Merge pull request #10 from overture-stack/authorization_switch_impl

Authorization switch impl

Author: UmmulkiramR

.dockerignore

@@ -0,0 +1,12 @@
+target
+Dockerfile
+docker-compose.yml
+README.md
+Makefile
+.*
+!.mvn
+npm-debug.log
+node_modules
+dist
+coverage
+*.drawio

.env.example

@@ -1,8 +1,7 @@
 
-NODE_ENV=development
 PORT=
 
-#DB connection details
+# --- DB connection details ---
 DB_HOST=
 DB_PORT=
 DB_USERNAME=
@@ -11,9 +10,28 @@ DB_NAME=
 DB_SYNCHRONIZE=true
 DB_SCHEMA:
 
-#list of permissions.
-SCOPES= []
-EGO_URL: "https://ego.url"
+# ----- Auth -----
+
+# client id and secret as present is keycloak or ego for this service
+CLIENT_ID=
+CLIENT_SECRET=
+
+# scopes as defined in EGO or KEYCLOAK eg. DICTIONARY.WRITE (For Keycloak DICTIONAY is the rsname i.e resource name and WRITE is the scope)
+# AUTH_WRITE_SCOPES property can be empty or absent for AUTH_STRATEGY = NONE.
+AUTH_WRITE_SCOPES=[]
+AUTH_STRATEGY= # valid values -> EGO or KEYCLOAK or NONE
+AUTH_SERVER_URL: # "https://ego.url" OR "http://localhost/realms/keycloak-realm". This property will be empty or absent for AUTH_STRATEGY = NONE
+
+# SECURED_API can be used to specify which of the APIs need authentication.
+# Can be empty or absent for AUTH_STRATEGY = NONE.
+# If omitted for AUTH_STRATEGY != NONE then all apis will need authentication by default.
+SECURED_API = ["CREATE", "FIND"]
+AUTH_PUBLICKEY_CACHE = 1d
+
+
+
+
+# ----- Entity Details -----
 
 # list of valid entity types
 ENTITY_LIST=["donor", "specimen", "sample"]
@@ -25,12 +43,10 @@ REQUEST_ROUTE=/:column1/:column2/:column3
 DB_SEQUENCES=
 
 # Repeat the below set for each entity type.
-
 # Sequences in defaultValue can be given as "nextval('argo.specimen_seq')" or "0" or "'A'".
 # The unique property under the columns array is not mandatory - default value for unique is false
-# The index property (in the end) holds the columns for composite unique index creation
-<ENTITY_TYPE>_SCHEMA={"tablename": "tablename", "columns": [{"name": "entityId","type": "varchar", "defaultValue": "default-value or sequence call", "unique": true}, {"name": "column1", "type": "db-datatype", "defaultValue": "default-value or sequence call", "unique": false},{"name": "column2", "type": "db-datatype", "defaultValue": "default-value or sequence call"}], "index": ["column1", "column2"]}
+# The index property (in the end) holds the columns for composite unique index creation. Note: This is an array of list of columns where each list constitutes a composite index.
+<ENTITY_TYPE>_SCHEMA={"tablename": "tablename", "columns": [{"name": "entityId","type": "varchar", "defaultValue": "default-value or sequence call", "unique": true}, {"name": "column1", "type": "db-datatype", "defaultValue": "default-value or sequence call", "unique": false},{"name": "column2", "type": "db-datatype", "defaultValue": "default-value or sequence call"}], "index": [[column list for composite index 1], [column list for composite index 2]]}
 # <ENTITY_TYPE>_SEARCH is the structure of the request/search-criteria/saved-entity. Should match column names in <ENTITY_TYPE>_SCHEMA.
 # values against each of the keys should remain blank.
 <ENTITY_TYPE>_SEARCH>={"column1":"", "column2":"", "column3": ""}
-

Dockerfile

@@ -0,0 +1,29 @@
+FROM node:20-alpine as builder
+# Create app directory
+WORKDIR /app
+RUN chown -R node:node /app
+USER node
+# copy the package json and install first to optimize docker cache for node modules
+COPY package.json /app/
+COPY package-lock.json /app/
+RUN npm ci
+COPY . ./
+RUN npm run build
+
+# Runtime image
+FROM node:20-alpine
+ENV APP_UID=9999
+ENV APP_GID=9999
+RUN apk --no-cache add shadow
+RUN groupmod -g $APP_GID node 
+RUN usermod -u $APP_UID -g $APP_GID node
+WORKDIR /app
+RUN chown -R node:node /app
+USER node
+RUN mkdir dist && mkdir node_modules
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/package.json .
+COPY --from=builder /app/package-lock.json .
+EXPOSE 3221
+CMD node dist/server.js

Jenkinsfile

@@ -0,0 +1,2 @@
+@Library(value='jenkins-pipeline-library@master', changelog=false) _
+pipelineOVERTUREIDGeneration()

package-lock.json

@@ -46,6 +46,7 @@
 		"jsonwebtoken": "^9.0.2",
 		"memoizee": "^0.4.15",
 		"ms": "^2.1.3",
+		"openid-client": "^5.6.5",
 		"pg": "^8.11.3",
 		"swagger-ui-express": "^5.0.0",
 		"typeorm": "^0.3.19",

package.json

@@ -1,5 +1,5 @@
-import { z, ZodRecord, ZodString } from 'zod';
-import { SchemaInfo } from './middlewares/datasource';
+import {z, ZodEnum, ZodRecord, ZodString} from 'zod';
+import { SchemaInfo } from './middlewares/datasource.js';
 
 function getRequiredEnvVar(name: string) {
 	const property = process.env[name];
@@ -27,6 +27,15 @@ export const getRequiredString = (name: string): string => {
 	return stringValue.data;
 };
 
+export const getString = (name: string): string => {
+    const value = process.env[name] || '';
+    const stringValue = z.string().safeParse(value);
+    if (!stringValue.success) {
+        throw new Error(`Environment variable ${name} in config is not a valid string`);
+    }
+    return stringValue.data;
+};
+
 export const getUrl = (name: string): string => {
 	const value = process.env[name] || 'a://';
 	const stringValue = z.string().url().safeParse(value);
@@ -56,73 +65,91 @@ export const getArray = (name: string): ZodString['_output'][] => {
 	} catch (e) {
 		throw new Error(`Environment variable ${name} is not valid. Please provide an array of strings.`)
 	}
+};
+
+export const getEnum = <T extends [string, ...string[]]>(name: string, zEnum: ZodEnum<T>): z.infer<ZodEnum<T>> => {
+    const stringValue = zEnum.safeParse(process.env[name]);
+    if (!stringValue.success) {
+        throw new Error(`Environment variable ${name} has an invalid value. Valid values are: ${zEnum.options}`);
+    }
+    return stringValue.data;
+};
 
+export const validateArrayContents = <T extends [string, ...string[]]>(name: string, zEnum: ZodEnum<T>, value: string | undefined = ''): z.infer<ZodEnum<T>> => {
+    const stringValue = zEnum.safeParse(value);
+    if (!stringValue.success) {
+        throw new Error(`Environment variable ${name} has an invalid value. Valid values are: ${zEnum.options}`);
+    }
+    return stringValue.data;
 };
 
+
 export const getRecord = (name: string): ZodRecord<ZodString, ZodString> => {
 	const config_entry = `${name.toUpperCase()}_SEARCH`;
 	return z.record(
-		z.string({ invalid_type_error: 'Invalid key in ' + config_entry + '. Should be a string' }),
-		z.string({ invalid_type_error: 'Invalid value in ' + config_entry + '. Should be a string' }),
+		z.string({ invalid_type_error: `Invalid key in ${config_entry}. Should be a string` }),
+		z.string({ invalid_type_error: `Invalid value in ${config_entry}. Should be a string` }),
 		{ invalid_type_error: `Environment variable ${config_entry} is invalid or missing` },
 	);
 };
 
 export const getSchemaDef = (name: string): z.ZodType<SchemaInfo> => {
-	const config_entry = name.toUpperCase() + `_SCHEMA`;
-	return z.object(
-		{
-			tablename: z
-				.string({
-					required_error: 'tablename in ' + config_entry + ' is required',
-					invalid_type_error: 'tablename in ' + config_entry + ' is invalid',
-				})
-				.trim()
-				.min(1, { message: 'tablename in ' + config_entry + ' cannot be empty' }),
-			columns: z
-				.array(
-					z.object({
-						name: z.string({ required_error: 'column `name` in ' + config_entry + ' is missing' }),
-						type: z.union(
-							[
-								z.literal('float'),
-								z.literal('varchar'),
-								z.literal('number'),
-								z.literal('date'),
-								z.literal('varchar2'),
-								z.literal('string'),
-								z.literal('timestamp'),
-								z.literal('double'),
-								z.literal('boolean'),
-							],
-							{
-								invalid_type_error: '`type` in ' + config_entry + ' has an invalid value.',
-								required_error: '`type` in ' + config_entry + ' is required.',
-							},
-						),
-						defaultValue: z
-							.string({ invalid_type_error: 'value for `defaultValue` in ' + config_entry + ' is invalid' })
-							.optional(),
-						unique: z.boolean({ invalid_type_error: 'value for `unique` in ' + config_entry + ' is invalid' }).optional(),
-					}),
-					{
-						invalid_type_error: '`columns` in ' + config_entry + ' should be an array',
-					},
-				)
-				.nonempty({ message: '`column` array in  ' + config_entry + ' should not be empty' }),
-			index: z
-				.array(
-					z.string({
-						invalid_type_error: '`index` in  ' + config_entry + ' is invalid. It should be a list of column name strings',
-					}),
-					{
-						invalid_type_error: '`index` in  ' + config_entry + ' is invalid. It should be a list of column name strings',
-						required_error: '`index` in  ' + config_entry + ' is missing.',
-					},
-				)
-				.nonempty({ message: '`index` in ' + config_entry + ' is required' }),
-		},
-		{ invalid_type_error: 'Schema definition missing for entity <' + name + '> in the ENTITY_LIST' },
-	);
+    const config_entry = name.toUpperCase() + `_SCHEMA`;
+    return z.object(
+        {
+            tablename: z
+                .string({
+                    required_error: 'table name in ' + config_entry + ' is required',
+                    invalid_type_error: 'table name in ' + config_entry + ' is invalid',
+                })
+                .trim()
+                .min(1, { message: 'table name in ' + config_entry + ' cannot be empty' }),
+            columns: z
+                .array(
+                    z.object({
+                        name: z.string({ required_error: 'column name in ' + config_entry + ' is missing' }),
+                        type: z.union([
+                            z.literal('float'),
+                            z.literal('varchar'),
+                            z.literal('number'),
+                            z.literal('date'),
+                            z.literal('varchar2'),
+                            z.literal('string'),
+                            z.literal('timestamp'),
+                            z.literal('double'),
+                            z.literal('boolean'),
+                        ]),
+                        defaultValue: z
+                            .string({ invalid_type_error: 'value for defaultValue in ' + config_entry + ' is invalid' })
+                            .optional(),
+                        unique: z.boolean({ invalid_type_error: 'value for unique in ' + config_entry + ' is invalid' }).optional(),
+                    }),
+                    {
+                        invalid_type_error: 'columns in ' + config_entry + ' should be an array',
+                    },
+                )
+                .nonempty({ message: 'column array in  ' + config_entry + ' should not be empty' }),
+            index: z
+                .array(
+                    z.array(
+                        z.string({
+                            invalid_type_error:
+                                'index in  ' + config_entry + ' is invalid. It should be a list of column name strings',
+                        }),
+                        {
+                            invalid_type_error:
+                                'index in  ' + config_entry + ' is invalid. It should be a list of column name strings',
+                            required_error: 'index in  ' + config_entry + ' is missing.',
+                        },
+                    ),
+                    {
+                        invalid_type_error:
+                            'index in  ' + config_entry + ' is invalid. It should be a list of list of column name strings',
+                        required_error: 'index in  ' + config_entry + ' is missing.',
+                    },
+                )
+                .nonempty({ message: 'index in ' + config_entry + ' is required' }),
+        },
+        { invalid_type_error: 'Schema definition missing for entity <' + name + '> in the ENTITY_LIST' },
+    );
 };
-