@nsshunt/stsdatamanagement 1.8.1 → 1.10.1

package/.github/dependabot.yml

@@ -10,11 +10,4 @@ updates:
   - package-ecosystem: "npm" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
-      interval: "weekly"
-
-  - package-ecosystem: "github-actions"
-    # Workflow files stored in the
-    # default location of `.github/workflows`
-    directory: "/"
-    schedule:
-      interval: "weekly"
+      interval: "monthly"

package/blcauth.js

@@ -5,6 +5,9 @@ class BLCAuth
 {
 	static SYSTEM_USER_ID = "STS_SYSTEM";
 	static USER_ID_PREFIX = "USR_";
+	static ROLE_ID_PREFIX = "ROLE_";
+	static APPLICATION_ID_PREFIX = "APP_";
+	static API_ID_PREFIX = "API_";
 
 	#accessLayer = null;
 
@@ -14,17 +17,15 @@ class BLCAuth
 	}
 
 	// Normally, register would be provided by a hardened dedicated authentication server.
-	async registeruser(user)
+	async AddUser(user)
 	{
-		let { name, password, email } = user;
+		let { name, password, email, roles } = user;
 		const saltRounds = 10;
 		try 
 		{
 			let userid = BLCAuth.USER_ID_PREFIX + email;
 			let existingUser = await this.#accessLayer.getLatestResource(userid);
-			if (existingUser.status === 200)
-			{
-				//@@ should throw exception here
+			if (existingUser.status === 200) {
 				return { status: status.conflict, error: 'User already exists.', detail: { message: 'User already exists.' }};
 			}
 			
@@ -35,14 +36,17 @@ class BLCAuth
 				,name: name
 				,email: email
 				,hash: hashedPassword
+				,roles: roles
 			};
 
 			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, user.id, user);
 
 			let payload = 
 			{
-				name: user.name
-				,email: user.email
+				id: userid
+				,name: name
+				,email: email
+				,roles: roles
 			}
 
 			return { status: status.success, detail: payload };
@@ -52,6 +56,167 @@ class BLCAuth
 			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
 		}
 	}
+
+	async AddRolePermissions(rolePermissions)
+	{
+		try 
+		{
+			const { name, permissions } = rolePermissions;
+			let roleId = BLCAuth.ROLE_ID_PREFIX + name;
+			let existingRole = await this.#accessLayer.getLatestResource(roleId);
+			if (existingRole.status === 200) {
+				return { status: status.conflict, error: 'Role already exists.', detail: { message: 'Role already exists.' }};
+			}
+
+			let roleResource = {
+				id: roleId,
+				name: name,
+				permissions: permissions
+			}
+
+			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, roleId, roleResource);
+
+			return { status: status.success, detail: roleResource };
+		} catch (error)
+		{
+			console.error(error);
+			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
+		}
+	}
+
+	async GetUserPermissions(email)
+	{
+		try 
+		{
+			let userid = BLCAuth.USER_ID_PREFIX + email;
+			let existingUser = await this.#accessLayer.getLatestResource(userid);
+			if (existingUser.status !== 200) {
+				return { status: status.notfound, error: 'User not found.', detail: { message: 'User not found.' }};
+			}
+
+			let userResource = JSON.parse(existingUser.detail.resdesc);
+
+			let permissions = [ ];
+
+			for (let i=0; i < userResource.roles.length; i++) {
+				let role = userResource.roles[i];
+				let roleId = BLCAuth.ROLE_ID_PREFIX + role;
+				let existingRole = await this.#accessLayer.getLatestResource(roleId);
+				if (existingRole.status !== 200) {
+					return { status: status.notfound, error: 'Role not found.', detail: { message: 'Role not found.' }};
+				}
+				let roleResource = JSON.parse(existingRole.detail.resdesc);
+				for (let j=0; j < roleResource.permissions.length; j++) {
+					let permission = roleResource.permissions[j];
+					if (!permissions.includes(permission)) {
+						permissions.push(permission);
+					}
+				}
+			}
+
+			return { status: status.success, detail: permissions };
+		} catch (error)
+		{
+			console.error(error);
+			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
+		}
+	}
+
+	async AddApplication(application)
+	{
+		try 
+		{
+			const { clientId } = application;
+			let applicationId = BLCAuth.APPLICATION_ID_PREFIX + clientId;
+			let existingApplication = await this.#accessLayer.getLatestResource(applicationId);
+			if (existingApplication.status === 200) {
+				return { status: status.conflict, error: 'Application already exists.', detail: { message: `Application already exists: [${applicationId}]` }};
+			}
+
+			let payload = 
+			{
+				applicationId: applicationId,
+				...application
+			}
+
+			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, applicationId, payload);
+
+			// Client Secret is not returned. Seperate function used to display this field.
+			delete payload.clientSecret;
+
+			return { status: status.success, detail: payload };
+		} catch (error)
+		{
+			console.error(error);
+			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
+		}
+	}
+
+	async AddAPI(api)
+	{
+		try 
+		{
+			const { APIId, M2MApplications, permissions } = api;
+			let APIidentifier = BLCAuth.API_ID_PREFIX + APIId;
+			let existingAPI = await this.#accessLayer.getLatestResource(APIidentifier);
+			if (existingAPI.status === 200) {
+				return { status: status.conflict, error: 'API already exists.', detail: { message: `API already exists: [${APIidentifier}]` }};
+			}
+
+			// Validate M2MApplications
+			for (let i=0; i < M2MApplications.length; i++) {
+				const m2mapplication = M2MApplications[i];
+				let appid = BLCAuth.APPLICATION_ID_PREFIX + m2mapplication.clientId;
+				let retVal = await this.#accessLayer.getLatestResource(appid);
+				if (retVal.status !== 200) {
+					return { status: status.notfound , error: 'Cannot find client application.', detail: { message: `Cannot find client application: [${appid}].` }};
+				}
+				let applicationResource = JSON.parse(retVal.detail.resdesc);
+				if (applicationResource.clientName.localeCompare(m2mapplication.clientName) !== 0) {
+					return { status: status.error, error: 'clientName mismatch.', detail: { message: `clientName mismatch: Value: [${m2mapplication.clientName}], Expecting: [${applicationResource.clientName}]` }};
+				}
+				for (let j=0; j < m2mapplication.permissions.length; j++) {
+					const permission = m2mapplication.permissions[j];
+					if (!permissions.includes(permission)) {
+						return { status: status.error, error: 'M2M permission not found within API available permission list.', detail: { message: `M2M permission not found within API available permission list: [${permission}]` }};
+					}
+				}
+			}
+	
+			// Client Secret is not returned. Seperate function used to display this field.
+			let payload = 
+			{
+				APIidentifier: APIidentifier,
+				...api
+			}
+
+			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, APIidentifier, payload);
+
+			return { status: status.success, detail: payload };
+		} catch (error)
+		{
+			console.error(error);
+			throw new Error({ status: status.error, error: 'Operation was not successful', detail: error });
+		}
+	}
+
+	async GetApplication(clientId) {
+		let clientIdentifier = BLCAuth.APPLICATION_ID_PREFIX + clientId;
+		let application = await this.#accessLayer.getLatestResource(clientIdentifier);
+		if (application.status !== 200) {
+			return { status: status.notfound, error: 'Application not found.', detail: { message: `Application not found: [${clientId}]` }};
+		}
+		return application;
+	}
+
+	async GetAPI(APIId) {
+		let APIidentifier = BLCAuth.API_ID_PREFIX + APIId;
+		let api = await this.#accessLayer.getLatestResource(APIidentifier);
+		if (api.status !== 200) {
+			return { status: status.notfound, error: 'API not found.', detail: { message: `API not found: [${APIId}]` }};
+		}
+		return api;
+	}
 }
 
 module.exports = { BLCAuth };

package/databaseutils.js

@@ -1,6 +1,9 @@
 const prompts = require('prompts');
-const goptions = require('@nsshunt/stsconfig').$options;
+const fs = require('fs');
 require('colors');
+let crypto = require('crypto');
+
+const goptions = require('@nsshunt/stsconfig').$options;
 
 const { PGPoolManager } = require('./pgpoolmanager');
 const { PGAccessLayer } = require('./pgaccesslayer');
@@ -20,22 +23,93 @@ class DatabaseUtils
 		this.#accessLayer = accessLayer;
 	}
 	
+	#_RegisterRolesAndPermissions = async(blcauth) => {
+		this.#debug(`Registering Roles and Role Permissions.`.yellow);
+		console.log(`Registering Roles and Role Permissions.`.yellow);
+		const rolePermissionFile = goptions.databasescriptfolder + '/role-permission.json'
+		const rawdata = fs.readFileSync(rolePermissionFile);
+		let rolePermissions = JSON.parse(rawdata);
+		for (const [, rolePermission] of Object.entries(rolePermissions)) {
+			let retVal = await blcauth.AddRolePermissions(rolePermission);
+			if (retVal.status !== 200) {
+				console.log(`Role Permission registered: ${JSON.stringify(retVal)}`.red);
+				return false;
+			} else {
+				console.log(`Role Permission registered: ${JSON.stringify(retVal)}`);
+			}
+		}
+		return true;
+	}
+
+	#_RegisterUsersAndRoles = async(blcauth) => {
+		this.#debug(`Registering Users and Roles.`.yellow);
+		console.log(`Registering Users and Roles.`.yellow);
+		const roleFile = goptions.databasescriptfolder + '/user-role.json'
+		let rawdata = fs.readFileSync(roleFile);
+		let userroles = JSON.parse(rawdata);
+		for (const [, user] of Object.entries(userroles)) {
+			let retVal = await blcauth.AddUser(user);
+			if (retVal.status !== 200) {
+				console.log(`Role registered: ${JSON.stringify(retVal)}`.red);
+				return false;
+			} else {
+				console.log(`Role registered: ${JSON.stringify(retVal)}`);
+			}
+		}
+		return true;
+	}
+
+	#_RegisterApplications = async(blcauth) => {
+		this.#debug(`Registering Applications.`.yellow);
+		console.log(`Registering Applications.`.yellow);
+		const roleFile = goptions.databasescriptfolder + '/applications.json'
+		let rawdata = fs.readFileSync(roleFile);
+		let applications = JSON.parse(rawdata);
+		for (const [, application] of Object.entries(applications)) {
+			application.clientSecret = crypto.randomBytes(32).toString('base64');
+			let retVal = await blcauth.AddApplication(application);
+			if (retVal.status !== 200) {
+				console.log(`Application registered: ${JSON.stringify(retVal)}`.red);
+				return false;
+			} else {
+				console.log(`Application registered: ${JSON.stringify(retVal)}`);
+			}
+		}
+		return true;
+	}
+
+	#_RegisterAPIs = async(blcauth) => {
+		this.#debug(`Registering APIs.`.yellow);
+		console.log(`Registering APIs.`.yellow);
+		const roleFile = goptions.databasescriptfolder + '/apis.json'
+		let rawdata = fs.readFileSync(roleFile);
+		let apis = JSON.parse(rawdata);
+		for (const [, api] of Object.entries(apis)) {
+			let retVal = await blcauth.AddAPI(api);
+			if (retVal.status !== 200) {
+				console.log(`API registered: ${JSON.stringify(retVal)}`.red);
+				return false;
+			} else {
+				console.log(`API registered: ${JSON.stringify(retVal)}`);
+			}
+		}
+		return true;
+	}
+
 	// options ::= { start: <int>, entries: <int>, minextradata: <int>, maxextradata: <int>,
 	//		user: { name: <string>, password: <string>, email: <string> } }
-	static createfreshdatabase = async (options) =>
+	createfreshdatabase = async (options) =>
 	{
-		let ns = `proc:${process.pid}:DatabaseUtils`; // namespace for debug
-		let debug = require('debug')(ns);
 		let fname = 'createfreshdatabase';
-		const { start, entries, minextradata, maxextradata, user } = options;
+		const { start, entries, minextradata, maxextradata } = options;
 		let builddbscript = goptions.databasescriptfolder + '/builddb.sql'
-		debug(`Database Build Script: [${builddbscript}]`.yellow);
+		this.#debug(`Database Build Script: [${builddbscript}]`.yellow);
 
 		try
 		{
 			try
 			{
-				debug(`Dropping database.`.yellow);
+				this.#debug(`Dropping database.`.yellow);
 				await PGUtils.dropdatabase();
 			} catch (error)
 			{
@@ -44,35 +118,54 @@ class DatabaseUtils
 			}
 
 			// Create a new empty database
-			debug(`Creating new empty database.`.yellow);
+			this.#debug(`Creating new empty database.`.yellow);
 			await PGUtils.createdatabase();
 
 			let localAccesslayer = new PGAccessLayer(new PGPoolManager());
 
 			// Build the database assets (tables, functions, etc.)
-			debug(`Building database assets (tables, functions, etc.).`.yellow);
+			this.#debug(`Building database assets (tables, functions, etc.).`.yellow);
 			await localAccesslayer.executedbscript(builddbscript);
 
 			if (typeof entries !== 'undefined') {
 				// Add new faker entries
-				debug(`Adding test data.`.yellow);
+				this.#debug(`Adding test data.`.yellow);
 				let dg = new DataGenerator(localAccesslayer);
 				await dg.RunAddFakerBulkInsert(start, entries, minextradata, maxextradata);
 			}
 
 			const blcauth = new BLCAuth(localAccesslayer);
+			let status = true;
 
-			// Now register a new K6 test user
-			debug(`Registering test users.`.yellow);
-			let retVal = await blcauth.registeruser(user);
-			console.log(`User registered: ${JSON.stringify(retVal)}`);
+			status = await this.#_RegisterUsersAndRoles(blcauth);
+			if (status) {
+				status = await this.#_RegisterRolesAndPermissions(blcauth);
+			}
+			if (status) {
+				status = await this.#_RegisterApplications(blcauth);
+			}
+			if (status) {
+				status = await this.#_RegisterAPIs(blcauth);
+			}
+
+			if (status) {
+				let retVal = await blcauth.GetUserPermissions('STSREST01ServiceUser@stsmda.com');
+				console.log(`User Permissions: ${JSON.stringify(retVal)}`);
+			}
 
 			localAccesslayer.enddatabase();
-			debug(`Database successfully initiailized.`.green);
+
+			if (status) {
+				this.#debug(`Database successfully initiailized.`.green);
+				console.log(`Database successfully initiailized.`.green);
+			} else {
+				this.#debug(`Database did not initiailize correctly.`.red);
+				console.log(`Database did not initiailize correctly.`.red);
+			}
 		} catch (error)
 		{
 			console.error(`[${fname}]: Could not create fresh database: ${error}`);
-			debug(`[${fname}]: Could not create fresh database: ${error}`);
+			this.#debug(`[${fname}]: Could not create fresh database: ${error}`);
 		}
 	};
 

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@nsshunt/stsdatamanagement",
-  "version": "1.8.1",
+  "version": "1.10.1",
   "description": "STS Data Management Modules, Utilities and Services",
   "main": "dbaccess.js",
   "dependencies": {
-    "@nsshunt/stsconfig": "^1.9.1",
-    "@nsshunt/stsinstrumentation": "^6.4.1",
-    "@nsshunt/stsutils": "^1.7.1",
+    "@nsshunt/stsconfig": "^1.17.1",
+    "@nsshunt/stsinstrumentation": "^6.4.2",
+    "@nsshunt/stsutils": "^1.7.5",
     "axios": "^0.26.0",
     "bcryptjs": "^2.4.3",
     "cli-progress": "^3.10.0",
     "colors": "^1.4.0",
-    "debug": "^4.3.3",
+    "debug": "^4.3.4",
     "ioredis": "^4.28.5",
     "pg": "^8.7.3",
     "pg-copy-streams": "^6.0.2",
@@ -27,11 +27,11 @@
     "parser": "@babel/eslint-parser"
   },
   "devDependencies": {
-    "@babel/core": "^7.17.5",
+    "@babel/core": "^7.17.8",
     "@babel/eslint-parser": "^7.17.0",
     "@babel/plugin-proposal-class-properties": "^7.16.7",
     "@babel/plugin-proposal-private-methods": "^7.16.11",
-    "eslint": "^8.9.0",
+    "eslint": "^8.11.0",
     "jest": "^27.5.1"
   },
   "scripts": {

package/pgaccesslayer.js

@@ -154,7 +154,7 @@ class PGAccessLayer
     		try {
     			const { rows } = await client.query(createQuery);
     			const dbResponse = rows[0];
-    			return { status: status.created, detail: dbResponse };
+    			return { status: status.success, detail: dbResponse };
     		} catch (error) {
     			return { status: status.error, error: `[${fname}]: Operation was not successful`, detail: error }; // Set default
     		} finally {