BE-781 Add user model for admin user of Explorer (#153)

Added a new table 'users' to store registered user info. Explorer gets access to this table via sequelize ORM model. Signed-off-by: Atsushi Neki <atsushin@fast.au.fujitsu.com>
hyperledger-labs · Jul 28, 2020 · 90e8d4e · 90e8d4e
1 parent 9e1d4fa
commit 90e8d4e
Show file tree

Hide file tree

Showing 12 changed files with 333 additions and 107 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -430,7 +430,10 @@
 					"mynetwork",
 					"guitest",
 					"configfiles",
-					"_lifecycle"
+					"_lifecycle",
+					"bcrypt",
+					"sequelize",
+					"fabricexplorer"
 				],
 				"skipIfMatch": ["http://[^s]*", "[a-z]scc"],
 				"skipWordIfMatch": ["^foobar.*$"],

diff --git a/app/model/User.js b/app/model/User.js
@@ -0,0 +1,45 @@
+/**
+ *    SPDX-License-Identifier: Apache-2.0
+ */
+
+const Sequelize = require('sequelize');
+
+const attributes = {
+	username: {
+		type: Sequelize.STRING,
+		allowNull: false,
+		unique: true,
+		validate: {
+			is: /^[a-z0-9_-]+$/i
+		}
+	},
+	email: {
+		type: Sequelize.STRING,
+		validate: {
+			isEmail: true
+		}
+	},
+	networkName: {
+		type: Sequelize.STRING,
+		allowNull: false
+	},
+	firstName: {
+		type: Sequelize.STRING
+	},
+	lastName: {
+		type: Sequelize.STRING
+	},
+	password: {
+		type: Sequelize.STRING
+	},
+	salt: {
+		type: Sequelize.STRING
+	}
+};
+
+const options = {
+	freezeTableName: true
+};
+
+module.exports.attributes = attributes;
+module.exports.options = options;
diff --git a/app/model/model.js b/app/model/model.js
@@ -0,0 +1,11 @@
+/**
+ *    SPDX-License-Identifier: Apache-2.0
+ */
+
+const UserMeta = require('./User.js');
+const connection = require('../sequelize/sequelize.js');
+
+const User = connection.define('users', UserMeta.attributes, UserMeta.options);
+
+// you can define relationships here
+module.exports.User = User;
diff --git a/app/passport/local-login.js b/app/passport/local-login.js
@@ -32,21 +32,16 @@ const strategy = function(platform) {
 			};
 
 			const reqUser = await new User(req.body).asJson();
-			const userInfo = await proxy.authenticate(reqUser);
+			const authResult = await proxy.authenticate(reqUser);
+			if (!authResult) {
+				return done(null, false, { message: 'Incorrect credentials' });
+			}
 
 			const payload = {
-				user: userInfo.user,
-				network: userInfo.network
+				user: reqUser.user,
+				network: reqUser.network
 			};
 
-			if (!userInfo || !userInfo.authenticated) {
-				const error = {
-					name: 'IncorrectCredentialsError',
-					message: userInfo.message
-				};
-
-				return done(error, null, null);
-			}
 			// @ts-ignore
 			const token = await jwtSignAsync(payload, config.jwt.secret, {
 				expiresIn: config.jwt.expiresIn
@@ -57,7 +52,6 @@ const strategy = function(platform) {
 				name: userData.user,
 				network: userData.network
 			};
-
 			return done(null, token, data);
 		}
 	);

diff --git a/app/persistence/fabric/postgreSQL/db/explorerpg.sql b/app/persistence/fabric/postgreSQL/db/explorerpg.sql
@@ -184,6 +184,26 @@ CREATE TABLE transactions
 ALTER table transactions owner to :user;
 Alter sequence transactions_id_seq restart with 6;
 
+-- ---------------------------
+--  Table structure for `users`
+-- ----------------------------
+DROP TABLE IF EXISTS users;
+
+CREATE TABLE users
+(
+  id SERIAL PRIMARY KEY,
+  username varchar(255) NOT NULL,
+  email varchar(255),
+  "networkName" varchar(255) NOT NULL,
+  "firstName" varchar(255),
+  "lastName" varchar(255),
+  "password" varchar(255),
+  salt varchar(255),
+  "createdAt" timestamp NOT NULL,
+  "updatedAt" timestamp NOT NULL
+);
+ALTER table users owner to :user;
+
 DROP TABLE IF EXISTS write_lock;
 CREATE TABLE write_lock
 (

diff --git a/app/platform/fabric/FabricConfig.js b/app/platform/fabric/FabricConfig.js
@@ -110,6 +110,14 @@ class FabricConfig {
 	 * @memberof FabricConfig
 	 */
 	getAdminUser() {
+		if (
+			!this.config.client ||
+			!this.config.client.adminCredential ||
+			!this.config.client.adminCredential.id
+		) {
+			logger.error('client.adminCredential.id is undefined');
+			return null;
+		}
 		return this.config.client.adminCredential.id;
 	}
 
@@ -120,6 +128,14 @@ class FabricConfig {
 	 * @memberof FabricConfig
 	 */
 	getAdminPassword() {
+		if (
+			!this.config.client ||
+			!this.config.client.adminCredential ||
+			!this.config.client.adminCredential.password
+		) {
+			logger.error('client.adminCredential.password is undefined');
+			return null;
+		}
 		return this.config.client.adminCredential.password;
 	}
 

diff --git a/app/platform/fabric/Platform.js b/app/platform/fabric/Platform.js
@@ -4,6 +4,7 @@
 
 const path = require('path');
 const fs = require('fs-extra');
+const bcrypt = require('bcrypt');
 
 const Proxy = require('./Proxy');
 const helper = require('../../common/helper');
@@ -21,6 +22,9 @@ const explorer_error = require('../../common/ExplorerMessage').explorer.error;
 
 const config_path = path.resolve(__dirname, './config.json');
 
+const Model = require('../../model/model');
+const FabricConfig = require('./FabricConfig');
+
 /**
  *
  *
@@ -39,7 +43,6 @@ class Platform {
 		this.networks = new Map();
 		this.proxy = new Proxy(this);
 		this.defaultNetwork = null;
-		this.defaultClient = null;
 		this.network_configs = null;
 		this.syncType = null;
 		this.explorerListeners = [];
@@ -115,14 +118,19 @@ class Platform {
 				client_configs.profile
 			);
 			const client_name = client_configs.name;
-			// Set default client as first client
-			if (!this.defaultClient) {
-				this.defaultClient = client_name;
-			}
 
 			// Create client instance
 			logger.debug('Creating client [%s] >> ', client_name, client_configs);
 
+			const signupResult = await this.registerAdmin(
+				client_configs.name,
+				client_configs.profile
+			);
+			if (!signupResult) {
+				logger.error(`Failed to register admin user : ${network_name}`);
+				continue;
+			}
+
 			const client = await FabricUtils.createFabricClient(
 				client_configs,
 				network_name,
@@ -138,6 +146,52 @@ class Platform {
 		}
 	}
 
+	registerAdmin(networkName, network_profile_path) {
+		const configPath = path.resolve(__dirname, network_profile_path);
+		const config = new FabricConfig();
+		config.initialize(configPath);
+
+		if (!config.getEnableAuthentication()) {
+			logger.info('Disabled authentication');
+			return true;
+		}
+
+		const userName = config.getAdminUser();
+		const password = config.getAdminPassword();
+		if (!userName || !password) {
+			logger.error('Invalid credentials');
+			return false;
+		}
+		const combinedUserName = `${networkName}-${userName}`;
+
+		return Model.User.findOne({
+			where: {
+				username: combinedUserName
+			}
+		}).then(user => {
+			if (user != null) {
+				return true;
+			}
+			const salt = bcrypt.genSaltSync(10);
+			const hashedPassword = bcrypt.hashSync(password, salt);
+			const newUser = {
+				username: combinedUserName,
+				salt: salt,
+				password: hashedPassword,
+				networkName: networkName
+			};
+
+			return Model.User.create(newUser)
+				.then(() => {
+					return true;
+				})
+				.catch(error => {
+					logger.error('Failed to register admin user');
+					return false;
+				});
+		});
+	}
+
 	/**
 	 *
 	 *
@@ -232,16 +286,6 @@ class Platform {
 		return this.proxy;
 	}
 
-	/**
-	 *
-	 *
-	 * @param {*} defaultClient
-	 * @memberof Platform
-	 */
-	setDefaultClient(defaultClient) {
-		this.defaultClient = defaultClient;
-	}
-
 	/**
 	 *
 	 *