Merge pull request #54 from ankitmashu/main

drl did changes in for auditing
datakaveri · Sep 13, 2023 · 6d7f58a · 6d7f58a
2 parents 0cc3d3f + 97225a6
commit 6d7f58a
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 38 deletions.
diff --git a/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java b/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java
@@ -3,6 +3,7 @@
 import static iudx.rs.proxy.apiserver.response.ResponseUtil.generateResponse;
 import static iudx.rs.proxy.apiserver.util.ApiServerConstants.*;
 import static iudx.rs.proxy.apiserver.util.ApiServerConstants.HEADER_PUBLIC_KEY;
+import static iudx.rs.proxy.authenticator.Constants.*;
 import static iudx.rs.proxy.common.Constants.DATABROKER_SERVICE_ADDRESS;
 
 import static iudx.rs.proxy.apiserver.util.Util.errorResponse;
@@ -612,8 +613,23 @@ private void updateAuditTable(RoutingContext context) {
     long time = zst.toInstant().toEpochMilli();
     String isoTime = zst.truncatedTo(ChronoUnit.SECONDS).toString();
     String resourceid= authInfo.getString(ID);
+    String role = authInfo.getString(ROLE);
+    String drl = authInfo.getString(DRL);
+    if (role.equalsIgnoreCase("delegate") && drl != null) {
+      request.put(DELEGATOR_ID, authInfo.getString(DID));
+    } else {
+      request.put(DELEGATOR_ID, authInfo.getString(USER_ID));
+    }
     JsonObject jsonObject = CatalogueService.getCatalogueItemJson(resourceid);
     String providerID = jsonObject.getString("provider");
+    String type =
+            jsonObject.containsKey(RESOURCE_GROUP) ? "RESOURCE" : "RESOURCE_GROUP";
+    String resourceGroup =
+            jsonObject.containsKey(RESOURCE_GROUP)
+                    ? jsonObject.getString(RESOURCE_GROUP)
+                    : jsonObject.getString(ID);
+    request.put(RESOURCE_GROUP, resourceGroup);
+    request.put(TYPE_KEY, type);
     request.put(EPOCH_TIME,time);
     request.put(ISO_TIME,isoTime);
     request.put(USER_ID, authInfo.getValue(USER_ID));

diff --git a/src/main/java/iudx/rs/proxy/apiserver/handlers/AuthHandler.java b/src/main/java/iudx/rs/proxy/apiserver/handlers/AuthHandler.java
@@ -1,6 +1,7 @@
 package iudx.rs.proxy.apiserver.handlers;
 
 import static iudx.rs.proxy.apiserver.util.ApiServerConstants.*;
+import static iudx.rs.proxy.authenticator.Constants.*;
 import static iudx.rs.proxy.common.Constants.AUTH_SERVICE_ADDRESS;
 import static iudx.rs.proxy.common.ResponseUrn.INVALID_TOKEN_URN;
 import static iudx.rs.proxy.common.ResponseUrn.RESOURCE_NOT_FOUND_URN;
@@ -25,13 +26,13 @@ public class AuthHandler implements Handler<RoutingContext> {
   private static final Logger LOGGER = LogManager.getLogger(AuthHandler.class);
 
   static AuthenticationService authenticator;
+  static Api api;
   private final String AUTH_INFO = "authInfo";
   private HttpServerRequest request;
-  static Api api;
 
-  public static AuthHandler create(Vertx vertx,Api apiEndpoints) {
+  public static AuthHandler create(Vertx vertx, Api apiEndpoints) {
     authenticator = AuthenticationService.createProxy(vertx, AUTH_SERVICE_ADDRESS);
-    api=apiEndpoints;
+    api = apiEndpoints;
     return new AuthHandler();
   }
 
@@ -40,21 +41,20 @@ public void handle(RoutingContext context) {
     request = context.request();
 
     RequestBody requestBody = context.body();
-    JsonObject requestJson=null;
-    if(request!=null) {
-      if(requestBody.asJsonObject()!=null) {
-        requestJson=requestBody.asJsonObject().copy();
+    JsonObject requestJson = null;
+    if (request != null) {
+      if (requestBody.asJsonObject() != null) {
+        requestJson = requestBody.asJsonObject().copy();
       }
     }
-    if(requestJson==null) {
-      requestJson=new JsonObject();
+    if (requestJson == null) {
+      requestJson = new JsonObject();
     }
 
     String token = request.headers().get(HEADER_TOKEN);
     final String path = getNormalizedPath(request.path());
     final String method = context.request().method().toString();
 
-
     if (token == null) token = "public";
 
     JsonObject authInfo =
@@ -79,6 +79,9 @@ public void handle(RoutingContext context) {
             authInfo.put(IID, authHandler.result().getValue(IID));
             authInfo.put(USER_ID, authHandler.result().getValue(USER_ID));
             authInfo.put("apd", authHandler.result().getValue("apd"));
+            authInfo.put(ROLE, authHandler.result().getValue(ROLE));
+            authInfo.put(DID, authHandler.result().getValue(DID));
+            authInfo.put(DRL, authHandler.result().getValue(DRL));
             context.data().put(AUTH_INFO, authInfo);
           } else {
             processAuthFailure(context, authHandler.cause().getMessage());
@@ -123,11 +126,11 @@ private String getId(RoutingContext context) {
     String paramId = getId4rmRequest();
     String bodyId = getId4rmBody(context);
     String id;
-      if (paramId != null && !paramId.isBlank()) {
-        id = paramId;
-      } else {
-        id = bodyId;
-      }
+    if (paramId != null && !paramId.isBlank()) {
+      id = paramId;
+    } else {
+      id = bodyId;
+    }
     return id;
   }
 
@@ -170,13 +173,13 @@ private String getNormalizedPath(String url) {
       path = api.getProviderAuditEndpoint();
     } else if (url.matches(api.getPostEntitiesEndpoint())) {
       path = api.getPostEntitiesEndpoint();
-    }else if(url.matches(api.getPostTemporalEndpoint())){
+    } else if (url.matches(api.getPostTemporalEndpoint())) {
       path = api.getPostTemporalEndpoint();
     }
     return path;
   }
-  
+
   private String getpathRegex(String path) {
-    return path+"(.*)";
+    return path + "(.*)";
   }
 }
diff --git a/src/main/java/iudx/rs/proxy/apiserver/util/ApiServerConstants.java b/src/main/java/iudx/rs/proxy/apiserver/util/ApiServerConstants.java
@@ -104,6 +104,8 @@ public class ApiServerConstants {
   public static final String IID = "iid";
   public static final String API = "api";
   public static final String USER_ID = "userid";
+  public static final String RESOURCE_GROUP = "resourceGroup";
+  public static final String TYPE_KEY = "type";
   public static final String GEO_QUERY = "geo-query";
   public static final String TEMPORAL_QUERY = "temporal-query";
 

diff --git a/src/main/java/iudx/rs/proxy/authenticator/Constants.java b/src/main/java/iudx/rs/proxy/authenticator/Constants.java
@@ -4,13 +4,18 @@
 
 public class Constants {
 
-  public static final List<String> OPEN_ENDPOINTS = List.of("/temporal/entities","/entities","/consumer/audit","/entityOperations/query");
+  public static final List<String> OPEN_ENDPOINTS =
+      List.of("/temporal/entities", "/entities", "/consumer/audit", "/entityOperations/query");
   public static final long CACHE_TIMEOUT_AMOUNT = 30;
   public static final String CAT_SEARCH_PATH = "/search";
   public static final String AUTH_CERTIFICATE_PATH = "/cert";
   public static final String CAT_ITEM_PATH = "/item";
   public static final String JSON_USERID = "userid";
   public static final String JSON_IID = "iid";
   public static final String JSON_EXPIRY = "expiry";
-  public static final String JSON_APD="apd";
+  public static final String JSON_APD = "apd";
+  public static final String ROLE = "role";
+  public static final String DRL = "drl";
+  public static final String DID = "did";
+  public static final String DELEGATOR_ID = "delegatorId";
 }
diff --git a/src/main/java/iudx/rs/proxy/authenticator/JwtAuthenticationServiceImpl.java b/src/main/java/iudx/rs/proxy/authenticator/JwtAuthenticationServiceImpl.java
@@ -1,5 +1,7 @@
 package iudx.rs.proxy.authenticator;
 
+import static iudx.rs.proxy.authenticator.Constants.*;
+
 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;
 import io.vertx.core.AsyncResult;
@@ -30,25 +32,21 @@
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
-import java.util.Arrays;
 import java.util.concurrent.TimeUnit;
 import org.apache.http.HttpStatus;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import static iudx.rs.proxy.authenticator.Constants.*;
-
 public class JwtAuthenticationServiceImpl implements AuthenticationService {
 
   private static final Logger LOGGER = LogManager.getLogger(JwtAuthenticationServiceImpl.class);
-
+  static WebClient catWebClient;
   final JWTAuth jwtAuth;
   final String host;
   final int port;
   final String path;
   final String audience;
   final CacheService cache;
-  static WebClient catWebClient;
   final Api apis;
   final String catBasePath;
   // resourceGroupCache will contain ACL info about all resource group in a resource server
@@ -106,6 +104,9 @@ public AuthenticationService tokenIntrospect(JsonObject request, JsonObject auth
         jsonResponse.put(JSON_EXPIRY, (LocalDateTime.ofInstant(
             Instant.ofEpochSecond(Long.parseLong(result.jwtData.getExp().toString())),
             ZoneId.systemDefault())).toString());
+        jsonResponse.put(ROLE, result.jwtData.getRole());
+        jsonResponse.put(DRL, result.jwtData.getDrl());
+        jsonResponse.put(DID, result.jwtData.getDid());
         return Future.succeededFuture(jsonResponse);
       } else {
         return validateAccess(result.jwtData, result.isOpen, authenticationInfo);
@@ -216,6 +217,9 @@ public Future<JsonObject> validateAccess(JwtData jwtData, boolean openResource,
       jsonResponse.put(JSON_IID, jwtId);
       jsonResponse.put(JSON_USERID, jwtData.getSub());
       jsonResponse.put(JSON_APD,jwtData.getApd());
+      jsonResponse.put(ROLE, jwtData.getRole());
+      jsonResponse.put(DRL, jwtData.getDrl());
+      jsonResponse.put(DID, jwtData.getDid());
       return Future.succeededFuture(jsonResponse);
     }
 
@@ -236,6 +240,9 @@ public Future<JsonObject> validateAccess(JwtData jwtData, boolean openResource,
       jsonResponse.put(JSON_EXPIRY, (LocalDateTime.ofInstant(
           Instant.ofEpochSecond(Long.parseLong(jwtData.getExp().toString())),
           ZoneId.systemDefault())).toString());
+      jsonResponse.put(ROLE, jwtData.getRole());
+      jsonResponse.put(DRL, jwtData.getDrl());
+      jsonResponse.put(DID, jwtData.getDid());
       promise.complete(jsonResponse);
     } else {
       LOGGER.error("failed - no access provided to endpoint");

diff --git a/src/main/java/iudx/rs/proxy/authenticator/model/JwtData.java b/src/main/java/iudx/rs/proxy/authenticator/model/JwtData.java
@@ -16,19 +16,37 @@ public final class JwtData {
   private String role;
   private JsonObject cons;
   private JsonObject apd;
+  private String drl;
+  private String did;
+
+  public JwtData() {
+    super();
+  }
+
+  public JwtData(JsonObject json) {
+    JwtDataConverter.fromJson(json, this);
+  }
 
   public JsonObject toJson() {
     JsonObject json = new JsonObject();
     JwtDataConverter.toJson(this, json);
     return json;
   }
 
-  public JwtData() {
-    super();
+  public String getDrl() {
+    return drl;
   }
 
-  public JwtData(JsonObject json) {
-    JwtDataConverter.fromJson(json, this);
+  public void setDrl(String drl) {
+    this.drl = drl;
+  }
+
+  public String getDid() {
+    return did;
+  }
+
+  public void setDid(String did) {
+    this.did = did;
   }
 
   public String getAccess_token() {
@@ -102,7 +120,7 @@ public Integer getIat() {
   public void setIat(Integer iat) {
     this.iat = iat;
   }
-  
+
   public JsonObject getApd() {
     return apd;
   }
@@ -113,13 +131,30 @@ public void setApd(JsonObject apd) {
 
   @Override
   public String toString() {
-    return "JwtData [access_token=" + access_token + ", sub=" + sub + ", iss=" + iss + ", aud="
-        + aud + ", exp=" + exp + ", iat=" + iat + ", iid=" + iid + ", role=" + role + ", cons="
-        + cons + ", apd=" + apd + "]";
+    return "JwtData [access_token="
+        + access_token
+        + ", sub="
+        + sub
+        + ", iss="
+        + iss
+        + ", aud="
+        + aud
+        + ", exp="
+        + exp
+        + ", iat="
+        + iat
+        + ", iid="
+        + iid
+        + ", role="
+        + role
+        + ", cons="
+        + cons
+        + ", apd="
+        + apd
+        + ", drl="
+        + drl
+        + ", did="
+        + did
+        + "]";
   }
-
-
-
-
-
 }