k2hr3-api 1.0.37 → 1.0.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ChangeLog +12 -0
- package/README.md +31 -31
- package/app.js +6 -10
- package/bin/run.sh +21 -21
- package/bin/www +1 -1
- package/config/k2hr3-init.sh.templ +5 -5
- package/eslint.config.mjs +68 -0
- package/lib/cacerts.js +8 -7
- package/lib/dummyuserapi.js +1 -1
- package/lib/ipwatch.js +1 -1
- package/lib/k2hr3acrutil.js +12 -14
- package/lib/k2hr3apiutil.js +5 -5
- package/lib/k2hr3cryptutil.js +2 -0
- package/lib/k2hr3dkc.js +25 -28
- package/lib/k2hr3template.js +54 -52
- package/lib/k2hr3tokens.js +4 -4
- package/lib/k8soidc.js +3 -3
- package/lib/openstackapiv2.js +51 -52
- package/lib/openstackapiv3.js +86 -87
- package/lib/openstackep.js +46 -46
- package/package.json +8 -8
- package/routes/acr.js +66 -110
- package/routes/debugVerify.js +12 -14
- package/routes/extdata.js +24 -40
- package/routes/list.js +24 -36
- package/routes/policy.js +72 -120
- package/routes/resource.js +110 -165
- package/routes/role.js +177 -295
- package/routes/service.js +54 -90
- package/routes/userTokens.js +1 -1
- package/routes/userdata.js +12 -20
- package/routes/version.js +39 -23
- package/tests/auto_control_subprocess.sh +9 -9
- package/tests/auto_init_config_json.sh +3 -3
- package/tests/auto_resource.js +417 -478
- package/tests/auto_role.js +55 -71
- package/tests/auto_template.sh +4 -4
- package/tests/auto_version.js +39 -23
- package/tests/k2hdkc_test_load.sh +9 -9
- package/tests/k2hr3template_test.sh +12 -12
- package/tests/k2hr3template_test_vars.js +60 -62
- package/tests/manual_acr_delete.js +11 -12
- package/tests/manual_acr_get.js +9 -10
- package/tests/manual_acr_postput.js +12 -13
- package/tests/manual_extdata_get.js +5 -6
- package/tests/manual_list_gethead.js +12 -13
- package/tests/manual_policy_delete.js +12 -13
- package/tests/manual_policy_gethead.js +27 -27
- package/tests/manual_policy_postput.js +21 -23
- package/tests/manual_resource_delete.js +11 -15
- package/tests/manual_resource_gethead.js +11 -14
- package/tests/manual_resource_postput.js +18 -21
- package/tests/manual_role_delete.js +22 -28
- package/tests/manual_role_gethead.js +53 -53
- package/tests/manual_role_postput.js +28 -31
- package/tests/manual_service_delete.js +11 -13
- package/tests/manual_service_gethead.js +13 -15
- package/tests/manual_service_postput.js +10 -11
- package/tests/manual_test.sh +10 -10
- package/tests/manual_userdata_get.js +14 -15
- package/tests/manual_usertoken_gethead.js +12 -14
- package/tests/manual_usertoken_postput.js +23 -26
- package/tests/manual_version_get.js +12 -13
- package/tests/run_local_test_k2hdkc.sh +4 -4
- package/tests/test.sh +12 -12
package/routes/acr.js
CHANGED
|
@@ -110,12 +110,10 @@ router.post('/', function(req, res, next) // eslint-disable-line no-unuse
|
|
|
110
110
|
if( !apiutil.isSafeEntity(req) ||
|
|
111
111
|
!apiutil.isSafeEntity(req.baseUrl) )
|
|
112
112
|
{
|
|
113
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
114
113
|
result = {
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
114
|
+
result: false,
|
|
115
|
+
message: 'POST request is wrong'
|
|
116
|
+
};
|
|
119
117
|
|
|
120
118
|
r3logger.elog(result.message);
|
|
121
119
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -143,12 +141,10 @@ router.post('/', function(req, res, next) // eslint-disable-line no-unuse
|
|
|
143
141
|
if( !apiutil.isSafeEntity(req.body) ||
|
|
144
142
|
!apiutil.isSafeString(req.body.tenant) )
|
|
145
143
|
{
|
|
146
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
147
144
|
result = {
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
145
|
+
result: false,
|
|
146
|
+
message: 'Specified unscoped user token, but there is not tenant in body data.'
|
|
147
|
+
};
|
|
152
148
|
r3logger.elog(result.message);
|
|
153
149
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
154
150
|
return;
|
|
@@ -157,12 +153,10 @@ router.post('/', function(req, res, next) // eslint-disable-line no-unuse
|
|
|
157
153
|
// get user's tenant list
|
|
158
154
|
var tenant_list = r3token.getTenantList(token_info.user);
|
|
159
155
|
if(null === tenant_list || apiutil.isEmptyArray(tenant_list)){
|
|
160
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
161
156
|
result = {
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
157
|
+
result: false,
|
|
158
|
+
message: 'token(' + token_result.token + ') for user (' + token_info.user + ') does not have any tenant.'
|
|
159
|
+
};
|
|
166
160
|
r3logger.elog(result.message);
|
|
167
161
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
168
162
|
return;
|
|
@@ -170,12 +164,10 @@ router.post('/', function(req, res, next) // eslint-disable-line no-unuse
|
|
|
170
164
|
|
|
171
165
|
// check tenant
|
|
172
166
|
if(!r3token.checkTenantInTenantList(tenant_list, req.body.tenant.toLowerCase())){
|
|
173
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
174
167
|
result = {
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
168
|
+
result: false,
|
|
169
|
+
message: 'user (' + token_info.user + ') is not member of tenant(' + req.body.tenant + ').'
|
|
170
|
+
};
|
|
179
171
|
r3logger.elog(result.message);
|
|
180
172
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
181
173
|
return;
|
|
@@ -190,12 +182,10 @@ router.post('/', function(req, res, next) // eslint-disable-line no-unuse
|
|
|
190
182
|
apiutil.isSafeString(req.body.tenant) )
|
|
191
183
|
{
|
|
192
184
|
if(!apiutil.compareCaseString(token_info.tenant, req.body.tenant)){
|
|
193
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
194
185
|
result = {
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
186
|
+
result: false,
|
|
187
|
+
message: 'Specified scoped user token and tenant in body data, but these are not same tenant name.'
|
|
188
|
+
};
|
|
199
189
|
r3logger.elog(result.message);
|
|
200
190
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
201
191
|
return;
|
|
@@ -210,12 +200,10 @@ router.post('/', function(req, res, next) // eslint-disable-line no-unuse
|
|
|
210
200
|
var requestptn = new RegExp('^/v1/acr/(.*)'); // regex = /^\/v1\/acr\/(.*)/
|
|
211
201
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
212
202
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 2 || '' === apiutil.getSafeString(reqmatchs[1])){
|
|
213
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
214
203
|
result = {
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
204
|
+
result: false,
|
|
205
|
+
message: 'POST request url does not have service name'
|
|
206
|
+
};
|
|
219
207
|
|
|
220
208
|
r3logger.elog(result.message);
|
|
221
209
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -262,12 +250,10 @@ router.put('/', function(req, res, next) // eslint-disable-line no-unused
|
|
|
262
250
|
if( !apiutil.isSafeEntity(req) ||
|
|
263
251
|
!apiutil.isSafeEntity(req.baseUrl) )
|
|
264
252
|
{
|
|
265
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
266
253
|
result = {
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
254
|
+
result: false,
|
|
255
|
+
message: 'PUT request is wrong'
|
|
256
|
+
};
|
|
271
257
|
|
|
272
258
|
r3logger.elog(result.message);
|
|
273
259
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -295,12 +281,10 @@ router.put('/', function(req, res, next) // eslint-disable-line no-unused
|
|
|
295
281
|
if( !apiutil.isSafeEntity(req.query) ||
|
|
296
282
|
!apiutil.isSafeString(req.query.tenant) )
|
|
297
283
|
{
|
|
298
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
299
284
|
result = {
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
285
|
+
result: false,
|
|
286
|
+
message: 'Specified unscoped user token, but there is not tenant in argument.'
|
|
287
|
+
};
|
|
304
288
|
r3logger.elog(result.message);
|
|
305
289
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
306
290
|
return;
|
|
@@ -309,12 +293,10 @@ router.put('/', function(req, res, next) // eslint-disable-line no-unused
|
|
|
309
293
|
// get user's tenant list
|
|
310
294
|
var tenant_list = r3token.getTenantList(token_info.user);
|
|
311
295
|
if(null === tenant_list || apiutil.isEmptyArray(tenant_list)){
|
|
312
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
313
296
|
result = {
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
297
|
+
result: false,
|
|
298
|
+
message: 'token(' + token_result.token + ') for user (' + token_info.user + ') does not have any tenant.'
|
|
299
|
+
};
|
|
318
300
|
r3logger.elog(result.message);
|
|
319
301
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
320
302
|
return;
|
|
@@ -322,12 +304,10 @@ router.put('/', function(req, res, next) // eslint-disable-line no-unused
|
|
|
322
304
|
|
|
323
305
|
// check tenant
|
|
324
306
|
if(!r3token.checkTenantInTenantList(tenant_list, req.query.tenant.toLowerCase())){
|
|
325
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
326
307
|
result = {
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
308
|
+
result: false,
|
|
309
|
+
message: 'user (' + token_info.user + ') is not member of tenant(' + req.query.tenant + ').'
|
|
310
|
+
};
|
|
331
311
|
r3logger.elog(result.message);
|
|
332
312
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
333
313
|
return;
|
|
@@ -342,12 +322,10 @@ router.put('/', function(req, res, next) // eslint-disable-line no-unused
|
|
|
342
322
|
apiutil.isSafeString(req.body.tenant) )
|
|
343
323
|
{
|
|
344
324
|
if(!apiutil.compareCaseString(token_info.tenant, req.body.tenant)){
|
|
345
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
346
325
|
result = {
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
326
|
+
result: false,
|
|
327
|
+
message: 'Specified scoped user token and tenant in body data, but these are not same tenant name.'
|
|
328
|
+
};
|
|
351
329
|
r3logger.elog(result.message);
|
|
352
330
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
353
331
|
return;
|
|
@@ -362,12 +340,10 @@ router.put('/', function(req, res, next) // eslint-disable-line no-unused
|
|
|
362
340
|
var requestptn = new RegExp('^/v1/acr/(.*)'); // regex = /^\/v1\/acr\/(.*)/
|
|
363
341
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
364
342
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 2 || '' === apiutil.getSafeString(reqmatchs[1])){
|
|
365
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
366
343
|
result = {
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
344
|
+
result: false,
|
|
345
|
+
message: 'PUT request url does not have service name'
|
|
346
|
+
};
|
|
371
347
|
|
|
372
348
|
r3logger.elog(result.message);
|
|
373
349
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -404,12 +380,10 @@ function rawGetServiceTenantNames(req, res)
|
|
|
404
380
|
if( !apiutil.isSafeEntity(req) ||
|
|
405
381
|
!apiutil.isSafeEntity(req.baseUrl) )
|
|
406
382
|
{
|
|
407
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
408
383
|
result = {
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
384
|
+
result: false,
|
|
385
|
+
message: 'GET request or url is wrong'
|
|
386
|
+
};
|
|
413
387
|
|
|
414
388
|
r3logger.elog(result.message);
|
|
415
389
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -440,12 +414,10 @@ function rawGetServiceTenantNames(req, res)
|
|
|
440
414
|
var requestptn = new RegExp('^/v1/acr/(.*)'); // regex = /^\/v1\/acr\/(.*)/
|
|
441
415
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
442
416
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 2 || '' === apiutil.getSafeString(reqmatchs[1])){
|
|
443
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
444
417
|
result = {
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
418
|
+
result: false,
|
|
419
|
+
message: 'PUT request url does not have service name'
|
|
420
|
+
};
|
|
449
421
|
|
|
450
422
|
r3logger.elog(result.message);
|
|
451
423
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -459,12 +431,10 @@ function rawGetServiceTenantNames(req, res)
|
|
|
459
431
|
result = k2hr3.checkTenantInService(servicename, token_info.tenant);
|
|
460
432
|
if(!apiutil.isSafeEntity(result) || !apiutil.isSafeEntity(result.result) || false === result.result){
|
|
461
433
|
if(!apiutil.isSafeEntity(result)){
|
|
462
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
463
434
|
result = {
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
435
|
+
result: false,
|
|
436
|
+
message: 'Could not get service data from checkTenantInService'
|
|
437
|
+
};
|
|
468
438
|
}else{
|
|
469
439
|
if(!apiutil.isSafeEntity(result.result)){
|
|
470
440
|
result.result = false;
|
|
@@ -516,12 +486,10 @@ function rawGetServiceTenantResources(req, res)
|
|
|
516
486
|
!apiutil.isSafeString(req.query.crole) ||
|
|
517
487
|
!apiutil.isSafeString(req.query.srole) )
|
|
518
488
|
{
|
|
519
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
520
489
|
result = {
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
490
|
+
result: false,
|
|
491
|
+
message: 'GET request or parameters are wrong'
|
|
492
|
+
};
|
|
525
493
|
|
|
526
494
|
r3logger.elog(result.message);
|
|
527
495
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -546,12 +514,10 @@ function rawGetServiceTenantResources(req, res)
|
|
|
546
514
|
var requestptn = new RegExp('^/v1/acr/(.*)'); // regex = /^\/v1\/acr\/(.*)/
|
|
547
515
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
548
516
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 2 || '' === apiutil.getSafeString(reqmatchs[1])){
|
|
549
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
550
517
|
result = {
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
518
|
+
result: false,
|
|
519
|
+
message: 'PUT request url does not have service name'
|
|
520
|
+
};
|
|
555
521
|
|
|
556
522
|
r3logger.elog(result.message);
|
|
557
523
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -565,12 +531,10 @@ function rawGetServiceTenantResources(req, res)
|
|
|
565
531
|
result = k2hr3.getServiceTenantResources(servicename, sip, sport, scuk, req.query.srole, req.query.cip, cport, ccuk, req.query.crole);
|
|
566
532
|
if(!apiutil.isSafeEntity(result) || !apiutil.isSafeEntity(result.result) || false === result.result){
|
|
567
533
|
if(!apiutil.isSafeEntity(result)){
|
|
568
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
569
534
|
result = {
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
535
|
+
result: false,
|
|
536
|
+
message: 'Could not get ACR resources from getServiceTenantResources'
|
|
537
|
+
};
|
|
574
538
|
}else{
|
|
575
539
|
if(!apiutil.isSafeEntity(result.result)){
|
|
576
540
|
result.result = false;
|
|
@@ -681,12 +645,10 @@ router.delete('/', function(req, res, next) // eslint-disable-line no-unu
|
|
|
681
645
|
if( !apiutil.isSafeEntity(req) ||
|
|
682
646
|
!apiutil.isSafeEntity(req.baseUrl) )
|
|
683
647
|
{
|
|
684
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
685
648
|
result = {
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
649
|
+
result: false,
|
|
650
|
+
message: 'DELETE request or url is wrong'
|
|
651
|
+
};
|
|
690
652
|
|
|
691
653
|
r3logger.elog(result.message);
|
|
692
654
|
resutil.errResponse(req, res, 400); // 400: Bad Request
|
|
@@ -708,12 +670,10 @@ router.delete('/', function(req, res, next) // eslint-disable-line no-unu
|
|
|
708
670
|
if( !apiutil.isSafeString(token_result.token_info.tenant) ||
|
|
709
671
|
!apiutil.isSafeString(token_result.token_info.user) )
|
|
710
672
|
{
|
|
711
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
712
673
|
result = {
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
674
|
+
result: false,
|
|
675
|
+
message: 'specified wrong token or it is not scoped user token'
|
|
676
|
+
};
|
|
717
677
|
|
|
718
678
|
r3logger.elog(result.message);
|
|
719
679
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -728,12 +688,10 @@ router.delete('/', function(req, res, next) // eslint-disable-line no-unu
|
|
|
728
688
|
var requestptn = new RegExp('^/v1/acr/(.*)'); // regex = /^\/v1\/acr\/(.*)/
|
|
729
689
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
730
690
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 2 || '' === apiutil.getSafeString(reqmatchs[1])){
|
|
731
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
732
691
|
result = {
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
692
|
+
result: false,
|
|
693
|
+
message: 'DELETE request url does not have service name'
|
|
694
|
+
};
|
|
737
695
|
|
|
738
696
|
r3logger.elog(result.message);
|
|
739
697
|
resutil.errResponse(req, res, 400, result); // 400: Bad Request
|
|
@@ -747,12 +705,10 @@ router.delete('/', function(req, res, next) // eslint-disable-line no-unu
|
|
|
747
705
|
result = k2hr3.removeServiceTenant(user, tenantname, servicename);
|
|
748
706
|
if(!apiutil.isSafeEntity(result) || !apiutil.isSafeEntity(result.result) || false === result.result){
|
|
749
707
|
if(!apiutil.isSafeEntity(result)){
|
|
750
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
751
708
|
result = {
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
709
|
+
result: false,
|
|
710
|
+
message: 'Could not get response from removeServiceTenant'
|
|
711
|
+
};
|
|
756
712
|
}else{
|
|
757
713
|
if(!apiutil.isSafeEntity(result.result)){
|
|
758
714
|
result.result = false;
|
package/routes/debugVerify.js
CHANGED
|
@@ -137,20 +137,18 @@ router.get('/', function(req, res, next)
|
|
|
137
137
|
//
|
|
138
138
|
// Make request data
|
|
139
139
|
//
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
};
|
|
153
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
140
|
+
var headers = {
|
|
141
|
+
'Content-Type': 'application/json',
|
|
142
|
+
'Content-Length': 0,
|
|
143
|
+
'X-Auth-Token': apiutil.getSafeString(_req.headers['x-auth-token']) // Transfer
|
|
144
|
+
};
|
|
145
|
+
var options = {
|
|
146
|
+
'host': urlobj.host,
|
|
147
|
+
'port': urlobj.port,
|
|
148
|
+
'path': '/v1/acr/' + _service_name,
|
|
149
|
+
'method': 'GET',
|
|
150
|
+
'headers': headers
|
|
151
|
+
};
|
|
154
152
|
var agent;
|
|
155
153
|
if(urlobj.https){
|
|
156
154
|
if(null !== cacerts.ca){
|
package/routes/extdata.js
CHANGED
|
@@ -60,12 +60,10 @@ router.get('/', function(req, res, next)
|
|
|
60
60
|
!apiutil.isSafeEntity(req.baseUrl) ||
|
|
61
61
|
!apiutil.isSafeEntity(req.headers) ) // Must User-Agent in header
|
|
62
62
|
{
|
|
63
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
64
63
|
result = {
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
64
|
+
result: false,
|
|
65
|
+
message: 'GET request or url is wrong'
|
|
66
|
+
};
|
|
69
67
|
|
|
70
68
|
r3logger.elog(result.message);
|
|
71
69
|
res.type('application/json; charset=utf-8');
|
|
@@ -80,12 +78,10 @@ router.get('/', function(req, res, next)
|
|
|
80
78
|
// 'User-Agent' Must be existed
|
|
81
79
|
r3logger.elog('GET request does not have User-Agent header');
|
|
82
80
|
|
|
83
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
84
81
|
result = {
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
82
|
+
result: false,
|
|
83
|
+
message: 'GET request does not have User-Agent header'
|
|
84
|
+
};
|
|
89
85
|
|
|
90
86
|
r3logger.elog(result.message);
|
|
91
87
|
res.type('application/json; charset=utf-8');
|
|
@@ -122,12 +118,10 @@ router.get('/', function(req, res, next)
|
|
|
122
118
|
var requestptn = new RegExp('^/v1/extdata/(.*)/(.*)'); // regex = /^\/v1\/extdata\/(.*)\/(.*)/
|
|
123
119
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
124
120
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 3 || '' === apiutil.getSafeString(reqmatchs[1]) || '' === apiutil.getSafeString(reqmatchs[2])){
|
|
125
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
126
121
|
result = {
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
122
|
+
result: false,
|
|
123
|
+
message: 'GET request url does not have extdata path parameter'
|
|
124
|
+
};
|
|
131
125
|
|
|
132
126
|
r3logger.elog(result.message);
|
|
133
127
|
res.type('application/json; charset=utf-8');
|
|
@@ -140,12 +134,10 @@ router.get('/', function(req, res, next)
|
|
|
140
134
|
var suburi = apiutil.getSafeString(reqmatchs[1]);
|
|
141
135
|
var roleinfo = extdataproc.decryptRoleInfo(reqmatchs[2]);
|
|
142
136
|
if(!extdataproc.checkSuburi(suburi)){
|
|
143
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
144
137
|
result = {
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
138
|
+
result: false,
|
|
139
|
+
message: 'GET request URL path(' + suburi + ') does not exist'
|
|
140
|
+
};
|
|
149
141
|
|
|
150
142
|
r3logger.elog(result.message);
|
|
151
143
|
res.type('application/json; charset=utf-8');
|
|
@@ -153,12 +145,10 @@ router.get('/', function(req, res, next)
|
|
|
153
145
|
return;
|
|
154
146
|
}
|
|
155
147
|
if(!extdataproc.checkUserAgent(userAgent, suburi)){
|
|
156
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
157
148
|
result = {
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
149
|
+
result: false,
|
|
150
|
+
message: 'GET request is not allowed from your client'
|
|
151
|
+
};
|
|
162
152
|
|
|
163
153
|
r3logger.elog(result.message);
|
|
164
154
|
res.type('application/json; charset=utf-8');
|
|
@@ -166,12 +156,10 @@ router.get('/', function(req, res, next)
|
|
|
166
156
|
return;
|
|
167
157
|
}
|
|
168
158
|
if(!apiutil.isSafeEntity(roleinfo)){
|
|
169
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
170
159
|
result = {
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
160
|
+
result: false,
|
|
161
|
+
message: 'GET /extdata/' + suburi + '/<path> is invalid'
|
|
162
|
+
};
|
|
175
163
|
|
|
176
164
|
r3logger.elog(result.message);
|
|
177
165
|
res.type('application/json; charset=utf-8');
|
|
@@ -188,12 +176,10 @@ router.get('/', function(req, res, next)
|
|
|
188
176
|
// Gzip
|
|
189
177
|
responsebody = extdataproc.getGzipExtdata(roleinfo, suburi);
|
|
190
178
|
if(null == responsebody){
|
|
191
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
192
179
|
result = {
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
180
|
+
result: false,
|
|
181
|
+
message: 'Could not make gzip response'
|
|
182
|
+
};
|
|
197
183
|
|
|
198
184
|
r3logger.elog(result.message);
|
|
199
185
|
res.type('application/json; charset=utf-8');
|
|
@@ -214,12 +200,10 @@ router.get('/', function(req, res, next)
|
|
|
214
200
|
// Text
|
|
215
201
|
responsebody = extdataproc.getExtdata(roleinfo, suburi);
|
|
216
202
|
if(null == responsebody){
|
|
217
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
218
203
|
result = {
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
204
|
+
result: false,
|
|
205
|
+
message: 'Could not make response'
|
|
206
|
+
};
|
|
223
207
|
|
|
224
208
|
r3logger.elog(result.message);
|
|
225
209
|
res.type('application/json; charset=utf-8');
|
package/routes/list.js
CHANGED
|
@@ -41,13 +41,11 @@ function rawGetChildrenList(req, expand)
|
|
|
41
41
|
if( !apiutil.isSafeEntity(req) ||
|
|
42
42
|
!apiutil.isSafeEntity(req.baseUrl) )
|
|
43
43
|
{
|
|
44
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
45
44
|
result = {
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
45
|
+
result: false,
|
|
46
|
+
message: 'GET/HEAD request or url is wrong',
|
|
47
|
+
status: 400 // 400: Bad Request
|
|
48
|
+
};
|
|
51
49
|
return result;
|
|
52
50
|
}
|
|
53
51
|
|
|
@@ -67,13 +65,11 @@ function rawGetChildrenList(req, expand)
|
|
|
67
65
|
var requestptn = new RegExp('^/v1/list/(.*)'); // regex = /^\/v1\/list\/(.*)/
|
|
68
66
|
var reqmatchs = decodeURI(req.baseUrl).match(requestptn);
|
|
69
67
|
if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 2 || '' === apiutil.getSafeString(reqmatchs[1])){
|
|
70
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
71
68
|
result = {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
69
|
+
result: false,
|
|
70
|
+
message: 'GET/HEAD request url does not have list type{role, resource, policy}',
|
|
71
|
+
status: 400 // 400: Bad Request
|
|
72
|
+
};
|
|
77
73
|
return result;
|
|
78
74
|
}
|
|
79
75
|
|
|
@@ -124,24 +120,20 @@ function rawGetChildrenList(req, expand)
|
|
|
124
120
|
_type = keys.TYPE_POLICY;
|
|
125
121
|
_path = _thirdpath; // should be empty
|
|
126
122
|
}else{
|
|
127
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
128
123
|
result = {
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
124
|
+
result: false,
|
|
125
|
+
message: 'GET/HEAD request url has wrong list type, it must be "service/role" or "service/resource" or "service/policy"',
|
|
126
|
+
status: 400 // 400: Bad Request
|
|
127
|
+
};
|
|
134
128
|
return result;
|
|
135
129
|
}
|
|
136
130
|
|
|
137
131
|
}else{
|
|
138
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
139
132
|
result = {
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
133
|
+
result: false,
|
|
134
|
+
message: 'GET/HEAD request url has wrong list type, it must be "role" or "resource" or "policy" or "service"',
|
|
135
|
+
status: 400 // 400: Bad Request
|
|
136
|
+
};
|
|
145
137
|
return result;
|
|
146
138
|
}
|
|
147
139
|
|
|
@@ -159,13 +151,11 @@ function rawGetChildrenList(req, expand)
|
|
|
159
151
|
}else if(apiutil.compareCaseString(keys.VALUE_FALSE, req.query.expand)){
|
|
160
152
|
is_expand = false;
|
|
161
153
|
}else{
|
|
162
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
163
154
|
result = {
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
155
|
+
result: false,
|
|
156
|
+
message: 'GET/HEAD expand url argument parameter(' + JSON.stringify(req.query.expand) + ') is wrong, it must be ' + keys.VALUE_TRUE + ' or ' + keys.VALUE_FALSE + '.',
|
|
157
|
+
status: 400 // 400: Bad Request
|
|
158
|
+
};
|
|
169
159
|
return result;
|
|
170
160
|
}
|
|
171
161
|
}
|
|
@@ -176,13 +166,11 @@ function rawGetChildrenList(req, expand)
|
|
|
176
166
|
result = k2hr3.getChildrenList(token_info.tenant, _service, _type, _path, is_expand);
|
|
177
167
|
if(!apiutil.isSafeEntity(result) || !apiutil.isSafeEntity(result.result) || false === result.result){
|
|
178
168
|
if(!apiutil.isSafeEntity(result)){
|
|
179
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
180
169
|
result = {
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
/* eslint-enable indent, no-mixed-spaces-and-tabs */
|
|
170
|
+
result: false,
|
|
171
|
+
message: 'Could not get response from getChildrenList',
|
|
172
|
+
status: 400 // 400: Bad Request
|
|
173
|
+
};
|
|
186
174
|
}else{
|
|
187
175
|
if(!apiutil.isSafeEntity(result.result)){
|
|
188
176
|
result.result = false;
|