@sassoftware/viya-serverjs 0.5.5 → 0.6.1-0

package/src/iService.js

@@ -27,16 +27,15 @@ let NodeCache = require("node-cache-promise");
 let Vision = require('@hapi/vision');
 let inert = require('@hapi/inert');
 let selfsigned = require('selfsigned');
-
-import { log } from 'console';
 import setupAuth from './plugins/setupAuth';
+import readCerts from './readCerts';
 
 let os = require('os');
 
-function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, userInfo) {
+function iService (userRouteTable, useDefault, asset, allAppEnv, serverMode, userCache) {
 	// process.env.APPHOST_ADDR = process.env.APPHOST;
 	const init = async () => {
-
+	
 		if (process.env.APPHOST === '*') {
 			process.env.APPHOST = os.hostname();
 		}
@@ -49,7 +48,7 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 		}
 		let isSameSite = 'None';
 		let isSecure = false;
-
+		
 		if (process.env.SAMESITE != null) {
 			let [s1, s2] = process.env.SAMESITE.split(',');
 			isSameSite = s1;
@@ -58,7 +57,7 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 				isSecure = false;
 			}
 		}
-
+	
 
 		let sConfig = {
 			port: process.env.APPPORT,
@@ -66,19 +65,19 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 
 			state: {
 				isSameSite: isSameSite,
-				isSecure: isSecure,
+				isSecure  : isSecure,
 
 			},
-
+	
 
 			routes: {
 				payload: {
 					maxBytes: maxBytes
 				},
 				cors: {
-					origin: ['*'],
+					origin     : ['*'],
 					credentials: true,
-
+					
 					"headers": ["Accept", "Authorization", "Content-Type", "If-None-Match", "Accept-language"]
 					/*
 					'Access-Control-Allow-Methods': ['GET', 'POST', 'OPTIONS'],
@@ -86,21 +85,21 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 					additionalExposedHeaders      : ['location'],
 					*/
 				}
-
+				
 			},
 		};
 		if (process.env.HAPIDEBUG === 'YES') {
-			sConfig.debug = { request: '*' ,log: '*'};
+			sConfig.debug = { request: '*' };
 		}
-		debug(JSON.stringify(sConfig, null, 4));
+		debug(JSON.stringify(sConfig, null,4));
 		if (process.env.HTTPS === 'true') {
-			sConfig.tls = await getCertificates();
+			sConfig.tls = getCertificates();
 			debug('Setup of SSL certificates completed');
 		} else {
 			debug('Running with no SSL certificates');
 		}
 		if (asset !== null) {
-			sConfig.routes.files = { relativeTo: asset };
+			sConfig.routes.files= { relativeTo: asset };
 		}
 
 		debug2(
@@ -118,10 +117,10 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 		*/
 
 		let nodeCacheOptions = {
-			stdTTL: 24 * 60 * 60 * 1000,
-			checkPeriod: 3600,
+			stdTTL        : 24*60*60*1000, 
+			checkPeriod   : 3600,
 			errorOnMissing: true,
-			useClones: false,
+			useClones     : false,
 			deleteOnExpire: true,
 		};
 		let storeCache = new NodeCache(nodeCacheOptions);
@@ -129,9 +128,9 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 
 		// common plugins
 		let visionOptions = {
-			engines: { html: require('handlebars') },
+			engines   : { html: require('handlebars') },
 			relativeTo: __dirname,
-			path: '.',
+			path      : '.',
 		};
 		await hapiServer.register(Vision);
 		hapiServer.views(visionOptions);
@@ -140,100 +139,56 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 			await hapiServer.register({ plugin: require('hapi-require-https'), options: {} });
 		}
 		// register H202 for proxy handling
-		// https://hapi.dev/module/h2o2/api/?v=10.0.1
-
 		await hapiServer.register(H202);
-		/*
-		await hapiServer.register({
-			plugin : require('hapi-pino'),
-			options: {
-				prettyPrint: process.env.NODE_ENV !== 'production',
-				level      : process.env.LOGLEVEL == null ? 'silent' : process.env.LOGLEVEL,
-			},
-		});
-		*/
 
-		//
+		
 		// setup authentication related plugins
-
+		
 		let options = {
-			serverMode: serverMode,
-			authFlow: process.env.AUTHFLOW,
-			host: process.env.VIYA_SERVER,
-			useLogon: (process.env.USELOGON != null && process.env.USELOGON.toUpperCase() === 'FALSE') ? false : true,
-			isSameSite: isSameSite,
-			isSecure: isSecure,
-			ns: (allAppEnv.LOGONPAYLOAD != null) ? allAppEnv.LOGONPAYLOAD.ns : null,
-			nsHost: (allAppEnv.LOGONPAYLOAD != null) ? allAppEnv.LOGONPAYLOAD.nsHost : null,
-			redirect: process.env.REDIRECT,
-			clientId: process.env.CLIENTID,
-			clientSecret: process.env.CLIENTSECRET,
-			pkce: allAppEnv.LOGONPAYLOAD.pkce,
-			redirectTo: `/${process.env.APPNAME}/logon`,
-			allAppEnv: allAppEnv,
-			useHapiCookie: true,
-			appName: process.env.APPNAME,
-			appHost: process.env.APPHOST,
-			appPort: process.env.APPPORT,
+			serverMode    : serverMode,
+			authFlow      : process.env.AUTHFLOW,
+			host          : process.env.VIYA_SERVER,
+			isSameSite    : isSameSite,
+			isSecure      : isSecure,
+			ns            : (allAppEnv.LOGONPAYLOAD != null) ? allAppEnv.LOGONPAYLOAD.ns : null,
+			nsHost        : (allAppEnv.LOGONPAYLOAD != null) ? allAppEnv.LOGONPAYLOAD.nsHost : null,
+			redirect      : process.env.REDIRECT,
+			clientId      : process.env.CLIENTID,
+			clientSecret  : process.env.CLIENTSECRET,
+			redirectTo    : `/${process.env.APPNAME}/logon`,
+			allAppEnv     : allAppEnv,
+			useHapiCookie : true,
+			appName       : process.env.APPNAME,
+			appHost       : process.env.APPHOST,
+			appPort       : process.env.APPPORT,
 			userRouteTable: userRouteTable,
-			useDefault: useDefault, /* not used - left here for potential reuse */
-			userInfo: userInfo,
-			https: process.env.HTTPS,
-			authDefault: false, /* set later in setDefaultRoutes */
-			authLogon: false  /* set later in setDefaultRoutes */
+			useDefault    : useDefault, /* not used - left here for potential reuse */
+			userCache      : userCache ||{},
+			https         : process.env.HTTPS,
+			authDefault   : false, /* set later in setDefaultRoutes */
+            authLogon     : false  /* set later in setDefaultRoutes */
 
 		};
-
-		debug2('Options', options);
+		
+		debug2('Options',options);
 		if (process.env.AUTHFLOW != null) {
-			await setupAuth(hapiServer, options);
-			if (process.env.PREAUTH === 'YES') {
+				await setupAuth(hapiServer, options);
+				if (process.env.PREAUTH === 'YES') {
 				console.log('Preauth enabled');
 				hapiServer.ext('onPreAuth', (request, h) => {
 					debugger;
 					if (!request.auth.isAuthenticated && !request.path.startsWith(`/login`)) {
-						const redirectTo = `${request.path}?${new URLSearchParams(request.query).toString()}`;
-						console.log('Redirect to login', { redirectTo });
-						debugger;
-						return h.redirect(`/login`).takeover();
+							const redirectTo = `${request.path}?${new URLSearchParams(request.query).toString()}`;
+							console.log('Redirect to login', {redirectTo});
+							debugger;
+							return h.redirect(`/login`).takeover();
 					}
 					return h.continue;
 				});
 			}
 		}
 		console.log('Plugin', process.env.PLUGIN);
-
-		if (process.env.PLUGIN === 'hapi-swagger' && serverMode === 'api') {
-			let swaggerOptions = {
-				"info": {
-					"title": `API for ${process.env.APPNAME}`,
-					"version": "0.0.1",
-					"description": "This document was auto-generated at run time"
-				},
-				"schemes": ["http", "https"],
-				"cors": true,
-				"debug": true,
-				"jsonPath": `/${options.appName}/swagger.json`,
-				"jsonRoutePath": `/${options.appName}/swagger.json`,
-				"documentationPage": true,
-				"documentationPath": `/${options.appName}/documentation`,
-				"swaggerUI": true,
-				"swaggerUIPath": `/${options.appName}/swaggerui`,
-				auth: options.authDefault
-			};
-
-			if (userInfo != null) {
-				let override = userInfo(options, 'SWAGGEROPTIONS');
-				swaggerOptions = { ...swaggerOptions, ...override };
-			}
-
-			debug('Swagger Options:', swaggerOptions);
-			await hapiServer.register({ plugin: serverMode, options: swaggerOptions });
-		} else if (process.env.PLUGIN == 'hapi-openapi' && serverMode === 'api') {
-			console.log('hapi-openapi', 'coming soon');
-		}
-
-
+		
 		//
 		// Start server
 		//
@@ -248,7 +203,7 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 			options.serverMode === 'app'
 				? `Visit ${hh}/${process.env.APPNAME} to access application`
 				: `Visit ${hh}/${process.env.APPNAME}/api to access swagger`;
-		console.log('\x1b[1m%s\x1b[0m', msg);
+		console.log('\x1b[1m%s\x1b[0m',msg);
 		console.log('NOTE: If running in container use the exported port');
 		process.env.APPSERVER = `${hh}/${process.env.APPNAME}`;
 		process.env.HEALTH = 'true';
@@ -262,121 +217,75 @@ function iService(userRouteTable, useDefault, asset, allAppEnv, serverMode, user
 	init();
 }
 
-async function getCertificates() {
-
-	let options = null;
+function getCertificates () {
 	let tlsdir = process.env.SSLCERT;
-	console.log('Reading SSL certificates from ', tlsdir);
-	if (tlsdir != null && tlsdir.trim().length > 0) {
-		options = readTLS(tlsdir);
-		options.rejectUnauthorized = true;
-	} else {
+    let options = readCerts(tlsdir);
+	if (options === null){
 		console.log('No SSL certificates found, generating self-signed certificates');
-		options = await getTls();
-		options.rejectUnauthorized = false;
-	}
-	return options;
-}
-
-function readTLS(tlsdir) {
-	console.log("[Note] Using TLS dir: " + tlsdir);
-	if (fs.existsSync(tlsdir) === false) {
-		console.log("[Warning] Specified TLS dir does not exist: " + tlsdir);
-		return null;
+		options = getTls();
+		options.rejectUnauthorized= false;
 	}
-
-	let listOfFiles = fs.readdirSync(tlsdir);
-	console.log("[Note] TLS/SSL files found: " + listOfFiles);
-	let options = {};
-	for (let i = 0; i < listOfFiles.length; i++) {
-		let fname = listOfFiles[i];
-		let name = tlsdir + '/' + listOfFiles[i];
-		let key = fname.split('.')[0];
-		options[key] = fs.readFileSync(name, { encoding: 'utf8' });
-	}
-	console.log('TLS FILES', Object.keys(options));
 	return options;
-
 }
 
-async function getTls() {
+function getTls () {
 	let options = {
-		keySize: 2048,
-		days: 360,
-		algorithm: "sha256",
+		keySize          : 2048,
+		days             : 360,
+		algorithm        : "sha256",
 		clientCertificate: true,
-		extensions: {},
+		extensions       : {}, 
 	};
 	let subjt = process.env.TLS_CREATE.replaceAll('"', '').trim();
-	let subj = subjt.split(',');
-
+	let subj  = subjt.split(',');
+	
 	let d = {};
 	subj.map(c => {
 		let r = c.split(':');
-		d[r[0]] = r[1];
-		return { value: r[1] };
+		d[ r[ 0 ] ] = r[ 1 ];
+		return {  value: r[ 1 ] };
 	});
 
 	//  TLS_CREATE=C:US,ST:NC,L:Cary,O:SAS Institute,OU:STO,CN:localhost,ALT:na.sas.com
 	let attr = [
 		{
-			name: 'commonName',
+			name : 'commonName',
 			value: d.CN /*process.env.APPHOST*/,
 		},
 		{
-			name: 'countryName',
+			name : 'countryName',
 			value: d.C
 		}, {
 			shortName: 'ST',
-			value: d.ST
+			value    : d.ST
 		}, {
-			name: 'localityName',
+			name : 'localityName',
 			value: d.L,
 		}, {
-			name: 'organizationName',
+			name : 'organizationName',
 			value: d.O
 		},
 		{
 			shortName: 'OU',
-			value: d.OU
+			value    : d.OU
 		}
 	];
-	/*
-		options.extensions.altNames = [
-			//	{ type: 6, value: `http://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}` },
-			{ type: 6, value: `https://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}` },
-			{ type: 6, value: `https://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}/api` },
-			{ type: 6, value: `https://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}/logon` },
-			{ type: 6, value: `https://${process.env.APPHOST}/${process.env.APPNAME}` },
-			{ type: 6, value: `https://${process.env.APPHOST}/${process.env.APPNAME}/api` },
-			{ type: 6, value: `https://${process.env.APPHOST}/${process.env.APPNAME}/logon` },
-		];
-		
-		options.extensions.altNames = [
-			  { type: 2, value: 'localhost' },     // DNS
-			  { type: 7, ip: '127.0.0.1' },        // IPv4
-			  { type: 7, ip: '::1' }               // IPv6
-			];
-	*/
-	options.extensions = [
-		{
-			name: 'subjectAltName',
-			altNames: [
-				{ type: 2, value: 'localhost' },     // DNS
-				{ type: 7, ip: '127.0.0.1' },        // IPv4
-				{ type: 7, ip: '::1' }               // IPv6
-
-			]
-		}
 
+	options.extensions.altNames = [
+		//	{ type: 6, value: `http://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}` },
+		{ type: 6, value: `https://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}` },
+		{ type: 6, value: `https://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}/api` },
+		{ type: 6, value: `https://${process.env.APPHOST}:${process.env.APPPORT}/${process.env.APPNAME}/logon` },
+		{ type: 6, value: `https://${process.env.APPHOST}/${process.env.APPNAME}` },
+		{ type: 6, value: `https://${process.env.APPHOST}/${process.env.APPNAME}/api` },
+		{ type: 6, value: `https://${process.env.APPHOST}/${process.env.APPNAME}/logon` },
 	];
-	console.log('tls options ', JSON.stringify(options, null, 4));
+	debug('tls options ', JSON.stringify(options, null,4));
 	let pems = selfsigned.generate(attr, options);
 	let tls = {
 		cert: pems.cert,
-		key: pems.private
+		key : pems.private
 	};
-	console.log('Self-signed certificates created', tls);
 	return tls;
 
 

package/src/index.js

@@ -21,6 +21,7 @@ import "regenerator-runtime/runtime";
 import fs from "fs";
 import iService from "./iService";
 import config from "./config";
+import  readCerts from './readCerts';
 import yargs from "yargs";
 import { hideBin } from 'yargs/helpers';
 let debug = require("debug")("startup");
@@ -30,10 +31,10 @@ module.exports = function core(
   useDefault,
   serverMode,
   customize,
-  swaggerfcn
+  userCache
 ) {
   let argv = yargs(hideBin(process.argv)).argv;
-  let env = argv.env == null ? '.env' : argv.env;
+  let env = argv.env == null ? null : argv.env;
   let appenv = argv.appenv == null ? null : argv.appenv;
   let docker = argv.docker == null ? null : argv.docker;
   //process.env.SERVERMODE = serverMode !== null ? "api" : "app";
@@ -55,7 +56,7 @@ module.exports = function core(
           `
   );
 
-  iapp(null, env, docker, uTable, useDefault, serverMode, customize);
+  iapp(null, env, docker, uTable, useDefault, serverMode, customize,userCache);
 };
 
 function iapp(
@@ -65,7 +66,8 @@ function iapp(
   uTable,
   useDefault,
   serverMode,
-  customize
+  customize,
+  userCache
 ) {
   let asset = setup(rafEnv, dockerFile);
   if (appSrc == null) {
@@ -79,12 +81,12 @@ function iapp(
         console.log("createPayload failed");
         process.exit(1);
       } else {
-        iService(uTable, useDefault, asset, r, serverMode, customize);
+        iService(uTable, useDefault, asset, r, serverMode, customize, userCache);
       }
     });
   } else {
     let appEnv = getAllEnv({});
-    iService(uTable, useDefault, asset, appEnv, serverMode, customize);
+    iService(uTable, useDefault, asset, appEnv, serverMode, customize, userCache);
   }
 }
 
@@ -115,7 +117,7 @@ function createPayload(srcName, cb) {
   }
 }
 
-function getAllEnv(userData) {
+function getAllEnv(userInfo) {
   let env;
   let l = null;
   let host = trimit("VIYA_SERVER");
@@ -124,15 +126,20 @@ function getAllEnv(userData) {
     host = null;
   }
 
+  /*
+  if (process.env.AUTHTYPE != null) {
+    process.env.AUTHFLOW = process.env.AUTHTYPE;
+  }
+    */ 
 
   let authflow = trimit("AUTHFLOW");
-  let pkce = (authflow === "pkce") ? true : false;
-  if (authflow === "authorization_code" || authflow === "code" || authflow === "server" ||
-      authflow === "null" || authflow === "pkce") { 
+  if (authflow === "authorization_code" || authflow === "code") {
     authflow = "server";
-    
   } 
 
+  if (authflow === null) {
+    host = null;
+  }
 
   if (host === null) {
     authflow = null;
@@ -146,7 +153,7 @@ function getAllEnv(userData) {
   let clientID = trimit("CLIENTID");
 
   // eslint-disable-next-line no-unused-vars
-  //let clientSecret = trimit("CLIENTSECRET");
+  let clientSecret = trimit("CLIENTSECRET");
   let keepAlive = trimit("KEEPALIVE");
   let appName = trimit("APPNAME");
   let ns = trimit("NAMESPACE");
@@ -159,7 +166,6 @@ function getAllEnv(userData) {
     host: host,
     clientID: clientID,
     appName: appName,
-    pkce: pkce,
 
     keepAlive: null,
     useToken: process.env.USETOKEN,
@@ -219,17 +225,18 @@ for (let key in process.env) {
       if (v.startsWith('$')) {
         v = process.env[v.substring(1)];
       }
-      userData[k] = (v != null) ? v.trim() : null;
+      userInfo[k] = (v != null) ? v.trim() : null;
     } else {
-      userData[k] = null;
+      userInfo[k] = null;
 
     }
   }
 }
-userData.APPNAME = l.appName;
+userInfo.viyaCert = readCerts(process.env.VIYACERT);
+userInfo.appName = appName;
 env = {
   LOGONPAYLOAD: l,
-  APPENV: userData,
+  APPENV: userInfo,
 };
 console.log("Final APPENV configuration for the server");
 console.log(JSON.stringify(env, null, 4));
@@ -245,3 +252,9 @@ function trimit(e) {
   a = a.trim();
   return a.length === 0 ? null : a;
 }
+
+function readVIYACERT(){
+  let certs = null;
+  let certfile = process.env.VIYACERT;
+
+}

package/src/plugins/SASauth.js

@@ -60,23 +60,16 @@ async function iSASauth (server, options) {
        
         
     };
-    // Reference: https://github.com/hapijs/bell/blob/master/lib/oauth.js
-    // for some reason the bell doc is out of date on pkce
     
-    console.log('pkce', options.pkce);
-    if (options.pkce === true) {
-        provider.pkce = 'S256';
-    }
     bellAuthOptions = {
         provider    : provider,
         password    : uuid.v4(),
         clientId    : options.clientId,
-        clientSecret: (options.clientSecret == null) ? '' : options.clientSecret,
+        clientSecret: options.clientSecret,
         //   isSameSite  : options.isSameSite,
         isSecure    : options.isSecure
     };
-    
-   
+    // console.log('SASAuth options', bellAuthOptions);
     debug('belloptions', bellAuthOptions);
     server.log('SASAuth',bellAuthOptions);
     await server.register(bell);

package/src/plugins/appCookie.js

@@ -7,7 +7,7 @@ module.exports = async function appCookie (server, options){
     await server.register(require('@hapi/cookie'));
     
     debug('in appCookie');
-    debug('redirecTo', options.redirectTo);
+    debug(options.redirectTo);
     let cookieOptions = {
         cookie: {
             name      : 'cookie',
@@ -17,9 +17,8 @@ module.exports = async function appCookie (server, options){
         },
         redirectTo  : options.redirectTo,
         appendNext  : {name: 'next'},
-        validate: async (req, session) => {
-            debugger;
-            debug('Cookie validate', `path - ${req.path}`);
+        validate    : async (req, session) => {
+            debug('Cookie validateFunc', `path - ${req.path}`);
             
             if (session == null) {
                 console.log('session is null');
@@ -39,7 +38,7 @@ module.exports = async function appCookie (server, options){
             if (credentials == null) {
                 return {isValid: false};
             }
-            debug('Cookie validate', sid);
+            debug('Cookie validateFunc', sid);
             return {isValid: true, credentials: credentials};
         }
     };

package/src/plugins/setContext.js

@@ -19,7 +19,8 @@
 
 async function setContext (req,h){
    let credentials = req.auth.credentials;
-   console.log('+++++++++++++++++++setContext', credentials != null);
+   console.log('in setContext');
+   console.log('credentials=', credentials);
    let context = {
         path   : req.path,
         params : req.params,
@@ -27,9 +28,9 @@ async function setContext (req,h){
         payload: req.payload,
         queryOrig: (credentials != null) ? credentials.query : {},
         token  : (credentials != null) ? `bearer ${credentials.token}` : null,
+        credentials: credentials,
         host   : process.env.VIYA_SERVER
         };
-
     return context;
 }
 export default setContext;