@nsshunt/stsdatamanagement 1.12.10 → 1.12.14

package/databaseutils.js

@@ -1,13 +1,10 @@
 const prompts = require('prompts');
-const fs = require('fs');
 require('colors');
-//let crypto = require('crypto');
 const goptions = require('@nsshunt/stsconfig').$options;
 
 const { PGPoolManager } = require('./pgpoolmanager');
 const { PGAccessLayer } = require('./pgaccesslayer');
 const { PGUtils } = require('./pgutils');
-const { BLCAuth } = require('./blcauth');
 const { DataGenerator } = require('./datagenerator.js');
 
 class DatabaseUtils
@@ -21,108 +18,12 @@ class DatabaseUtils
 		this.#debug = require('debug')(this.#ns);
 		this.#accessLayer = accessLayer;
 	}
-	
-	#_RegisterRolesAndPermissions = async(blcauth) => {
-		this.#debug(`Registering Roles and Role Permissions.`.yellow);
-		console.log(`Registering Roles and Role Permissions.`.yellow);
-		const rolePermissionFile = `${goptions.databasescriptfolder}/role-permission.json`;
-		const rawdata = fs.readFileSync(rolePermissionFile);
-		let rolePermissions = JSON.parse(rawdata);
-		for (const [, rolePermission] of Object.entries(rolePermissions)) {
-			let retVal = await blcauth.AddRolePermissions(rolePermission);
-			if (retVal.status !== 200) {
-				console.log(`Role Permission registered: ${JSON.stringify(retVal)}`.red);
-				return false;
-			} else {
-				console.log(`Role Permission registered: ${JSON.stringify(retVal)}`);
-			}
-		}
-		return true;
-	}
-
-	#_RegisterUsersAndRoles = async(blcauth) => {
-		this.#debug(`Registering Users and Roles.`.yellow);
-		console.log(`Registering Users and Roles.`.yellow);
-		const roleFile = `${goptions.databasescriptfolder}/user-role.json`;
-		let rawdata = fs.readFileSync(roleFile);
-		let userroles = JSON.parse(rawdata);
-		for (const [, user] of Object.entries(userroles)) {
-			let retVal = await blcauth.AddUser(user);
-			if (retVal.status !== 200) {
-				console.log(`Role registered: ${JSON.stringify(retVal)}`.red);
-				return false;
-			} else {
-				console.log(`Role registered: ${JSON.stringify(retVal)}`);
-			}
-		}
-		return true;
-	}
-
-	#_RegisterTestingUsersAndRoles = async(blcauth) => {
-		this.#debug(`Registering Test Users and Roles.`.yellow);
-		console.log(`Registering Test Users and Roles.`.yellow);
-		for (let i=0; i < 10; i++) {
-			let userNoStr = i.toString().padStart(2, '0');
-			let user = {
-				name: `Test User ${userNoStr}`,
-				email: `user${userNoStr}@stsmda.com.au`,
-				password: `user${userNoStr}password`,
-				roles: [ ]
-			}
-			let retVal = await blcauth.AddUser(user);
-			if (retVal.status !== 200) {
-				console.log(`User NOT registered: ${JSON.stringify(retVal)}`.red);
-				return false;
-			} else {
-				console.log(`User registered: ${JSON.stringify(retVal)}`);
-			}
-		}
-		return true;
-	}
-
-	#_RegisterApplications = async(blcauth) => {
-		this.#debug(`Registering Applications.`.yellow);
-		console.log(`Registering Applications.`.yellow);
-		const roleFile = `${goptions.databasescriptfolder}/applications.json`;
-		let rawdata = fs.readFileSync(roleFile);
-		let applications = JSON.parse(rawdata);
-		for (const [, application] of Object.entries(applications)) {
-			//application.clientSecret = crypto.randomBytes(32).toString('base64');
-			let retVal = await blcauth.AddApplication(application);
-			if (retVal.status !== 200) {
-				console.log(`Application registered: ${JSON.stringify(retVal)}`.red);
-				return false;
-			} else {
-				console.log(`Application registered: ${JSON.stringify(retVal)}`);
-				console.log(`Application secret    : ${application.clientSecret}`);
-			}
-		}
-		return true;
-	}
-
-	#_RegisterAPIs = async(blcauth) => {
-		this.#debug(`Registering APIs.`.yellow);
-		console.log(`Registering APIs.`.yellow);
-		const roleFile = `${goptions.databasescriptfolder}/apis.json`;
-		let rawdata = fs.readFileSync(roleFile);
-		let apis = JSON.parse(rawdata);
-		for (const [, api] of Object.entries(apis)) {
-			let retVal = await blcauth.AddAPI(api);
-			if (retVal.status !== 200) {
-				console.log(`API registered: ${JSON.stringify(retVal)}`.red);
-				return false;
-			} else {
-				console.log(`API registered: ${JSON.stringify(retVal)}`);
-			}
-		}
-		return true;
-	}
 
 	// options ::= { start: <int>, entries: <int>, minextradata: <int>, maxextradata: <int>,
 	//		user: { name: <string>, password: <string>, email: <string> } }
-	createfreshdatabase = async (options) =>
+	CreateDatabase = async (options) =>
 	{
-		let fname = 'createfreshdatabase';
+		let fname = 'CreateDatabase';
 		const { start, entries, minextradata, maxextradata } = options;
 		let builddbscript = `${goptions.databasescriptfolder}/builddb.sql`;
 		this.#debug(`Database Build Script: [${builddbscript}]`.yellow);
@@ -149,6 +50,7 @@ class DatabaseUtils
 			this.#debug(`Building database assets (tables, functions, etc.).`.yellow);
 			await localAccesslayer.executedbscript(builddbscript);
 
+			//@@ make optional or move
 			if (typeof entries !== 'undefined') {
 				// Add new faker entries
 				this.#debug(`Adding test data.`.yellow);
@@ -156,37 +58,11 @@ class DatabaseUtils
 				await dg.RunAddFakerBulkInsert(start, entries, minextradata, maxextradata);
 			}
 
-			const blcauth = new BLCAuth(localAccesslayer);
-			let status = true;
-
-			status = await this.#_RegisterUsersAndRoles(blcauth);
-			if (status) {
-				status = await this.#_RegisterRolesAndPermissions(blcauth);
-			}
-			if (status) {
-				status = await this.#_RegisterTestingUsersAndRoles(blcauth);
-			}
-			if (status) {
-				status = await this.#_RegisterApplications(blcauth);
-			}
-			if (status) {
-				status = await this.#_RegisterAPIs(blcauth);
-			}
-
-			if (status) {
-				let retVal = await blcauth.GetUserPermissions('STSREST01ServiceUser@stsmda.com');
-				console.log(`User Permissions: ${JSON.stringify(retVal)}`);
-			}
-
 			await localAccesslayer.enddatabase();
 
-			if (status) {
-				this.#debug(`Database successfully initiailized.`.green);
-				console.log(`Database successfully initiailized.`.green);
-			} else {
-				this.#debug(`Database did not initiailize correctly.`.red);
-				console.log(`Database did not initiailize correctly.`.red);
-			}
+			//@@ double logging
+			this.#debug(`Database successfully initiailized.`.green);
+			console.log(`Database successfully initiailized.`.green);
 		} catch (error)
 		{
 			console.error(`[${fname}]: Could not create fresh database: ${error}`);
@@ -200,14 +76,6 @@ class DatabaseUtils
 		return retVal;
 	};
 
-	// user ::= { name: <string>, password: <string>, email: <string> }
-	RegisterTestUser = async (user) =>
-	{
-		let retVal = await new BLCAuth(this.#accessLayer).registeruser(user);
-		console.log(`User registered: ${JSON.stringify(retVal)}`);
-		return retVal;
-	};
-
 	ExecuteDatabaseScript = async (scriptfile) =>
 	{
 		let retVal = await this.#accessLayer.executedbscript(scriptfile);

package/datagenerator.js

@@ -175,7 +175,8 @@ class DataGenerator
 
 
 		let pa = [ ];
-		let numCPUs = require('os').cpus().length;
+		let numCPUs = goptions.useCPUs;
+		//let numCPUs = require('os').cpus().length;
 		let blocksize = Math.floor(iterations / numCPUs);
 		let lastBlockSize = blocksize + (iterations % numCPUs);
 

package/db-scripts/apis.json

@@ -41,6 +41,18 @@
                     "res01.delete"
                 ]
             }
+        ],
+        "SPA": [
+            {
+                "clientName": "STSAuthenticateSPA",
+                "clientId": "v4qBrds3Autl/i86xT+5z0K53kJ/2hHTfxNo0QO/0Jk=",
+                "permissions": [
+                    "res01.create",
+                    "res01.read",
+                    "res01.update",
+                    "res01.delete"
+                ]
+            }
         ]
     },
 

package/dbaccess.js

@@ -2,7 +2,6 @@ const { PGPoolManager } = require('./pgpoolmanager');
 const { L1Cache } = require('./l1cache');
 const { PGAccessLayer } = require('./pgaccesslayer');
 const { PGUtils } = require('./pgutils');
-const { BLCAuth } = require('./blcauth');
 const { DatabaseUtils } = require('./databaseutils');
 const { DataGenerator } = require('./datagenerator');
 const { CreateDatabase } = require('./setupdb');
@@ -13,7 +12,7 @@ const {
 
 module.exports = { 
 	// Utilities and Helpers
-	PGPoolManager, L1Cache, PGAccessLayer, PGUtils, BLCAuth, DatabaseUtils, DataGenerator,
+	PGPoolManager, L1Cache, PGAccessLayer, PGUtils, DatabaseUtils, DataGenerator,
 	// Errors
 	STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, 
 	STSDatabaseAccessError, STSInvalidCredentials, STSNotAuthorized,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nsshunt/stsdatamanagement",
-  "version": "1.12.10",
+  "version": "1.12.14",
   "description": "STS Data Management Modules, Utilities and Services",
   "main": "dbaccess.js",
   "dependencies": {

package/setupdb.js

@@ -5,7 +5,7 @@ const { DatabaseUtils } = require('./databaseutils.js');
 
 module.exports = {
 	CreateDatabase: async() => {
-		await new DatabaseUtils().createfreshdatabase({
+		await new DatabaseUtils().CreateDatabase({
 			start: 0,
 			entries: 10000,
 			minextradata: 0,

package/blcauth.js

@@ -1,388 +0,0 @@
-const { status: { status } } = require('@nsshunt/stsutils');
-const bcrypt = require('bcryptjs');
-const { STSResourceNotFoundError, STSDatabaseAccessError, STSResourceMalformedError, 
-	STSNotAuthorized, STSInvalidCredentials } = require('./dberrors');
-
-class BLCAuth
-{
-	static SYSTEM_USER_ID = "STS_SYSTEM";
-	static USER_ID_PREFIX = "USR_";
-	static ROLE_ID_PREFIX = "ROLE_";
-	static APPLICATION_ID_PREFIX = "APP_";
-	static API_ID_PREFIX = "API_";
-
-	#accessLayer = null;
-
-	constructor(accessLayer)
-	{
-		this.#accessLayer = accessLayer;
-	}
-
-	// Normally, register would be provided by a hardened dedicated authentication server.
-	async AddUser(user)
-	{
-		let { name, password, email, roles } = user;
-		const saltRounds = 10;
-		try 
-		{
-			let userid = BLCAuth.USER_ID_PREFIX + email;
-			if (await this.#ResourceExists('User', userid)) {
-				return { 
-					status: status.conflict, 
-					error: 'User already exists.', 
-					detail: { message: `User already exists: [${userid}]` }
-				};
-			} else {
-				const hashedPassword = await bcrypt.hash(password, saltRounds);
-
-				let user = {
-					id: userid
-					,name: name
-					,email: email
-					,hash: hashedPassword
-					,roles: roles
-				};
-
-				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, user.id, user);
-
-				let payload = 
-				{
-					id: userid
-					,name: name
-					,email: email
-					,roles: roles
-				}
-
-				return { status: status.success, detail: payload };
-			}
-		} catch (error)
-		{
-			console.error(error);
-			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
-		}
-	}
-
-	async AddRolePermissions(rolePermissions)
-	{
-		try 
-		{
-			const { name, permissions } = rolePermissions;
-			let roleId = BLCAuth.ROLE_ID_PREFIX + name;
-			if (await this.#ResourceExists('Role', roleId)) {
-				return { 
-					status: status.conflict, 
-					error: 'Role already exists.', 
-					detail: { message: `Role already exists: [${roleId}]` }
-				};
-			} else {
-				let roleResource = {
-					id: roleId,
-					name: name,
-					permissions: permissions
-				}
-
-				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, roleId, roleResource);
-
-				return { status: status.success, detail: roleResource };
-			}
-		} catch (error)
-		{
-			console.error(error);
-			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
-		}
-	}
-
-	async #GetResource(resource, resourceId) {
-		let resourceRaw = null;
-		try {
-			resourceRaw = await this.#accessLayer.getLatestResource(resourceId);
-		} catch (error) {
-			throw new STSDatabaseAccessError(resource, resourceId, error);
-		}
-		if (resourceRaw.status !== 200) {
-			throw new STSResourceNotFoundError(resource, resourceId);
-		}
-		try {
-			return JSON.parse(resourceRaw.detail.resdesc);
-		} catch (error) {
-			throw new STSResourceMalformedError(resource, resourceId, resourceRaw.detail.resdesc, error);
-		}
-	}
-
-	async #ResourceExists(resource, resourceId) {
-		try {
-			await this.#GetResource(resource, resourceId);
-			return true;
-		} catch (error) {
-			if (error instanceof STSResourceNotFoundError) {
-				return false;
-			} else {
-				throw error;
-			}
-		}
-	}
-
-	async GetUser(email) {
-		return this.#GetResource('User', BLCAuth.USER_ID_PREFIX + email);
-	}
-
-	async GetRole(role) {
-		return this.#GetResource('Role', BLCAuth.ROLE_ID_PREFIX + role);
-	}
-
-	async GetApplication(application) {
-		return this.#GetResource('Application', BLCAuth.APPLICATION_ID_PREFIX + application);
-	}
-
-	async GetAPI(identifier) {
-		return this.#GetResource('API', BLCAuth.API_ID_PREFIX + identifier);
-	}
-
-	async GetUserPermissions(email)
-	{
-		try 
-		{
-			let userResource = await this.GetUser(email);
-			let permissions = [ ];
-
-			for (let i=0; i < userResource.roles.length; i++) {
-				let role = userResource.roles[i];
-				let roleResource = await this.GetRole(role);
-				for (let j=0; j < roleResource.permissions.length; j++) {
-					let permission = roleResource.permissions[j];
-					if (!permissions.includes(permission)) {
-						permissions.push(permission);
-					}
-				}
-			}
-
-			return { status: status.success, detail: permissions };
-		} catch (error)
-		{
-			console.error(error);
-			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
-		}
-	}
-
-	async AddApplication(application)
-	{
-		try 
-		{
-			const { clientId } = application;
-			let applicationId = BLCAuth.APPLICATION_ID_PREFIX + clientId;
-			if (await this.#ResourceExists('Application', applicationId)) {
-				return { 
-					status: status.conflict, 
-					error: 'Application already exists.', 
-					detail: { message: `Application already exists: [${applicationId}]` }
-				};
-			} else {
-				let payload = {
-					applicationId,
-					...application
-				}
-	
-				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, applicationId, payload);
-	
-				// Client Secret is not returned. Seperate function used to display this field.
-				delete payload.clientSecret;
-	
-				return { status: status.success, detail: payload };
-			}
-		} catch (error)
-		{
-			console.error(error);
-			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
-		}
-	}
-
-	#ValidateApplication = async (apiPermissions, app) => {
-		const { clientId, clientName, permissions } = app;
-
-		let applicationResource = null;
-		try {
-			applicationResource = await this.GetApplication(clientId)
-		} catch (error) {
-			return { status: status.notfound , error: 'Cannot find client application.', detail: { message: error.message }};
-		}
-		if (applicationResource.clientName.localeCompare(clientName) !== 0) {
-			return { status: status.error, error: 'clientName mismatch.', detail: { message: `clientName mismatch: Value: [${clientName}], Expecting: [${applicationResource.clientName}]` }};
-		}
-		for (let j=0; j < permissions.length; j++) {
-			const permission = permissions[j];
-			if (!apiPermissions.includes(permission)) {
-				return { status: status.error, error: `M2M permission not found within API available permission list.`, detail: { message: `Permission not found within API: [${clientName}:${clientId}] available permission list: [${permission}]` }};
-			}
-		}
-		return null;
-	}
-
-	async AddAPI(api)
-	{
-		try 
-		{
-			const { M2MApplications, permissions: apiPermissions, identifier, SPA } = api;
-
-			let APIidentifier = BLCAuth.API_ID_PREFIX + identifier;
-
-			if (await this.#ResourceExists('API', APIidentifier)) {
-				return { 
-					status: status.conflict, 
-					error: 'API already exists.', 
-					detail: { message: `API already exists: [${APIidentifier}]` }
-				};
-			} else {
-				// Validate M2MApplications
-				if (M2MApplications) {
-					for (let i=0; i < M2MApplications.length; i++) {
-						let retVal = await this.#ValidateApplication(apiPermissions, M2MApplications[i]);
-						if (retVal !== null) {
-							return retVal;
-						}
-					}
-				}
-
-				// Validate SPA
-				if (SPA) {
-					for (let i=0; i < SPA.length; i++) {
-						let retVal = await this.#ValidateApplication(apiPermissions, SPA[i]);
-						if (retVal !== null) {
-							return retVal;
-						}
-					}
-				}
-				
-				// Client Secret is not returned. Separate function used to display this field.
-				let payload = 
-				{
-					APIidentifier,
-					...api
-				}
-
-				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, APIidentifier, payload);
-
-				return { status: status.success, detail: payload };
-			}
-		} catch (error)
-		{
-			console.error(error);
-			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
-		}
-	}
-
-	GetResourcesFromPermissions = (permissions) => {
-		let sep = '';
-		let resource = '';
-		let resourcesArr = [ ];
-		let resources = '';
-		let scopes = '';
-		permissions.forEach(permission => {
-			scopes += sep + permission;
-			sep = ' ';
-			let resourceParts = permission.split('.');
-			if (resourceParts.length !== 2) {
-				throw new STSResourceMalformedError('permission', 'N/A', permission);
-			}
-			resource = resourceParts[0];
-			if (!resourcesArr.includes(resource)) {
-				resourcesArr.push(resource);
-			}
-		});
-		if (resourcesArr.length !== 0) {
-			resources = resourcesArr.join(' ');
-		}
-		return {
-			scopes,
-			resources
-		}
-	}
-
-	#GetResourcesForApplication = (clientId, audience, app) => {
-		const permissions = app.permissions;
-		let sep = '';
-		let resource = '';
-		let scopes = '';
-		let resourcesArr = [ ];
-		permissions.forEach(permission => {
-			scopes += sep + permission;
-			sep = ' ';
-			let resourceParts = permission.split('.');
-			if (resourceParts.length !== 2) {
-				throw new STSResourceMalformedError(app, app.clientId, permission, null, { clientId, audience });
-			}
-			resource = resourceParts[0];
-			if (!resourcesArr.includes(resource)) {
-				resourcesArr.push(resource);
-			}
-		});
-		if (resourcesArr.length === 0) {
-			throw new STSNotAuthorized(clientId, audience);
-		}
-		const resources = resourcesArr.join(' ');
-		return {
-			scopes,
-			resources
-		}
-	}
-
-	// Get all the scopes (permissions) defined for this application (client_id) using this API (audience).
-	// client_secret required for M2M applications. Not required for SPA.
-	GetScopes = async (clientId, clientSecret, audience) => {
-		let applicationResource = await this.GetApplication(clientId);
-
-		if (applicationResource.clientSecret.localeCompare(clientSecret) !== 0) {
-			throw new STSInvalidCredentials('Application', clientId);
-		}
-
-		// Get all permissions that have been provided for this client (client_id) using the specified API (audience).
-		let apiResource = await this.GetAPI(audience);
-		const { M2MApplications, SPA } = apiResource;
-
-		// Check for M2M applications.
-		if (M2MApplications) {
-			for (let i=0; i < M2MApplications.length; i++) {
-				let m2mApplication = M2MApplications[i];
-				if (m2mApplication.clientId.localeCompare(clientId) === 0) {
-					return this.#GetResourcesForApplication(clientId, audience, m2mApplication);
-				}
-			}
-		}
-
-		// Check for SPA (single page applications).
-		if (SPA) {
-			for (let i=0; i < SPA.length; i++) {
-				let spaApplication = SPA[i];
-				if (spaApplication.clientId.localeCompare(clientId) === 0) {
-					return this.#GetResourcesForApplication(clientId, audience, spaApplication);
-				}
-			}
-		}
-
-		// client id not authorized for this API (i.e. no permissions for this client app have been created to access this API).
-		throw new STSNotAuthorized(clientId, audience);
-	}
-
-	GetAPIsForClientId = async (clientId) => {
-		console.log(clientId);
-		let result = await this.#accessLayer.getResources(`${BLCAuth.API_ID_PREFIX}%`);
-		console.log(result);
-	}
-	/*
-
-	// Get all the scopes that the user (user_id) has previously consented for this application (client_id) using this API (audience).
-	async GetConsentedScopes(user_id, client_id, audience) {
-
-	}
-
-	// Update scopes that the user (user_id) has consented for this application (client_id) using this API (audience).
-	async UpdateConsentedScopes(user_id, client_id, audience, scopes) {
-
-	}
-	*/
-
-
-
-
-}
-
-module.exports = { BLCAuth };