particle-os/debian-image-builder-frontend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

profiles: Add profile with unsafe identity

Browse source
This commit is contained in:
sanne raymaekers 2020-04-17 15:37:03 +02:00
parent f93d36b972
commit 3f1cca388f
1 changed files with 127 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

127
profiles/local-frontend-and-api-with-identity.js Normal file
View file

@ -0,0 +1,127 @@
/*global module*/
const jwt = require('jsonwebtoken');
const cookie = require('cookie');
const fs = require('fs');
const base64 = require('base-64');
const SECTION = 'apps';
const APP_ID = 'osbuild-installer';
const FRONTEND_PORT = 8002;
const API_PORT = 8086;
const routes = {};
const PORTAL_BACKEND_MARKER = 'PORTAL_BACKEND_MARKER';
const keycloakPubkeys = {
prod: fs.readFileSync('/certs/keycloak.prod.cert', 'utf8'),
stage: fs.readFileSync('/certs/keycloak.stage.cert', 'utf8'),
qa: fs.readFileSync('/certs/keycloak.qa.cert', 'utf8')
};
const buildUser = input => {
const user = {
entitlements: {
insights: { is_entitled: true },
smart_management: { is_entitled: true },
openshift: { is_entitled: true },
hybrid: { is_entitled: true },
migrations: { is_entitled: true },
ansible: { is_entitled: true }
},
identity: {
account_number: input.account_number,
type: 'User',
user: {
username: input.username,
email: input.email,
first_name: input.first_name,
last_name: input.last_name,
is_active: true,
is_org_admin: input.is_org_admin,
is_internal: input.is_internal,
locale: input.locale
},
internal: {
org_id: input.account_id
}
}
};
return user;
};
const envMap = {
ci: {
keycloakPubkey: keycloakPubkeys.qa,
target: 'https://ci.cloud.redhat.com',
str: 'ci'
},
qa: {
keycloakPubkey: keycloakPubkeys.qa,
target: 'https://qa.cloud.redhat.com',
str: 'qa'
},
stage: {
keycloakPubkey: keycloakPubkeys.stage,
target: 'https://stage.cloud.redhat.com',
str: 'stage'
},
prod: {
keycloakPubkey: keycloakPubkeys.prod,
target: 'https://cloud.redhat.com',
str: 'prod'
}
};
const authPlugin = (req, res, target) => {
let env = envMap.prod;
switch (req.headers['x-spandx-origin']) {
case 'ci.foo.redhat.com': env = envMap.ci; break;
case 'qa.foo.redhat.com': env = envMap.qa; break;
case 'stage.foo.redhat.com': env = envMap.stage; break;
case 'prod.foo.redhat.com': env = envMap.prod; break;
default: env = false;
}
if (target === PORTAL_BACKEND_MARKER) {
target = env.target;
console.log(` --> mangled ${PORTAL_BACKEND_MARKER} to ${target}`);
}
const noop = { then: (cb) => { cb(target); } };
if (!req || !req.headers || !req.headers.cookie) { return noop; } // no cookies short circut
const cookies = cookie.parse(req.headers.cookie);
if (!cookies.cs_jwt) { return noop; } // no rh_jwt short circut
var decoded = jwt.decode(cookies.cs_jwt);
const user = buildUser(decoded);
const unicodeUser = new Buffer(JSON.stringify(user), "utf8");
req.headers["x-rh-identity"] = unicodeUser.toString("base64");
return new Promise((resolve, reject) => resolve(target));
};
routes[`/beta/${SECTION}/${APP_ID}`] = { host: `http://localhost:${FRONTEND_PORT}` };
routes[`/${SECTION}/${APP_ID}`] = { host: `http://localhost:${FRONTEND_PORT}` };
routes[`/beta/apps/${APP_ID}`] = { host: `http://localhost:${FRONTEND_PORT}` };
routes[`/apps/${APP_ID}`] = { host: `http://localhost:${FRONTEND_PORT}` };
routes[`/api/${APP_ID}`] = { host: `http://localhost:${API_PORT}` };
routes['/apps/chrome'] = { host: PORTAL_BACKEND_MARKER };
routes['/apps/beta/chrome'] = { host: PORTAL_BACKEND_MARKER };
module.exports = {
bs: {
notify: false,
https: {
key: '/ssl/key.pem',
cert: '/ssl/cert.pem'
}
},
routerPlugin: authPlugin,
routes: routes,
};