Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When a 'client' gets created, mark the current user as 'owner' #43

Merged
merged 10 commits into from
Oct 27, 2022
12 changes: 6 additions & 6 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions src/a12n.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
import ketting from './ketting';
import { LinkNotFound } from 'ketting';



export async function addUserPrivilege(principal: string|URL, privilege: string, resource: string|URL): Promise<void> {
let userPrivilegesRes;

try {
userPrivilegesRes = await ketting.go(principal.toString()).follow('privileges');
} catch (err) {
if (err instanceof LinkNotFound) {
throw new Error('Link with "privileges" is not found on the user resource. This could mean that the tt-api APP in a12n-server does not have the *admin" privilege');
}
throw err;
}

const userPrivilegesState = await userPrivilegesRes.get();
if (!userPrivilegesState.hasAction('add')) {
throw new Error('The privileges resource on a12nserver does not have an \'add\' action. You likely need to update your a12n-server for this to work');
}
await userPrivilegesState.action('add').submit({
action: 'add',
privilege,
resource: resource.toString()
});
}
21 changes: 8 additions & 13 deletions src/app.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
import * as dotenv from 'dotenv';
dotenv.config();

import accessLog from '@curveball/accesslog';
import bodyParser from '@curveball/bodyparser';
import browser from '@curveball/browser';
Expand All @@ -9,15 +12,11 @@ import cors from '@curveball/cors';
import session from '@curveball/session';
import browserToBearer from '@curveball/browser-to-bearer';
import oauth2 from '@curveball/oauth2';
import { OAuth2Client } from '@badgateway/oauth2-client';
import oauth2Client from './oauth2';

import * as path from 'path';
import * as dotenv from 'dotenv';

import routes from './routes';

dotenv.config();

const app = new Application();

// The accesslog middleware shows all requests and responses on the cli.
Expand Down Expand Up @@ -57,20 +56,16 @@ app.use(validator({
schemaPath: path.join(__dirname, '../node_modules/@badgateway/tt-types/schema')
}));

// a12n setup
const client = new OAuth2Client({
server: process.env.AUTH_API_URI,
clientId: process.env.OAUTH2_CLIENT_ID || 'tt-api',
clientSecret: process.env.OAUTH2_CLIENT_SECRET,
});

app.use(browserToBearer({client}));
app.use(browserToBearer({
client: oauth2Client,
}));

app.use(oauth2({
publicPrefixes: [
'/health',
],
client,
client: oauth2Client,
}));


Expand Down
8 changes: 8 additions & 0 deletions src/client/controller/collection.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import * as hal from '../formats/hal';
import * as clientService from '../service';

import { ClientNew as ClientNewSchema } from '@badgateway/tt-types';
import { addUserPrivilege } from '../../a12n';


class ClientCollection extends Controller {

Expand All @@ -25,6 +27,12 @@ class ClientCollection extends Controller {
name: body.name,
});

await addUserPrivilege(
ctx.state.oauth2._links['authenticated-as'].href,
'owner',
new URL(client.href, ctx.request.origin),
);

ctx.status = 201;
ctx.response.headers.set('Location', client.href);

Expand Down
2 changes: 2 additions & 0 deletions src/client/service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { NotFound } from '@curveball/http-errors';
import knex from '../db';
import { ClientsRecord } from 'knex/types/tables';


export async function findAll(): Promise<Client[]> {

return (
Expand Down Expand Up @@ -63,3 +64,4 @@ function mapRecord(input: ClientsRecord): Client {
};

}

17 changes: 17 additions & 0 deletions src/ketting.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import { Client } from 'ketting';
import oauth2Client from './oauth2';
import { OAuth2Fetch } from '@badgateway/oauth2-client';

console.debug('🔗 Setting up Ketting client');
const client = new Client(process.env.AUTH_API_URI!);

const oauth2FetchWrapper = new OAuth2Fetch({
client: oauth2Client,
getNewToken: () => {
return oauth2Client.clientCredentials();
}
});

client.use(oauth2FetchWrapper.mw());

export default client;
8 changes: 8 additions & 0 deletions src/oauth2.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
import { OAuth2Client } from '@badgateway/oauth2-client';

// a12n setup
export default new OAuth2Client({
server: process.env.AUTH_API_URI,
clientId: process.env.OAUTH2_CLIENT_ID || 'tt-api',
clientSecret: process.env.OAUTH2_CLIENT_SECRET,
});