@manyos/smileconnect-api 1.33.0 → 1.34.0

package/app.js

@@ -11,6 +11,7 @@ const JwtStrategy = require('passport-jwt').Strategy,
 const bodyParser = require('body-parser');
 
 const config = require('./util/config');
+const authUtil = require('./util/auth');
 
 const cors = require('cors');
 
@@ -83,6 +84,8 @@ if (audienceArray.length > 0) {
     opts.audience = audienceArray;
 }
 
+opts.passReqToCallback = true
+
 // Do any necessary shutdown logic for our application here
 const shutdown = (signal, value) => {
     console.log("shutdown!");
@@ -130,12 +133,20 @@ app.use(compression()); //Compress all routes
 
 log.debug('Passport Opts', opts);
 passport.use(
-    new JwtStrategy(opts, function (jwt_payload, done) {
+    new JwtStrategy(opts, function (req, jwt_payload, done) {
         //log.info(jwt_payload);
         //log.info('token', jwt_payload.sub);
         //TODO: Config error abfangen
         //TODO: Add AdminScope and Impersonate
-        const clientId = jwt_payload[SSO_CLIENTNAME_ATTRIBUTE];
+        let clientId = jwt_payload[SSO_CLIENTNAME_ATTRIBUTE];
+
+        //check for master client
+        const requestedClientId = req.query.clientId
+        if (requestedClientId && authUtil.isMasterClient(clientId)) {
+            log.debug(`client ${clientId} acts as ${requestedClientId}`)
+            clientId = requestedClientId
+        }
+
         const user = {
             'id': jwt_payload.sub,
             'azp': jwt_payload.azp,
@@ -159,6 +170,7 @@ passport.use(
 
 app.use(bodyParser.json({limit: '200mb'}));
 app.use(bodyParser.urlencoded({limit: '200mb', extended: true}));
+
 //health check
 app.use('/v1/health', function (req, res, next) {
     res.json({status:"ok"})

package/conf/clients.json

@@ -21,8 +21,10 @@
         "scripts": {}
       },
       "incident": {
-        "basequery": "1=2",
-        "fields": [],
+        "basequery": "1=1",
+        "fields": [
+          "Description"
+        ],
         "constants": [],
         "scripts": {}
       },

package/docs/general/config.md

@@ -82,6 +82,15 @@ List of users who are allowed to access /v1/appconfig endpoints.
 Sample:
 ADMIN_USERS=username1, username2
 
+### MASTER_CLIENTS
+
+List of clients that can act on behalf of other clients. 
+
+The URL Parameter *clientId* is used for this.
+
+Sample:
+MASTER_CLIENTS=idm,adminTool
+
 ## Cache
 
 ### CACHETTL_CMDB

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@manyos/smileconnect-api",
-  "version": "1.33.0",
+  "version": "1.34.0",
   "description": "A proxy and abstraction layer for BMCs IT Service Management Suite",
   "main": "app.js",
   "scripts": {

package/util/auth.js

@@ -19,6 +19,20 @@ function isAuthorizedAdmin(req, res, next) {
     }
 }
 
+function isMasterClient(clientId) {
+    const masterClients = process.env.MASTER_CLIENTS;
+    if (masterClients !== null
+        && masterClients !== undefined
+        && clientId !== null
+        && clientId !== undefined
+        && isUserInList(masterClients, clientId)) {
+        log.debug('master client authorized', clientId);
+        return true
+    } else {
+        return false
+    }
+}
+
 function isUserInList(userList, userName) {
     log.debug('Check if user is in List', userName, userList)
     if (userList !== null && userList !== undefined && userName !== null && userName !== undefined) {
@@ -33,5 +47,5 @@ function isUserInList(userList, userName) {
 }
 
 module.exports = {
-    isAuthorizedAdmin
+    isAuthorizedAdmin, isMasterClient
 }