scimgateway 5.4.2 → 5.4.3

package/README.md

@@ -394,7 +394,7 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 - **log.loglevel.console** - off, debug, info, warn or error. Default off. Output to stdout and errors to stderr
 
-- **log.loglevel.push** - off, debug, info, warn or error. Default info. Push to stream used by remote real-time log subscription
+- **log.loglevel.push** - debug, info, warn or error. Default info. Push to stream used by remote real-time log subscription
 
 - **log.logDirectory** - custom defined log directory e.g. `/var/log/scimgateway` that will override default `<scimgateway path>/logs`. If not exist it will be created.
 
@@ -746,13 +746,18 @@ Please see code editor method HelperRest doRequest() IntelliSense for type and o
 ### Configuration notes - Remote real-time log subscription
 Using remote real-time log subscription we may implement custom logic like monitoring and centralized logging
 
-- using browser and url: https://host/logger  
-- curl -Ns https://host/logger -u gwread:password | sed 's/\xE2\x80\x8B//g'  
-- curl -Ns https://host/logger -H "Authorization: Bearer secret" | sed 's/\xE2\x80\x8B//g'  
-	(-s and sed to ignore keep-alive character)
+- browser and url: https://host/logger  
+- curl with -u or -H "Authorization: Bearer secret"
+	```
+	curl -Ns http://localhost:8880/logger -u gwadmin:password | awk '
+	/^data: / {sub(/^data: /,""); printf "%s", $0; last=1; next}
+	/^$/ {if (last) print ""; last=0}
+	'
+	```
 - custom client API (see example below)
 - not supported by Azure Relay
 
+
 We may configure read-only user/secret for log collection purpose    
 
 	"auth": {
@@ -792,67 +797,57 @@ Example using debug loglevel:
 Example code implementing remote real-time log subscription and custom message handling  
 
 ```
-// startup: bun <scriptname.ts>
-// update url (ws or wss) and the auth according to environment used
-const url = 'ws://localhost:8880/logger'
-const auth = 'Basic ' + btoa('gwadmin' + ':' + 'password') // const auth = 'Bearer ' + 'secret'
-
-const tls: any = {}
-if (url.startsWith('wss:')) {
-  tls.ca = [Bun.file('/path/to/self-signed-cert.pem')], // only needed for self-signed certs
-  tls.rejectUnauthorized = false
-}
-
-// messageHandler implements message handling and custom logic
-// could also use JSON.parse(message) and granular filtering on log "level"
+//
+// usage: bun <scriptname.ts>
+// update url and the auth according to environment used
+//
+const username = "gwadmin"
+const password = "password"
+const url = "http://localhost:8880/logger"
+
+const headers = new Headers({
+  Authorization: "Basic " + btoa(`${username}:${password}`),
+  Accept: "text/event-stream"
+})
+
+// message handling and custom logic
+// we could also do JSON.parse(message) and granular filtering on log "level"
 const messageHandler = async (message: string) => {
   console.log(message)
 }
 
-const startWebSocket = async () => {
-  try {
-    const ws = new WebSocket(url, {
-      headers: {
-      Authorization: auth,
-      },
-      tls,
-    })
-
-    // message is received
-    ws.addEventListener("message", event => {
-      messageHandler(event.data)
-    })
-
-    // socket opened
-    ws.addEventListener("open", event => {
+async function startSSE() {
+  while (true) {
+    try {
+      const resp = await fetch(url, { headers });
+      if (!resp.ok || !resp.body) {
+        console.error(`❌ Response error: ${resp.status} ${resp.statusText}`)
+        await Bun.sleep(10_000)
+        continue
+      }
       console.log('✅ Now awaiting log events...\n')
-    })
-
-    // socket closed
-    ws.addEventListener("close", event => {
-      let addInfo = ''
-      if (event.code === 1002) addInfo = ' => most likely authentication failure?'
-      console.warn(`⚠️ Connection closed (${event.code}): ${event.reason || 'no reason'}${addInfo}`)
-      retry()
-    })
-
-    // error handler
-    ws.addEventListener("error", event => {
-      // console.error('❌ WebSocket error:', event.message)
-    })
-
-  } catch (err: any) {
-    console.error('❌ Unexpected error:', err)
-  }
-}
 
-const retry = async () => {
-    console.log('🔁 Retry in 10 seconds...')
-    await Bun.sleep(10 * 1000)
-    startWebSocket()
+      const reader = resp.body.pipeThrough(new TextDecoderStream()).getReader()
+
+      while (true) {
+        const { value, done } = await reader.read()
+        if (done) break
+        if (!value.startsWith('data: ')) continue
+        const i = value.indexOf("\n\n")
+        if (i < 1) continue
+        const msg = value.slice(6, i)
+        messageHandler(msg)
+      }
+      console.error("⚠️ Connection closed");
+      await Bun.sleep(10_000)
+    } catch (err: any) {
+      console.error("❌ Connection error:", err?.message || err)
+      await Bun.sleep(10_000)
+    }
+  }
 }
 
-startWebSocket()
+startSSE()
 ```
 
 ### Configuration notes - Azure Relay
@@ -1473,6 +1468,16 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v5.4.3
+
+[Fixed]
+
+- helper-rest, fixed an issue introduced in v5.3.8 that caused problems using OAuth
+
+[Improved]
+
+- Remote real-time logger
+
 ### v5.4.2
 
 [Improved]

package/lib/helper-rest.ts

@@ -578,7 +578,7 @@ export class HelperRest {
         options.headers['Authorization'] = 'Basic ' + Buffer.from(`${o.auth?.options?.username}:${o.auth?.options?.password}`).toString('base64')
         delete o.auth
       }
-      options = utils.extendObj(o?.connection?.options, options)
+      options = utils.extendObj(options, o)
     }
 
     const cli: any = {}

package/lib/scimgateway.ts

@@ -878,23 +878,24 @@ export class ScimGateway {
     const getHandlerLoggerSSE = async (ctx: Context) => {
       const levelInt = logger.levelToInt(this.config?.scimgateway?.log?.loglevel?.push || 'info')
       const encoder = new TextEncoder()
+      logger.info(`${gwName}[${pluginName}] remote logger connected from ip address ${ctx.ip}`, { baseEntity: ctx?.routeObj?.baseEntity })
 
       return new Response(
         new ReadableStream({
           start(controller) {
-            controller.enqueue(encoder.encode(`\u200B`))
+            controller.enqueue(encoder.encode(`: keep-alive\n\n`))
 
             const sub = async (msgObj: Record<string, any>) => {
               if (logger.levelToInt(msgObj.level) < levelInt) return
               if (ctx?.routeObj?.baseEntity !== 'undefined') { // if using baseEntity e.g. <host>/company1/logger, only include corresponding baseEntity logentries
                 if (ctx?.routeObj?.baseEntity !== msgObj.baseEntity) return
               }
-              controller.enqueue(encoder.encode(`${JSON.stringify(msgObj)}\n`))
+              controller.enqueue(encoder.encode(`data: ${JSON.stringify(msgObj)}\n\n`))
             }
             logger.subscribe(sub)
 
             const keepAliveInterval = setInterval(() => {
-              controller.enqueue(encoder.encode(`\u200B`)) // invisible keep-alive
+              controller.enqueue(encoder.encode(`: keep-alive\n\n`))
             }, 10000)
 
             const cleanup = () => {
@@ -2705,15 +2706,39 @@ export class ScimGateway {
       const isPublisherEnabled = this.config.scimgateway.stream.publisher.enabled
       const isChainingEnabled = this.config.scimgateway.chainingBaseUrl
 
-      const wssInit = `
+      const sseInit = `
       <!DOCTYPE html>
       <html>
       <head>
         <style>
+          html, body {
+            height: 100%;
+            margin: 0;
+            padding: 0;
+          }
+          body {
+            display: flex;
+            flex-direction: column;
+            height: 100vh;
+            margin-left: 8px;
+          }
           .header-flex {
             display: flex;
             align-items: center;
             gap: 16px;
+            flex-shrink: 0;
+            margin-top: 2px;
+            margin-bottom: 2px;
+          }
+          #log {
+            flex: 1 1 auto;
+            width: 100%;
+            overflow: auto;
+            white-space: pre;
+            margin: 0;
+            min-height: 0;
+            height: auto;
+            box-sizing: border-box;
           }
           #stopBtn {
             padding: 4px 18px;
@@ -2728,42 +2753,41 @@ export class ScimGateway {
       </head>
       <body>
         <div class="header-flex">
-          <h3 style="margin:0;">SCIM Gateway remote logger</h3>
+          <h3>SCIM Gateway remote logger</h3>
           <button id="stopBtn" type="button">Stop</button>
         </div>
         <pre id="log"></pre>
         <script>
           const stopBtn = document.getElementById('stopBtn')
           const logElem = document.getElementById('log')
-          let ws = new WebSocket('{{protocol}}//' + location.host + location.pathname)
-          ws.onmessage = function(event) {
-            event.data.split('\\n').forEach(function(line) {
-              if (!line.trim()) return
-              const htmlLine = line.replace(
-                /(level":"\\s*)(debug|info|warn|error)/i,
-                function(match, p1, p2) {
-                  let color = ''
-                  switch (p2.toLowerCase()) {
-                    case 'debug': color = '#888'; break
-                    case 'info':  color = 'blue'; break
-                    case 'warn':  color = 'orange'; break
-                    case 'error': color = 'red'; break
-                    default: color = 'black'
-                  }
-                  return p1 + '<span style="color:' + color + ';font-weight:bold">' + p2 + '</span>'
+          let es = new EventSource(location.pathname)
+
+          es.onmessage = function(event) {
+            if (!event.data.trim()) return
+            const htmlLine = event.data.replace(
+              /(level":"\s*)(debug|info|warn|error)/i,
+              function(match, p1, p2) {
+                let color = ''
+                switch (p2.toLowerCase()) {
+                  case 'debug': color = '#888'; break
+                  case 'info':  color = 'blue'; break
+                  case 'warn':  color = 'orange'; break
+                  case 'error': color = 'red'; break
+                  default: color = 'black'
                 }
-              );
-              logElem.innerHTML += htmlLine + '<br>'
-            })
+                return p1 + '<span style="color:' + color + ';font-weight:bold">' + p2 + '</span>'
+              }
+            )
+            logElem.innerHTML += htmlLine + '<br>'
+            logElem.scrollTop = logElem.scrollHeight
           }
+
           stopBtn.onclick = function() {
-            if (ws) {
-              ws.close()
-              ws = null
+            if (es) {
+              es.close()
+              es = null
               stopBtn.textContent = 'Start'
-              stopBtn.onclick = function() {
-                location.reload()
-              }
+              stopBtn.onclick = function() { location.reload() }
             }
           }
         </script>
@@ -2807,29 +2831,18 @@ export class ScimGateway {
             await getHandlerServiceProviderConfig(ctx)
             return await onAfterHandle(ctx)
           case 'GET logger': // no onAfterHandle
-            if (req.headers.get('upgrade')?.toLowerCase() === 'websocket') { // browser step 2, and other Bun ws(s) clients
-              logger.info(`${gwName}[${pluginName}] remote logger connected from ip address ${ctx.ip}`, { baseEntity: ctx?.routeObj?.baseEntity })
-              return server.upgrade(req, { // after upgrade, the server will handle the WebSocket connection configured in Bun.serve()
-                data: { // passed to WebSocket server Bun open handler
-                  headers: req.headers,
-                  url: req.url,
-                  baseEntity: ctx?.routeObj?.baseEntity,
-                  ip: ctx.ip,
-                  nonce: this.Nonce.createItem(crypto.randomUUID()),
-                },
-              })
-            }
-            if (req.headers.has('sec-fetch-dest') && typeof Bun !== 'undefined') { // client is browser and not supporting WebSocket on Node.js
-              const url = new URL(ctx.origin)
-              const protocol = (url.protocol === 'https:' ? 'wss:' : 'ws:')
-              const js = wssInit.replace('{{protocol}}', protocol)
-              return new Response(js, { // browser step 1 => force WebSocket by sending javascript
-                status: 200,
-                headers: {
-                  'Content-Type': 'text/html; charset=utf-8',
-                },
-              })
-            } else return await getHandlerLoggerSSE(ctx) // using SSE for none WebSocket/wss e.g. curl -Ns http://localhost:8880/logger -u gwadmin:password | sed 's/\xE2\x80\x8B//g'
+            if (req.headers.has('sec-fetch-dest')) { // client is browser
+              if (ctx.request.headers.get('accept')?.includes('text/event-stream')) {
+                return await getHandlerLoggerSSE(ctx)
+              } else {
+                return new Response(sseInit, {
+                  status: 200,
+                  headers: {
+                    'Content-Type': 'text/html; charset=utf-8',
+                  },
+                })
+              }
+            } else return await getHandlerLoggerSSE(ctx)
           case 'PATCH users':
           case 'PATCH groups':
             await patchHandler(ctx)
@@ -2884,49 +2897,9 @@ export class ScimGateway {
             const reqWithRaw = req as Request & { raw: IncomingMessage }
             return await route(reqWithRaw, srv.requestIP(req)?.address || '')
           },
-          websocket: {
-            open: (ws) => {
-              const data = ws.data as { headers: Headers, url: string, baseEntity: string, ip: string, nonce: string } || {}
-              let isAuthorized = false // client is already authenticated by initial http/https upgrade to websocket, anyhow passing data to be validated
-              if (data?.nonce && this.Nonce.isItemValid(data.nonce)) {
-                if (data.headers.has('authorization')) {
-                  if (data.url.endsWith('/logger')) isAuthorized = true
-                }
-              }
-              if (!isAuthorized) {
-                logger.error(`${gwName}[${pluginName}] remote logger ip address ${data.ip} - WebSocket connection error: invalid nonce`, { baseEntity: data.baseEntity })
-                ws.close(3000, 'Unauthorized')
-                return
-              }
-
-              const levelInt = logger.levelToInt(this.config?.scimgateway?.log?.loglevel?.push || 'info')
-              const sub = async (msgObj: Record<string, any>) => {
-                if (logger.levelToInt(msgObj.level) < levelInt) return
-                if (data.baseEntity !== 'undefined') { // if using baseEntity e.g. <host>/company1/logger, only include corresponding baseEntity logentries
-                  if (data.baseEntity !== msgObj.baseEntity) return
-                }
-                ws.send(`${JSON.stringify(msgObj)}`)
-              }
-              logger.subscribe(sub)
-              ;(ws as any)._sub = sub
-              ;(ws as any)._baseEntity = data.baseEntity
-              ;(ws as any)._ip = data.ip
-            },
-            close: (ws) => {
-              const sub = (ws as any)._sub
-              const baseEntity = (ws as any)._baseEntity
-              const ip = (ws as any)._ip
-              if (sub) {
-                logger.unsubscribe(sub)
-              }
-              logger.info(`${gwName}[${pluginName}] remote logger disconnected from ip address ${ip}`, { baseEntity })
-            },
-            message: () => {},
-          },
         })
       } else {
         // using nodejs server either through Bun compability or Node.js
-
         // get body from req
         async function getRequestBody(req: any): Promise<Buffer> {
           return new Promise((resolve, reject) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "5.4.2",
+  "version": "5.4.3",
   "type": "module",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",