k2hr3-api 1.0.42 → 2.0.1

package/routes/debugVerify.js

@@ -1,263 +0,0 @@
-/*
- * K2HR3 REST API
- *
- * Copyright 2017 Yahoo Japan Corporation.
- *
- * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers 
- * common management information for the cloud.
- * K2HR3 can dynamically manage information as "who", "what", "operate".
- * These are stored as roles, resources, policies in K2hdkc, and the
- * client system can dynamically read and modify these information.
- *
- * For the full copyright and license information, please view
- * the license file that was distributed with this source code.
- *
- * AUTHOR:   Takeshi Nakatani
- * CREATE:   Mon Nov 6 2017
- * REVISION:
- *
- */
-
-'use strict';
-
-var express		= require('express');
-var router		= express.Router();
-var	http		= require('http');
-var	https		= require('https');
-
-var	cacerts		= require('../lib/cacerts');
-var	r3token	= require('../lib/k2hr3tokens');
-var	apiutil		= require('../lib/k2hr3apiutil');
-var	resutil		= require('../lib/k2hr3resutil');
-
-// Debug logging objects
-var r3logger	= require('../lib/dbglogging');
-
-//
-// Debug Verify URL
-//
-// This router is for debugging verify url for dummy service.
-// This is called only on development environment.
-//
-// Mountpath					:	'/v1/debug/verify'
-//
-// GET '/v1/debug/verify'		:	get verify for debug on version 1
-// URL argument
-//	service						:	service name(default testservice)
-// HEADER						:	X-Auth-Token	=>	Scoped User token(without 'U=' prefix)
-//	response body	= [			:	undefined/null or resource array(if one element, allows only it not array)
-//		{
-//			name				:	resource name which is key name(path) for resource
-//			expire				:	undefined/null or integer
-//			type				:	resource data type(string or object), if date is null or '', this value must be string.
-//			data				:	resource data which must be string or object or null/undefined.
-//			keys = {			:	resource has keys(associative array), or null/undefined.
-//				'foo':	bar,	:		any value is allowed
-//				...				:
-//			}					:
-//		},
-//	]
-//
-router.get('/', function(req, res, next)
-{
-	r3logger.dlog('CALL:', req.method, req.url);
-
-	var	_req	= req;
-	var	_res	= res;
-	var	_next	= next;
-	if('GET' !== _req.method){
-		// HEAD request comes here, so it should be routed to head function.
-		_next();
-		return;
-	}
-	_res.type('application/json; charset=utf-8');
-
-	//
-	// Check request
-	//
-	if(	!apiutil.isSafeEntity(_req)													||
-		!apiutil.isSafeString(_req.baseUrl)											||
-		!apiutil.isSafeString(_req.method)											||
-		!apiutil.isSafeString(_req.protocol)										||
-		!apiutil.isSafeEntity(_req.query)											||
-		(!apiutil.isSafeString(_req.host) && !apiutil.isSafeString(_req.hostname))	||
-		!apiutil.isSafeEntity(_req.headers)											||
-		!apiutil.isSafeEntity(_req.headers.host)									)
-	{
-		r3logger.elog('GET request or url or token is wrong');
-		resutil.errResponse(_req, _res, 400);														// 400: Bad Request
-		return;
-	}
-
-	//
-	// check token
-	//
-	var	token_result = r3token.checkToken(req, true, true);											// scoped, user token
-	if(!token_result.result){
-		r3logger.elog(token_result.message);
-		var	_status = token_result.status;
-		delete token_result.status;
-		resutil.errResponse(req, res, _status, token_result);
-		return;
-	}
-	var	_token_info	= token_result.token_info;
-
-
-	//
-	// check arguments
-	//
-	var	_service_name = 'testservice';																// [NOTE] default service name
-	if(apiutil.isSafeString(req.query.service) && apiutil.isSafeString(req.query.service.trim())){
-		_service_name = req.query.service.trim();
-	}
-
-	//
-	// Check localhost information for ACR API
-	//
-	var	urlobj	= apiutil.parseUrl(_req.protocol + '://' + _req.headers.host);
-	if(!urlobj.https){
-		if(!apiutil.compareCaseString(_req.protocol, 'http')){
-			r3logger.elog('Original request url method is not as same as request method');
-			resutil.errResponse(_req, _res, 400);													// 400: Bad Request
-			return;
-		}
-	}else{
-		if(!apiutil.compareCaseString(_req.protocol, 'https')){
-			r3logger.elog('Original request url method is not as same as request method');
-			resutil.errResponse(_req, _res, 400);													// 400: Bad Request
-			return;
-		}
-	}
-	if(urlobj.host !== apiutil.getSafeString(_req.host) && urlobj.host !== apiutil.getSafeString(_req.hostname)){
-		r3logger.elog('Original request url host is not as same as request host');
-		resutil.errResponse(_req, _res, 400);														// 400: Bad Request
-		return;
-	}
-
-	//
-	// Make request data
-	//
-	var	headers = {
-		'Content-Type':		'application/json',
-		'Content-Length':	0,
-		'X-Auth-Token':		apiutil.getSafeString(_req.headers['x-auth-token'])	// Transfer
-	};
-	var	options = {
-		'host':				urlobj.host,
-		'port':				urlobj.port,
-		'path': 			'/v1/acr/' + _service_name,
-		'method':			'GET',
-		'headers':			headers
-	};
-	var	agent;
-	if(urlobj.https){
-		if(null !== cacerts.ca){
-			options.ca = cacerts.ca;
-		}
-		options.agent	= new https.Agent(options);
-		agent			= https;
-	}else{
-		options.agent	= new http.Agent(options);
-		agent			= http;
-	}
-	r3logger.dlog('request options = ' + JSON.stringify(options));
-	r3logger.dlog('request headers = ' + JSON.stringify(headers));
-
-	//
-	// Send request to localhost
-	//
-	var	subreq = agent.request(options, function(subres)
-	{
-		var	_body	= '';
-		var	_status	= subres.statusCode;
-		var	_headers= subres.headers;
-
-		r3logger.dlog('/v1/acr/testservice response status: ' + _status);
-		r3logger.dlog('/v1/acr/testservice response header: ' + JSON.stringify(_headers));
-		subres.setEncoding('utf8');
-
-		subres.on('data', function(chunk)
-		{
-			//r3logger.dlog('/v1/acr/testservice response chunk: ' + chunk);
-			_body += chunk;
-		});
-
-		subres.on('end', function(result)															// eslint-disable-line no-unused-vars
-		{
-			var	_error = null;
-			if(300 <= _status){
-				_error = new Error('got error response for verify request by status=' + String(_status));
-				r3logger.elog(_error.message);
-				resutil.errResponse(_req, _res, _status, _error.message);							// 4xx, 5xx
-				return;
-			}
-			//r3logger.dlog('/v1/acr/testservice response body: ' + _body);
-
-			//
-			// Check response body
-			//
-			if(apiutil.checkSimpleJSON(_body)){
-				_body = JSON.parse(_body);
-			}
-			if(	!apiutil.isSafeEntity(_body)											||
-				!apiutil.isSafeEntity(_body.tokeninfo)									||
-				!apiutil.isSafeString(_body.tokeninfo.service)							||
-				!apiutil.compareCaseString(_body.tokeninfo.service, _service_name)		||
-				!apiutil.isSafeString(_body.tokeninfo.user)								||
-				!apiutil.isSafeString(_body.tokeninfo.tenant)							)
-			{
-				_error = new Error('/v1/acr/testservice response is something wrong(' + JSON.stringify(_body) + ').');
-				r3logger.elog(_error.message);
-				resutil.errResponse(_req, _res, 400, _error.message);								// 400: Bad Request
-				return;
-			}
-			r3logger.dlog('Call Verify URL: verified user(' + _body.user + ') and tenant(' + _body.tenant + ')');
-
-			//
-			// Make response body for debug
-			//
-			var	resobj	= [
-				{
-					name:					_service_name + '_resource',					// resource name
-					expire:					null,											// no expire
-					type:					'string',										// resource is string type
-					data:					_service_name + ' resource data for debug',		// resource data(string)
-					keys: {
-						'creator':			apiutil.getSafeString(_token_info.user),
-						'owner_tenant':		apiutil.getSafeString(_token_info.tenant),
-						'service_name':		_service_name,
-						'token':			'sample_token_value',
-						'accesskey':		'sample_accesskey_value',
-						'secretkey':		'sample_secretkey_value',
-						'anykey':			'sample_value'
-					}
-				}
-			];
-
-			//
-			// Return response
-			//
-			r3logger.dlog('succeed : ' + JSON.stringify(resobj));
-			_res.status(200);																	// 200: OK
-			_res.send(JSON.stringify(resobj));
-		});
-	});
-	subreq.on('error', function(exception) {
-		r3logger.elog(exception.message);
-		resutil.errResponse(_req, _res, exception.code, exception.message);						// 4xx, 5xx
-		return;
-	});
-
-	subreq.end();
-});
-
-module.exports = router;
-
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: noexpandtab sw=4 ts=4 fdm=marker
- * vim<600: noexpandtab sw=4 ts=4
- */

package/routes/extdata.js

@@ -1,232 +0,0 @@
-/*
- * K2HR3 REST API
- *
- * Copyright 2018 Yahoo Japan Corporation.
- *
- * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers 
- * common management information for the cloud.
- * K2HR3 can dynamically manage information as "who", "what", "operate".
- * These are stored as roles, resources, policies in K2hdkc, and the
- * client system can dynamically read and modify these information.
- *
- * For the full copyright and license information, please view
- * the license file that was distributed with this source code.
- *
- * AUTHOR:   Takeshi Nakatani
- * CREATE:   Tue May 13 2020
- * REVISION:
- *
- */
-
-'use strict';
-
-var express		= require('express');
-var router		= express.Router();
-
-var	apiutil		= require('../lib/k2hr3apiutil');
-var	resutil		= require('../lib/k2hr3resutil');
-var	r3extdata	= require('../lib/k2hr3extdata');
-
-// Debug logging objects
-var r3logger	= require('../lib/dbglogging');
-
-//---------------------------------------------------------
-// Router GET
-//---------------------------------------------------------
-//
-// Mountpath									: '/v1/extdata/*'
-//
-// GET '/v1/extdata/<exturi>/<encrypted data>'	: get extra(user-defined) data on version 1
-// response										: compressed(gzip) extdata(binary)
-//
-// This mount point is for getting compressed user defined extra data.
-// The user can define this extra data as a template in the configuration.
-// The variables can be used in templates, and those are replaced real values
-// as like userdata entry point.
-// The returned data is encrypted and compressed with the specified algorithm.
-//
-router.get('/', function(req, res, next)
-{
-	r3logger.dlog('CALL:', req.method, req.url);
-
-	if('GET' !== req.method){
-		// HEAD request comes here, so it should be routed to head(not defined) function.
-		next();
-		return;
-	}
-
-	var	result;
-	if(	!apiutil.isSafeEntity(req)			||
-		!apiutil.isSafeEntity(req.baseUrl)	||
-		!apiutil.isSafeEntity(req.headers)	)							// Must User-Agent in header
-	{
-		result = {
-			result: 	false,
-			message:	'GET request or url is wrong'
-		};
-
-		r3logger.elog(result.message);
-		res.type('application/json; charset=utf-8');
-		resutil.errResponse(req, res, 400, result);						// 400: Bad Request
-		return;
-	}
-
-	//------------------------------
-	// Check headers
-	//------------------------------
-	if(!apiutil.isSafeEntity(req.headers['user-agent'])){
-		// 'User-Agent' Must be existed
-		r3logger.elog('GET request does not have User-Agent header');
-
-		result = {
-			result: 	false,
-			message:	'GET request does not have User-Agent header'
-		};
-
-		r3logger.elog(result.message);
-		res.type('application/json; charset=utf-8');
-		resutil.errResponse(req, res, 400, result);						// 400: Bad Request
-		return;
-	}
-	var	userAgent	= req.headers['user-agent'].toLowerCase();
-
-	var	isGzip		= false;
-	if(apiutil.isSafeEntity(req.headers['accept-encoding'])){
-		if(apiutil.hasPartString(req.headers['accept-encoding'], ',', ['gzip', 'deflate'], true)){
-			isGzip = true;
-		}else if(!isGzip){
-			// Accept-Encoding should have 'gzip' or 'deflate', but all type is allowed
-			r3logger.dlog('Get request Accept-Encoding does not have gzip nor deflate, but continue...');
-		}
-	}else{
-		//r3logger.dlog('GET request doe not have Accept-Encoding, but continue...');
-	}
-
-	if(apiutil.isSafeEntity(req.headers['content-type'])){
-		if(!apiutil.hasPartString(req.headers['content-type'], ';', 'application/octet-stream', true)){
-			// should be 'application/octet-stream', but all type is allowed
-			r3logger.dlog('GET request Content-Type is not application/octet-stream, but continue...');
-		}
-	}else{
-		//r3logger.dlog('GET request doe not have Content-Type, but continue...');
-	}
-
-	//------------------------------
-	// get url paths and decode
-	//------------------------------
-	// check path matching
-	var	requestptn	= new RegExp('^/v1/extdata/(.*)/(.*)');				// regex = /^\/v1\/extdata\/(.*)\/(.*)/
-	var	reqmatchs	= decodeURI(req.baseUrl).match(requestptn);
-	if(apiutil.isEmptyArray(reqmatchs) || reqmatchs.length < 3 || '' === apiutil.getSafeString(reqmatchs[1]) || '' === apiutil.getSafeString(reqmatchs[2])){
-		result = {
-			result: 	false,
-			message:	'GET request url does not have extdata path parameter'
-		};
-
-		r3logger.elog(result.message);
-		res.type('application/json; charset=utf-8');
-		resutil.errResponse(req, res, 400, result);						// 400: Bad Request
-		return;
-	}
-
-	// decode and check extdata parameter
-	var	extdataproc	= new r3extdata.extdataProcess;
-	var	suburi		= apiutil.getSafeString(reqmatchs[1]);
-	var	roleinfo	= extdataproc.decryptRoleInfo(reqmatchs[2]);
-	if(!extdataproc.checkSuburi(suburi)){
-		result = {
-			result: 	false,
-			message:	'GET request URL path(' + suburi + ') does not exist'
-		};
-
-		r3logger.elog(result.message);
-		res.type('application/json; charset=utf-8');
-		resutil.errResponse(req, res, 400, result);						// 400: Bad Request
-		return;
-	}
-	if(!extdataproc.checkUserAgent(userAgent, suburi)){
-		result = {
-			result: 	false,
-			message:	'GET request is not allowed from your client'
-		};
-
-		r3logger.elog(result.message);
-		res.type('application/json; charset=utf-8');
-		resutil.errResponse(req, res, 400, result);						// 400: Bad Request
-		return;
-	}
-	if(!apiutil.isSafeEntity(roleinfo)){
-		result = {
-			result: 	false,
-			message:	'GET /extdata/' + suburi + '/<path> is invalid'
-		};
-
-		r3logger.elog(result.message);
-		res.type('application/json; charset=utf-8');
-		resutil.errResponse(req, res, 400, result);						// 400: Bad Request
-		return;
-	}
-	var	contype		= extdataproc.getContentType(suburi);
-
-	//------------------------------
-	// Make response
-	//------------------------------
-	var	responsebody = null;
-	if(isGzip){
-		// Gzip
-		responsebody = extdataproc.getGzipExtdata(roleinfo, suburi);
-		if(null == responsebody){
-			result = {
-				result: 	false,
-				message:	'Could not make gzip response'
-			};
-
-			r3logger.elog(result.message);
-			res.type('application/json; charset=utf-8');
-			resutil.errResponse(req, res, 400, result);					// 400: Bad Request
-			return;
-		}
-
-		res.type('application/zip');
-		res.setHeader('Content-Encoding', 'gzip');
-		res.setHeader('Content-Transfer-Encoding', 'binary');
-		res.setHeader('Content-Disposition', 'attachment; filename=k2hr3-extdata.gz');
-		res.setHeader('Content-Length', responsebody.length);
-
-		r3logger.dlog('succeed : (response body is gzip compressed)');
-		res.status(200);												// 200: OK
-		res.send(responsebody.data);
-	}else{
-		// Text
-		responsebody = extdataproc.getExtdata(roleinfo, suburi);
-		if(null == responsebody){
-			result = {
-				result: 	false,
-				message:	'Could not make response'
-			};
-
-			r3logger.elog(result.message);
-			res.type('application/json; charset=utf-8');
-			resutil.errResponse(req, res, 400, result);					// 400: Bad Request
-			return;
-		}
-
-		res.type(apiutil.isSafeString(contype) ? contype : 'text/plain');
-		res.setHeader('Content-Length', responsebody.length);
-
-		r3logger.dlog('succeed : (response body is not gzip compressed)');
-		res.status(200);												// 200: OK
-		res.send(responsebody);
-	}
-});
-
-module.exports = router;
-
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: noexpandtab sw=4 ts=4 fdm=marker
- * vim<600: noexpandtab sw=4 ts=4
- */