From e99679cfaf4a9f95d4729c276dd1892e2376c8da Mon Sep 17 00:00:00 2001 From: "A. Koch" Date: Tue, 3 Jul 2018 17:34:31 +0200 Subject: [PATCH] added acl basics --- config/default.json | 8 ++++ package-lock.json | 23 ++++++---- package.json | 2 +- src/acl.js | 15 +++++++ src/index.js | 105 ++++++++++++++++++++++++-------------------- src/service.js | 7 ++- 6 files changed, 103 insertions(+), 57 deletions(-) create mode 100644 src/acl.js diff --git a/config/default.json b/config/default.json index 6789033..be99e0e 100644 --- a/config/default.json +++ b/config/default.json @@ -10,6 +10,14 @@ "dbName": "motionbank-api" } }, + "acl": { + "mongodb": { + "name": "acl", + "prefix": "acl_", + "url": "mongodb://localhost:27017/motionbank-api", + "dbName": "motionbank-api" + } + }, "auth": { "jwks": { "cache": true, diff --git a/package-lock.json b/package-lock.json index d577be8..3ee2c47 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2203,20 +2203,21 @@ } }, "mongodb": { - "version": "3.0.10", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.0.10.tgz", - "integrity": "sha512-jy9s4FgcM4rl8sHNETYHGeWcuRh9AlwQCUuMiTj041t/HD02HwyFgmm2VZdd9/mA9YNHaUJLqj0tzBx2QFivtg==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.1.0.tgz", + "integrity": "sha512-fSDZRq9FomRqeDSM7MpMTLa8sz+STs3nZ7Ib0+xvmaKZ6nquNDN4zGDsVhjto6UozFvHMDYJMAfJwhqUygXs9g==", "requires": { - "mongodb-core": "3.0.9" + "mongodb-core": "3.1.0" } }, "mongodb-core": { - "version": "3.0.9", - "resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-3.0.9.tgz", - "integrity": "sha512-buOWjdLLBlEqjHDeHYSXqXx173wHMVp7bafhdHxSjxWdB9V6Ri4myTqxjYZwL/eGFZxvd8oRQSuhwuIDbaaB+g==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-3.1.0.tgz", + "integrity": "sha512-qRjG62Fu//CZhkgn0jA/k8jh5MhACIq8cOJUryH6sck87pgt+C222MSD02tsCq5zNo/B6ZFHtNodZ2qpf8E86g==", "requires": { "bson": "~1.0.4", - "require_optional": "^1.0.1" + "require_optional": "^1.0.1", + "saslprep": "^1.0.0" } }, "morgan": { @@ -2778,6 +2779,12 @@ "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, + "saslprep": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.0.tgz", + "integrity": "sha512-5lvKUEQ7lAN5/vPl5d3k8FQeDbEamu9kizfATfLLWV5h6Mkh1xcieR1FSsJkcSRUk49lF2tAW8gzXWVwtwZVhw==", + "optional": true + }, "schema-object": { "version": "4.0.11", "resolved": "https://registry.npmjs.org/schema-object/-/schema-object-4.0.11.tgz", diff --git a/package.json b/package.json index 6c0cc1b..36a9b5b 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "mbjs-data-models": "0.0.4", "mbjs-persistence": "^0.2.0", "mbjs-utils": "0.0.5", - "mongodb": "^3.0.10", + "mongodb": "^3.1.0", "morgan": "^1.9.0", "nedb": "^1.8.0", "polka": "^0.4.0", diff --git a/src/acl.js b/src/acl.js new file mode 100644 index 0000000..b9921e9 --- /dev/null +++ b/src/acl.js @@ -0,0 +1,15 @@ +const + Acl = require('acl'), + config = require('config'), + Backend = Acl.mongodbBackend, + { MongoDB } = require('mbjs-persistence') + +const setupACL = async function (app) { + const cfg = config.get('acl.mongodb') + const client = new MongoDB(cfg, 'uuid') + await client.connect() + const acl = new Acl(new Backend(client.db, cfg.prefix)) + return acl +} + +module.exports = setupACL diff --git a/src/index.js b/src/index.js index ed003f3..45f099f 100644 --- a/src/index.js +++ b/src/index.js @@ -10,61 +10,72 @@ const { json } = require('body-parser'), { ObjectUtil } = require('mbjs-utils') -/** - * HTTP server - */ -const - host = config.get('http.host'), - port = config.get('http.port'), - server = http.createServer() +const setup = async function () { + /** + * HTTP server + */ + const + host = config.get('http.host'), + port = config.get('http.port'), + server = http.createServer() -/** - * Logger - */ -const winston = require('winston') -winston.level = process.env.NODE_ENV === 'production' ? 'error' : 'info' -winston.level = process.env.LOG_LEVEL || winston.level + /** + * Logger + */ + const winston = require('winston') + winston.level = process.env.NODE_ENV === 'production' ? 'error' : 'info' + winston.level = process.env.LOG_LEVEL || winston.level -/** - * Set up WebSockets (Primus) - */ -const primus = new Primus(server, { transformer: 'uws' }) + /** + * Set up WebSockets (Primus) + */ + const primus = new Primus(server, { transformer: 'uws' }) -primus.on('connection', spark => { - winston.log('debug', `Spark ${spark.id} connected with address ${spark.address}`) -}) + primus.on('connection', spark => { + winston.log('debug', `Spark ${spark.id} connected with address ${spark.address}`) + }) -primus.on('disconnection', spark => { - winston.log('debug', `Spark ${spark.id} disconnected with address ${spark.address}`) -}) + primus.on('disconnection', spark => { + winston.log('debug', `Spark ${spark.id} disconnected with address ${spark.address}`) + }) -/** - * Setup API server (Polka) - */ -const - models = require('mbjs-data-models'), - Service = require('./service'), - app = polka({ server }) + /** + * Setup API server (Polka) + */ + const + models = require('mbjs-data-models'), + Service = require('./service'), + app = polka({ server }) + + const jwtCheck = jwt(ObjectUtil.merge({ + secret: jwks.expressJwtSecret(config.get('auth.jwks')) + }, config.get('auth.jwt'))) + + app.use(cors, jwtCheck, json(), morgan(process.env.NODE_ENV === 'production' ? 'common' : 'dev')) -const jwtCheck = jwt(ObjectUtil.merge({ - secret: jwks.expressJwtSecret(config.get('auth.jwks')) -}, config.get('auth.jwt'))) + /** + * Set up ACL + */ + const + setupACL = require('./acl'), + acl = await setupACL(app) -app.use(cors, jwtCheck, json(), morgan(process.env.NODE_ENV === 'production' ? 'common' : 'dev')) + /** + * Configure resources + */ + const annotations = new Service('annotations', app, models.Annotation, winston, acl) + annotations.on('message', message => primus.write(message)) -/** - * Configure resources - */ -const annotations = new Service('annotations', app, models.Annotation, winston) -annotations.on('message', message => primus.write(message)) + const maps = new Service('maps', app, models.Map, winston, acl) + maps.on('message', message => primus.write(message)) -const maps = new Service('maps', app, models.Map, winston) -maps.on('message', message => primus.write(message)) + const documents = new Service('documents', app, models.Document, winston, acl) + documents.on('message', message => primus.write(message)) -const documents = new Service('documents', app, models.Document, winston) -documents.on('message', message => primus.write(message)) + /** + * Start server + */ + app.listen(port, host).then(() => winston.log('info', `API started on ${host}:${port}`)) +} -/** - * Start server - */ -app.listen(port, host).then(() => winston.log('info', `API started on ${host}:${port}`)) +setup() diff --git a/src/service.js b/src/service.js index fc7151a..223ee50 100644 --- a/src/service.js +++ b/src/service.js @@ -6,10 +6,11 @@ const { MongoDB } = require('mbjs-persistence') class Service extends TinyEmitter { - constructor (name, app, model, logger) { + constructor (name, app, model, logger, acl) { super() this._name = name + this._acl = acl this._Model = model // TODO: make db adapter configurable (nedb, etc.) this._client = new MongoDB(ObjectUtil.merge({ name, logger }, config.get('resources.mongodb')), 'uuid') @@ -93,6 +94,10 @@ class Service extends TinyEmitter { return this._client } + get acl () { + return this._acl + } + get ModelConstructor () { return this._Model } -- GitLab