npm - @platform-mesh/portal-server-lib - Versions diffs - 0.0.0 → 0.5.3 - Mend

@platform-mesh/portal-server-lib 0.0.0 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/src/portal-options/services/iam-graphql.service.spec.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import { PMRequestContextProvider } from '../pm-request-context-provider.js';
+import { IAMGraphQlService } from './iam-graphql.service.js';
+import { MUTATION_LOGIN } from './queries.js';
+import { GraphQLClient } from 'graphql-request';
+import { mock } from 'jest-mock-extended';
+jest.mock('@kubernetes/client-node', () => {
+  class KubeConfig {
+    loadFromDefault = jest.fn();
+    loadFromFile = jest.fn();
+    getCurrentCluster = jest.fn().mockReturnValue({
+      server: 'https://k8s.example.com/base',
+      name: 'test-cluster',
+    });
+    makeApiClient = jest.fn();
+    addUser = jest.fn();
+    addContext = jest.fn();
+    setCurrentContext = jest.fn();
+  }
+  class CustomObjectsApi {}
+  return { KubeConfig, CustomObjectsApi };
+});
+describe('IAMGraphQlService', () => {
+  const mockIamServiceApiUrl = 'http://localhost:8080/query';
+  let service: IAMGraphQlService;
+  const gqlClient = {
+    request: jest.fn(),
+  } as unknown as GraphQLClient;
+  const requestContextProvider = mock<PMRequestContextProvider>({
+    getContextValues: jest
+      .fn()
+      .mockResolvedValue({ iamServiceApiUrl: mockIamServiceApiUrl }),
+  });
+  let GraphQLClientMock: jest.SpyInstance;
+  beforeEach(() => {
+    jest.resetAllMocks();
+    // Re-apply RequestContextProvider mock after resetAllMocks
+    (
+      requestContextProvider.getContextValues as unknown as jest.Mock
+    ).mockResolvedValue({
+      iamServiceApiUrl: mockIamServiceApiUrl,
+    });
+    // Mock GraphQLClient constructor to return our mocked client
+    GraphQLClientMock = jest
+      .spyOn<any, any>(require('graphql-request'), 'GraphQLClient')
+      .mockImplementation(() => gqlClient);
+    service = new IAMGraphQlService(requestContextProvider as any);
+  });
+  it('should call mutation addUser', async () => {
+    (gqlClient.request as jest.Mock).mockResolvedValue('');
+    const response = await service.addUser('token', {} as any, {} as any);
+    expect(GraphQLClientMock).toHaveBeenCalledWith(mockIamServiceApiUrl, {
+      headers: { Authorization: 'Bearer token' },
+    });
+    expect(gqlClient.request).toHaveBeenCalledWith(MUTATION_LOGIN);
+    expect(response).toBe(undefined);
+  });
+  it('should call mutation addUser and log error', async () => {
+    console.error = jest.fn();
+    (gqlClient.request as jest.Mock).mockRejectedValue('error');
+    const response = await service.addUser('token', {} as any, {} as any);
+    expect(response).toBe(undefined);
+    expect(console.error).toHaveBeenCalledWith('error');
+  });
+});

package/src/portal-options/services/iam-graphql.service.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { PMRequestContextProvider } from '../pm-request-context-provider.js';
+import { MUTATION_LOGIN } from './queries.js';
+import { Injectable } from '@nestjs/common';
+import type { Request, Response } from 'express';
+import { GraphQLClient } from 'graphql-request';
+@Injectable()
+export class IAMGraphQlService {
+  constructor(private requestContextProvider: PMRequestContextProvider) {}
+  async addUser(
+    token: string,
+    request: Request,
+    response: Response,
+  ): Promise<void> {
+    const requestContext = await this.requestContextProvider.getContextValues(
+      request,
+      response,
+    );
+    const iamUrl = requestContext.iamServiceApiUrl;
+    const client = new GraphQLClient(iamUrl, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    });
+    try {
+      await client.request(MUTATION_LOGIN);
+    } catch (e) {
+      console.error(e);
+    }
+  }
+}

package/src/portal-options/services/kcp-k8s.service.spec.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import { KcpKubernetesService } from './kcp-k8s.service.js';
+jest.mock('@kubernetes/client-node', () => {
+  const makeApiClient = jest.fn(() => ({}));
+  const getCurrentCluster = jest.fn().mockReturnValue({
+    server: 'https://kcp.example.com/base',
+    name: 'test-cluster',
+  });
+  return {
+    CustomObjectsApi: jest.fn(),
+    KubeConfig: jest.fn().mockImplementation(() => ({
+      loadFromFile: jest.fn(),
+      addUser: jest.fn(),
+      addContext: jest.fn(),
+      setCurrentContext: jest.fn(),
+      getCurrentCluster,
+      makeApiClient,
+    })),
+  };
+});
+describe('KcpKubernetesService', () => {
+  const OLD_ENV = process.env;
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = { ...OLD_ENV, KUBECONFIG_KCP: '/tmp/kcp.kubeconfig' };
+  });
+  afterAll(() => {
+    process.env = OLD_ENV;
+  });
+  it('initializes k8s client and baseUrl from kubeconfig', () => {
+    const svc = new KcpKubernetesService();
+    expect(svc.getKcpK8sApiClient()).toBeDefined();
+    expect(svc.getKcpWorkspaceUrl('org1', 'acc1').toString()).toBe(
+      'https://kcp.example.com/clusters/root:orgs:org1:acc1',
+    );
+  });
+  it('builds workspace url without account', () => {
+    const svc = new KcpKubernetesService();
+    expect(svc.getKcpWorkspaceUrl('org1', '').toString()).toBe(
+      'https://kcp.example.com/clusters/root:orgs:org1',
+    );
+  });
+  it('builds virtual workspace url with account', () => {
+    const svc = new KcpKubernetesService();
+    expect(svc.getKcpVirtualWorkspaceUrl('orgX', 'accY').toString()).toBe(
+      'https://kcp.example.com/services/contentconfigurations/clusters/root:orgs:orgX:accY',
+    );
+  });
+  it('builds virtual workspace url without account', () => {
+    const svc = new KcpKubernetesService();
+    expect(svc.getKcpVirtualWorkspaceUrl('orgX', '').toString()).toBe(
+      'https://kcp.example.com/services/contentconfigurations/clusters/root:orgs:orgX',
+    );
+  });
+  it('builds public workspace url with org and account', () => {
+    process.env['BASE_DOMAINS_DEFAULT'] = 'example.com';
+    const svc = new KcpKubernetesService();
+    expect(svc.getKcpWorkspacePublicUrl('org1', 'acc1')).toBe(
+      'https://kcp.api.example.com/clusters/root:orgs:org1:acc1',
+    );
+  });
+  it('builds public workspace url without account', () => {
+    process.env['BASE_DOMAINS_DEFAULT'] = 'example.com';
+    const svc = new KcpKubernetesService();
+    expect(svc.getKcpWorkspacePublicUrl('org1', '')).toBe(
+      'https://kcp.api.example.com/clusters/root:orgs:org1',
+    );
+  });
+});

package/src/portal-options/services/kcp-k8s.service.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { CustomObjectsApi, KubeConfig } from '@kubernetes/client-node';
+import { Injectable } from '@nestjs/common';
+@Injectable()
+export class KcpKubernetesService {
+  private readonly k8sApi: CustomObjectsApi;
+  private readonly baseUrl: URL;
+  constructor() {
+    const kubeConfigKcp = process.env['KUBECONFIG_KCP'];
+    const kc = new KubeConfig();
+    kc.loadFromFile(kubeConfigKcp);
+    // Temporary change to test.
+    kc.addUser({
+      name: 'oidc',
+    });
+    kc.addContext({
+      name: 'oidc',
+      user: 'oidc',
+      cluster: kc.getCurrentCluster()?.name || '',
+    });
+    kc.setCurrentContext('oidc');
+    this.baseUrl = new URL(kc.getCurrentCluster()?.server || '');
+    this.k8sApi = kc.makeApiClient(CustomObjectsApi);
+  }
+  getKcpK8sApiClient() {
+    return this.k8sApi;
+  }
+  private buildWorkspacePath(organization: string, account?: string) {
+    let path = `root:orgs:${organization}`;
+    if (account) {
+      path += `:${account}`; // FIXME: how are nested accounts and paths handled in the portal?
+    }
+    return path;
+  }
+  getKcpVirtualWorkspaceUrl(organization: string, account: string) {
+    const path = this.buildWorkspacePath(organization, account);
+    return new URL(
+      `${this.baseUrl.origin}/services/contentconfigurations/clusters/${path}`,
+    );
+  }
+  getKcpWorkspaceUrl(organization: string, account: string) {
+    const path = this.buildWorkspacePath(organization, account);
+    return new URL(`${this.baseUrl.origin}/clusters/${path}`);
+  }
+  getKcpWorkspacePublicUrl(organization: string, account: string) {
+    const path = this.buildWorkspacePath(organization, account);
+    const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
+    return `https://kcp.api.${baseDomain}/clusters/${path}`;
+  }
+}

package/src/portal-options/services/queries.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { gql } from 'graphql-request';
+export const MUTATION_LOGIN = gql`
+  mutation {
+    login
+  }
+`;

package/src/portal-options/utils/domain.spec.ts ADDED Viewed

@@ -0,0 +1,114 @@
+import { getDiscoveryEndpoint, getOrganization } from './domain.js';
+import type { Request } from 'express';
+describe('getOrganization', () => {
+  const OLD_ENV = process.env;
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = { ...OLD_ENV };
+    process.env.OIDC_CLIENT_ID_DEFAULT = 'default-client';
+    process.env.BASE_DOMAINS_DEFAULT = 'example.com';
+  });
+  afterAll(() => {
+    process.env = OLD_ENV;
+  });
+  const makeReq = (hostname: string): Request =>
+    ({ hostname }) as unknown as Request;
+  it('returns subdomain when hostname is not base domain', () => {
+    const req = makeReq('team1.example.com');
+    expect(getOrganization(req)).toBe('team1');
+  });
+  it('returns client id when hostname equals base domain', () => {
+    const req = makeReq('example.com');
+    expect(getOrganization(req)).toBe('default-client');
+  });
+  it('handles single-label hostname', () => {
+    const req = makeReq('localhost');
+    expect(getOrganization(req)).toBe('localhost');
+  });
+  it('handles multi-level subdomain', () => {
+    const req = makeReq('alpha.beta.example.com');
+    expect(getOrganization(req)).toBe('alpha');
+  });
+  it('reflects updated env values', () => {
+    process.env.OIDC_CLIENT_ID_DEFAULT = 'another-client';
+    process.env.BASE_DOMAINS_DEFAULT = 'corp.example.org';
+    expect(getOrganization(makeReq('corp.example.org'))).toBe('another-client');
+    expect(getOrganization(makeReq('dev.corp.example.org'))).toBe('dev');
+  });
+});
+describe('getDiscoveryEndpoint', () => {
+  const OLD_ENV = process.env;
+  const makeReq = (hostname: string): Request =>
+    ({ hostname }) as unknown as Request;
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = { ...OLD_ENV };
+    process.env.OIDC_CLIENT_ID_DEFAULT = 'default-client';
+    process.env.BASE_DOMAINS_DEFAULT = 'example.com';
+    process.env.DISCOVERY_ENDPOINT =
+      'https://idp.example.com/${org-name}/.well-known/openid-configuration';
+  });
+  afterAll(() => {
+    process.env = OLD_ENV;
+  });
+  it('replaces ${org-name} with subdomain org from hostname', () => {
+    const req = makeReq('team1.example.com');
+    expect(getDiscoveryEndpoint(req)).toBe(
+      'https://idp.example.com/team1/.well-known/openid-configuration',
+    );
+  });
+  it('replaces ${org-name} with default client id when hostname equals base domain', () => {
+    const req = makeReq('example.com');
+    expect(getDiscoveryEndpoint(req)).toBe(
+      'https://idp.example.com/default-client/.well-known/openid-configuration',
+    );
+  });
+  it('uses first label for multi-level subdomains', () => {
+    const req = makeReq('alpha.beta.example.com');
+    expect(getDiscoveryEndpoint(req)).toBe(
+      'https://idp.example.com/alpha/.well-known/openid-configuration',
+    );
+  });
+  it('returns undefined when DISCOVERY_ENDPOINT is not set', () => {
+    delete process.env.DISCOVERY_ENDPOINT;
+    const req = makeReq('team1.example.com');
+    expect(getDiscoveryEndpoint(req)).toBeUndefined();
+  });
+  it('returns template unchanged if it does not contain the placeholder', () => {
+    process.env.DISCOVERY_ENDPOINT = 'https://idp.example.com/fixed-path';
+    const req = makeReq('team1.example.com');
+    expect(getDiscoveryEndpoint(req)).toBe(
+      'https://idp.example.com/fixed-path',
+    );
+  });
+  it('reflects updated env and organization resolution', () => {
+    process.env.BASE_DOMAINS_DEFAULT = 'corp.example.org';
+    process.env.OIDC_CLIENT_ID_DEFAULT = 'corp-default';
+    process.env.DISCOVERY_ENDPOINT = 'https://auth.corp/${org-name}/discovery';
+    expect(getDiscoveryEndpoint(makeReq('corp.example.org'))).toBe(
+      'https://auth.corp/corp-default/discovery',
+    );
+    expect(getDiscoveryEndpoint(makeReq('dev.corp.example.org'))).toBe(
+      'https://auth.corp/dev/discovery',
+    );
+  });
+});

package/src/portal-options/utils/domain.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { Request } from 'express';
+export const getOrganization = (request: Request): string => {
+  const subDomain = request.hostname.split('.')[0];
+  const clientId = process.env['OIDC_CLIENT_ID_DEFAULT'];
+  const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
+  return request.hostname !== baseDomain ? subDomain : clientId;
+};
+export const getDiscoveryEndpoint = (request: Request): string => {
+  const clientId = getOrganization(request);
+  return process.env[`DISCOVERY_ENDPOINT`]?.replace('${org-name}', clientId);
+};

package/tsconfig.build.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": [
+    "node_modules",
+    "dist",
+    "**/*spec.ts",
+    "jest.config.ts",
+    "base.jest.config.ts"
+  ]
+}

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,18 @@
+{
+  "compilerOptions": {
+    "module": "NodeNext",
+    "target": "ESNext",
+    "moduleResolution": "NodeNext",
+    "allowSyntheticDefaultImports": true,
+    "esModuleInterop": true,
+    "resolveJsonModule": true,
+    "outDir": "./dist",
+    "baseUrl": "./",
+    "declaration": true,
+    "removeComments": true,
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "sourceMap": true,
+    "skipLibCheck": true
+  },
+}

package/tsconfig.test.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  "extends": "./tsconfig.json",
+}