Zowe Suite v1.6.0

zowe · Oct 10, 2019 · e8c02d9 · e8c02d9
2 parents ec02b66 + 149459d
commit e8c02d9
Show file tree

Hide file tree

Showing 5 changed files with 110 additions and 59 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -176,20 +176,12 @@ Server.prototype = {
     }
     util.deepFreeze(this.userConfig);
     this.webServer.setConfig(wsConfig);
-    const webauth = WebAuth(this.authManager);
-    /*
-      if either proxiedHost or proxiedPort were specified, then there is intent to connect to an agent.
-      However, zlux may be run without one, so if both are undefined then don't check for connection.
-    */
-    if (process.platform !== 'os390' &&
-        ((this.startUpConfig.proxiedHost !== undefined) || (this.startUpConfig.proxiedPort !== undefined))) {
-      const host = this.startUpConfig.proxiedHost;
-      const port = this.startUpConfig.proxiedPort;
-      yield checkProxiedHost(host, port);
-    }
+    const httpPort = wsConfig.http ? wsConfig.http.port : undefined;
+    const httpsPort = wsConfig.https ? wsConfig.https.port : undefined;
+    const cookiePort = httpsPort ? httpsPort : httpPort;
     const webAppOptions = {
-      httpPort: wsConfig.http ? wsConfig.http.port : undefined,
-      httpsPort: wsConfig.https ? wsConfig.https.port : undefined,
+      httpPort: httpPort,
+      httpsPort: httpsPort,
       productCode: this.appConfig.productCode,
       productDir: this.userConfig.productDir,
       proxiedHost: this.startUpConfig.proxiedHost,
@@ -204,10 +196,20 @@ Server.prototype = {
         pluginMap: this.pluginLoader.pluginMap
       },
       newPluginHandler: (pluginDef) => this.newPluginSubmitted(pluginDef),
-      auth: webauth,
+      auth: WebAuth(this.authManager, cookiePort, cookiePort === httpsPort),
       pluginLoader: this.pluginLoader,
       langManagers: this.langManagers
     };
+    /*
+      if either proxiedHost or proxiedPort were specified, then there is intent to connect to an agent.
+      However, zlux may be run without one, so if both are undefined then don't check for connection.
+    */
+    if (process.platform !== 'os390' &&
+        ((this.startUpConfig.proxiedHost !== undefined) || (this.startUpConfig.proxiedPort !== undefined))) {
+      const host = this.startUpConfig.proxiedHost;
+      const port = this.startUpConfig.proxiedPort;
+      yield checkProxiedHost(host, port);
+    }
     this.webApp = makeWebApp(webAppOptions);
     this.webServer.startListening(this.webApp.expressApp);
     let pluginsLoaded = [];

diff --git a/lib/proxy.js b/lib/proxy.js
@@ -61,7 +61,7 @@ function makeSimpleProxy(host, port, options, pluginID, serviceName) {
                     + `For information on how to configure a proxy service, see the Zowe wiki on dataservices `
                     + `(https://github.com/zowe/zlux/wiki/ZLUX-Dataservices)`);
   }
-  const {urlPrefix, isHttps, addProxyAuthorizations, allowInvalidTLSProxy} = 
+  const {urlPrefix, isHttps, addProxyAuthorizations, processProxiedHeaders, allowInvalidTLSProxy} = 
     options;
   const httpApi = isHttps? https : http;
   return function(req1, res1) {
@@ -81,20 +81,23 @@ function makeSimpleProxy(host, port, options, pluginID, serviceName) {
     const req2 = httpApi.request(requestOptions, (res2) => {
       proxyLog.debug("status code" + res2.statusCode);
       res1.status(res2.statusCode);
-      const headers = res2.headers;
+      const headers = processProxiedHeaders ? 
+            processProxiedHeaders(req1, res2.headers) :
+            res2.headers;
+
       for (const header of Object.keys(headers)) {
         if (header == 'location') {
           const location = headers[header];
           let pattern = /^http.+\/ZLUX\/plugins\/.+/;
           if (!pattern.test(headers[header])) {
             if (location.startsWith('/')) {
-	      res1.set(header, `${req1.protocol}://${req1.get('host')}/ZLUX/plugins/${pluginID}/services/${serviceName}/_current${location}`);
+	            res1.set(header, `${req1.protocol}://${req1.get('host')}/ZLUX/plugins/${pluginID}/services/${serviceName}/_current${location}`);
             }
             else if (location.startsWith('http')) {
-	      const locationParts = location.split(":");
+	            const locationParts = location.split(":");
               let part;
-	      if (locationParts.length > 2) {
-	        part = locationParts[2];
+	            if (locationParts.length > 2) {
+	              part = locationParts[2];
               } else {
                 part = locationParts[1]
               }

diff --git a/lib/webapp.js b/lib/webapp.js
@@ -12,10 +12,12 @@
 
 'use strict';
 const express = require('express');
+const expressApp = express();
+const expressWs = require('express-ws')(expressApp);
+
 const fs = require('fs');
 const util = require('util');
 const url = require('url');
-const expressWs = require('express-ws');
 const path = require('path');
 const Promise = require('bluebird');
 const http = require('http');
@@ -72,6 +74,7 @@ function DataserviceContext(serviceDefinition, serviceConfiguration,
   this.serviceConfiguration = serviceConfiguration;
   this.plugin = pluginContext;
   this.logger = createDataserviceLogger(pluginContext, serviceDefinition);
+  this.wsRouterPatcher = expressWs.applyTo;
 }
 
 function createDataserviceLogger(pluginContext, serviceDefinition) {
@@ -960,7 +963,7 @@ function getAgentProxyOptions(serverConfig, agentConfig) {
 }
 
 function WebApp(options){
-  this.expressApp = express();
+  this.expressApp = expressApp;
   const port = options.httpsPort ? options.httpsPort : options.httpPort;
   this.expressApp.use(cookieParser());
   this.expressApp.use(session({
@@ -983,7 +986,6 @@ function WebApp(options){
   this.options = zluxUtil.makeOptionsObject(defaultOptions, options);
   this.auth = options.auth;
   this.configLocation = options.configLocation;
-  expressWs(this.expressApp);
   this.expressApp.serverInstanceUID = Date.now(); // hack
   this.pluginRouter = express.Router();
   this.routers = {};
@@ -1028,6 +1030,7 @@ WebApp.prototype = {
       urlPrefix, 
       isHttps: false, 
       addProxyAuthorizations: (noAuth? null : this.auth.addProxyAuthorizations),
+      processProxiedHeaders: (noAuth? null: this.auth.processProxiedHeaders),
       allowInvalidTLSProxy: this.options.allowInvalidTLSProxy
     };
     if (overrideOptions) {
@@ -1048,6 +1051,7 @@ WebApp.prototype = {
       urlPrefix, 
       isHttps, 
       addProxyAuthorizations: (noAuth? null : this.auth.addProxyAuthorizations),
+      processProxiedHeaders: (noAuth? null : this.auth.processProxiedHeaders),
       allowInvalidTLSProxy: this.options.allowInvalidTLSProxy
     }, pluginID, serviceName);
     proxyMap.set(pluginID + ":" + serviceName, myProxy);

diff --git a/lib/webauth.js b/lib/webauth.js
@@ -161,7 +161,7 @@ const SESSION_ACTION_TYPE_REFRESH = 2;
 /*
  * Assumes req.session is there and behaves as it should
  */
-module.exports = function(authManager) {
+module.exports = function(authManager, cookiePort, isSecurePort) {
   const _authenticateOrRefresh = Promise.coroutine(function*(req, res, type) {
     let functionName;
     if (type == SESSION_ACTION_TYPE_AUTHENTICATE) {
@@ -246,8 +246,26 @@ module.exports = function(authManager) {
         return;
       }
       const authPluginSession = getAuthPluginSession(req1, handler.pluginID, {});
-      handler.addProxyAuthorizations(req1, req2Options, authPluginSession);     
+      try {
+        handler.addProxyAuthorizations(req1, req2Options, authPluginSession);
+      } catch (e) {
+        authLogger.warn(`Failed to set proxy authorizations. Error=`,e);
+      }
     },
+
+    processProxiedHeaders(req, headers) {
+      const handler = getAuthHandler(req, authManager);
+      if (handler && handler.processProxiedHeaders) {
+        const authPluginSession = getAuthPluginSession(req, handler.pluginID, {});
+        try {
+          return handler.processProxiedHeaders(req, headers, authPluginSession);
+        } catch (e) {
+          return headers;
+        }
+      } else {
+        return headers;
+      }
+    },    
 
     getStatus(req, res) {
       const handlers = authManager.getAllHandlers();
@@ -292,6 +310,9 @@ module.exports = function(authManager) {
           req.sessionStore.destroy(req.session.id);
         }
         req.session.id = null;
+        res.clearCookie('connect.sid.'+cookiePort, { path: '/',
+                                                     httpOnly: true,
+                                                     secure: isSecurePort});
       }
       res.status(200).send('');
     },

diff --git a/package-lock.json b/package-lock.json