IAsyncProvider,
 } from "@hyperledger/cactus-common";
 import {
+  IEndpointAuthzOptions,
   IExpressRequestHandler,
   IWebServiceEndpoint,
 } from "@hyperledger/cactus-core-api";
@@ -42,8 +44,20 @@ export class InsertShipmentEndpoint implements IWebServiceEndpoint {
     this.log = LoggerProvider.getOrCreate({ level, label });
   }
 
-  public registerExpress(expressApp: Express): IWebServiceEndpoint {
-    registerWebServiceEndpoint(expressApp, this);
+  getAuthorizationOptionsProvider(): IAsyncProvider<IEndpointAuthzOptions> {
+    // TODO: make this an injectable dependency in the constructor
+    return {
+      get: async () => ({
+        isProtected: true,
+        requiredRoles: [],
+      }),
+    };
+  }
+
+  public async registerExpress(
+    expressApp: Express,
+  ): Promise<IWebServiceEndpoint> {
+    await registerWebServiceEndpoint(expressApp, this);
     return this;
   }
 

diff --git a/...in/src/main/typescript/business-logic-plugin/web-services/list-bamboo-harvest-endpoint.ts b/...in/src/main/typescript/business-logic-plugin/web-services/list-bamboo-harvest-endpoint.ts
@@ -5,8 +5,10 @@ import {
   Checks,
   LogLevelDesc,
   LoggerProvider,
+  IAsyncProvider,
 } from "@hyperledger/cactus-common";
 import {
+  IEndpointAuthzOptions,
   IExpressRequestHandler,
   IWebServiceEndpoint,
 } from "@hyperledger/cactus-core-api";
@@ -59,8 +61,20 @@ export class ListBambooHarvestEndpoint implements IWebServiceEndpoint {
     this.log = LoggerProvider.getOrCreate({ level, label });
   }
 
-  public registerExpress(expressApp: Express): IWebServiceEndpoint {
-    registerWebServiceEndpoint(expressApp, this);
+  getAuthorizationOptionsProvider(): IAsyncProvider<IEndpointAuthzOptions> {
+    // TODO: make this an injectable dependency in the constructor
+    return {
+      get: async () => ({
+        isProtected: true,
+        requiredRoles: [],
+      }),
+    };
+  }
+
+  public async registerExpress(
+    expressApp: Express,
+  ): Promise<IWebServiceEndpoint> {
+    await registerWebServiceEndpoint(expressApp, this);
     return this;
   }
 

diff --git a/...-plugin/src/main/typescript/business-logic-plugin/web-services/list-bookshelf-endpoint.ts b/...-plugin/src/main/typescript/business-logic-plugin/web-services/list-bookshelf-endpoint.ts
@@ -5,8 +5,10 @@ import {
   Checks,
   LogLevelDesc,
   LoggerProvider,
+  IAsyncProvider,
 } from "@hyperledger/cactus-common";
 import {
+  IEndpointAuthzOptions,
   IExpressRequestHandler,
   IWebServiceEndpoint,
 } from "@hyperledger/cactus-core-api";
@@ -57,8 +59,20 @@ export class ListBookshelfEndpoint implements IWebServiceEndpoint {
     this.log = LoggerProvider.getOrCreate({ level, label });
   }
 
-  public registerExpress(expressApp: Express): IWebServiceEndpoint {
-    registerWebServiceEndpoint(expressApp, this);
+  getAuthorizationOptionsProvider(): IAsyncProvider<IEndpointAuthzOptions> {
+    // TODO: make this an injectable dependency in the constructor
+    return {
+      get: async () => ({
+        isProtected: true,
+        requiredRoles: [],
+      }),
+    };
+  }
+
+  public async registerExpress(
+    expressApp: Express,
+  ): Promise<IWebServiceEndpoint> {
+    await registerWebServiceEndpoint(expressApp, this);
     return this;
   }
 

diff --git a/...c-plugin/src/main/typescript/business-logic-plugin/web-services/list-shipment-endpoint.ts b/...c-plugin/src/main/typescript/business-logic-plugin/web-services/list-shipment-endpoint.ts
@@ -5,8 +5,10 @@ import {
   Checks,
   LogLevelDesc,
   LoggerProvider,
+  IAsyncProvider,
 } from "@hyperledger/cactus-common";
 import {
+  IEndpointAuthzOptions,
   IExpressRequestHandler,
   IWebServiceEndpoint,
 } from "@hyperledger/cactus-core-api";
@@ -62,8 +64,20 @@ export class ListShipmentEndpoint implements IWebServiceEndpoint {
     this.log = LoggerProvider.getOrCreate({ level, label });
   }
 
-  public registerExpress(expressApp: Express): IWebServiceEndpoint {
-    registerWebServiceEndpoint(expressApp, this);
+  getAuthorizationOptionsProvider(): IAsyncProvider<IEndpointAuthzOptions> {
+    // TODO: make this an injectable dependency in the constructor
+    return {
+      get: async () => ({
+        isProtected: true,
+        requiredRoles: [],
+      }),
+    };
+  }
+
+  public async registerExpress(
+    expressApp: Express,
+  ): Promise<IWebServiceEndpoint> {
+    await registerWebServiceEndpoint(expressApp, this);
     return this;
   }