Merge pull request #865 from koopjs/auth-refactor

Provider-based authorization, updates to geoservice auth routes
koopjs · Nov 26, 2023 · be22508 · be22508
2 parents c8bb758 + 1d72b58
commit be22508
Show file tree

Hide file tree

Showing 23 changed files with 733 additions and 429 deletions.
diff --git a/.changeset/beige-rocks-cheat.md b/.changeset/beige-rocks-cheat.md
@@ -0,0 +1,5 @@
+---
+'@koopjs/featureserver': minor
+---
+
+- add owningSystemUrl to restInfo response
diff --git a/.changeset/fair-mirrors-rescue.md b/.changeset/fair-mirrors-rescue.md
@@ -0,0 +1,7 @@
+---
+'@koopjs/koop-core': major
+---
+
+- route change in geoservices 
+- generic plugins and file-system plugins no longer supported
+- add option to skip default geoservices plugin
diff --git a/.changeset/perfect-feet-remember.md b/.changeset/perfect-feet-remember.md
@@ -0,0 +1,7 @@
+---
+'@koopjs/output-geoservices': major
+---
+
+- change generateToken route so it matches latest pattern in ArcGIS
+- add option "useHttpForTokenUrl" to use http protocol on the authInfo.tokenServicesUrl returned by rest/info route
+
diff --git a/.nycrc b/.nycrc
@@ -6,7 +6,7 @@
         "packages/cache-memory/src/**/*.js",
         "packages/logger/src/**/*.js",
         "packages/output-geoservices/src/**/*.js",
-        "packages/koop-core/src/**/*.js"
+        "packages/core/src/**/*.js"
     ],
     "exclude": ["**/*.spec.js"],
     "includeAllSources": true

diff --git a/demo/index.js b/demo/index.js
@@ -1,6 +1,12 @@
 const Koop = require('@koopjs/koop-core');
 const provider = require('@koopjs/provider-file-geojson');
-
 const koop = new Koop({ logLevel: 'debug' });
+
+// const auth = require('@koopjs/auth-direct-file')(
+//   'pass-in-your-secret',
+//   `${__dirname}/user-store.json`
+// );
+
+// koop.register(auth);
 koop.register(provider, { dataDir: './demo/provider-data'});
-koop.server.listen(8080);
+koop.server.listen(process.env.PORT || 8080);
diff --git a/demo/user-store.json b/demo/user-store.json
@@ -0,0 +1,4 @@
+[{
+  "username": "helloworld",
+  "password": "foobar"
+}]
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -47,7 +47,7 @@
     "@changesets/changelog-git": "^0.1.14",
     "@changesets/cli": "^2.26.2",
     "@commitlint/config-conventional": "^18.4.2",
-    "@koopjs/auth-direct-file": "^2.0.2",
+    "@koopjs/auth-direct-file": "^3.0.0-alpha.0",
     "@koopjs/provider-file-geojson": "^2.2.0",
     "await-spawn": "^4.0.2",
     "byline": "^5.0.0",

diff --git a/packages/core/README.md b/packages/core/README.md
@@ -94,6 +94,16 @@ const options = {
 }
 ```
 
+#### skipGeoservicesRegistration
+By default, Koop will register the GeoServices output-plugin (a.k.a. FeatureServer).  If you do not want this plugin registered or want to register a specific version, you can skip the default registration by setting the option to `true`:
+
+```js
+const options = {
+  skipGeoservicesRegistration: true
+}
+```
+
+
 #### geoservicesDefaults
 Koop registers the Geoservices output plugin (FeatureServer) by default.  This plugin takes its own options including those to set server and layer metadata (e.g., FeatureServer version, copyrightText, maxRecordCount, etc). These are useful for overriding defaults set in the FeatureServer codebase. You can have Koop set these options at start-up by passing the `geoservicesDefaults` option.  It should be a JSON object with the specification described in the [FeatureServer documentation](packages/featureserver#featureserver.setdefaults).
 

diff --git a/packages/core/coverage.svg b/packages/core/coverage.svg
diff --git a/packages/core/src/data-provider/extend-model.js b/packages/core/src/data-provider/extend-model.js
@@ -35,6 +35,11 @@ module.exports = function extendModel ({ ProviderModel, namespace, logger, cache
     }
 
     async pull (req, callback) {
+      const { error } = await this.#authorizeRequest(req);
+      if (error) {
+        return callback(error);
+      }
+
       const key = this.#createCacheKey(req);
 
       try {
@@ -63,6 +68,11 @@ module.exports = function extendModel ({ ProviderModel, namespace, logger, cache
     // TODO: the pullLayer() and the pullCatalog() are very similar to the pull()
     // function. We may consider to merging them in the future.
     async pullLayer (req, callback) {
+      const { error } = await this.#authorizeRequest(req);
+      if (error) {
+        return callback(error);
+      }
+
       if (!this.#getLayer) {
         callback(new Error(`getLayer() method is not implemented in the ${this.namespace} provider.`));
       }
@@ -91,6 +101,11 @@ module.exports = function extendModel ({ ProviderModel, namespace, logger, cache
     }
 
     async pullCatalog (req, callback) {
+      const { error } = await this.#authorizeRequest(req);
+      if (error) {
+        return callback(error);
+      }
+
       if (!this.#getCatalog) {
         callback(new Error(`getCatalog() method is not implemented in the ${this.namespace} provider.`));
       }
@@ -119,6 +134,12 @@ module.exports = function extendModel ({ ProviderModel, namespace, logger, cache
     }
 
     async pullStream (req) {
+      const { error } = await this.#authorizeRequest(req);
+
+      if (error) {
+        throw error;
+      }
+
       if (this.getStream) {
         await this.#before(req);
         const providerStream = await this.getStream(req);
@@ -135,20 +156,48 @@ module.exports = function extendModel ({ ProviderModel, namespace, logger, cache
       }
       return hasher(req.url).toString();
     }
+
+    async #authorizeRequest (req) {
+      try {
+        await this.authorize(req);
+      } catch (error) {
+        error.code = 401;
+        return { error };
+      }
+
+      return { error: null };
+    }
   }
 
-  // Add auth methods if auth plugin registered with Koop
-  if (authModule) {
-    const {
-      authenticationSpecification,
-      authenticate,
-      authorize
-    } = authModule;
-
-    Model.prototype.authenticationSpecification = Object.assign({}, authenticationSpecification(namespace), { provider: namespace });
-    Model.prototype.authenticate = authenticate;
-    Model.prototype.authorize = authorize;
+  // If provider does not have auth-methods, 
+  // check for global auth-module. if exists, use it, 
+  // otherwise use dummy methods
+
+  if (typeof ProviderModel.prototype.authorize !== 'function') {
+    Model.prototype.authorize = typeof authModule?.authorize  === 'function' ? authModule.authorize : async () => {};
   }
+
+  if (typeof ProviderModel.prototype.authenticate !== 'function') {
+    Model.prototype.authenticate =  typeof authModule?.authenticate === 'function' ? authModule?.authenticate : async () => { return {}; };
+  }
+
+  if(typeof authModule?.authenticationSpecification === 'function') {
+    logger.warn('Use of "authenticationSpecification" is deprecated. It will be removed in a future release.');
+    Model.prototype.authenticationSpecification =  authModule?.authenticationSpecification;
+  }
+  // Add auth methods if auth plugin registered with Koop
+  // if (authModule) {
+  //   const {
+  //     authenticationSpecification,
+  //     authenticate,
+  //     authorize
+  //   } = authModule;
+
+  //   Model.prototype.authenticationSpecification = Object.assign({}, authenticationSpecification(namespace), { provider: namespace });
+  //   Model.prototype.authenticate = authenticate;
+  //   Model.prototype.authorize = authorize;
+  // }
+
   return new Model({ logger, cache }, options);
 };