Skip to content

Commit

Permalink
refactor(cmd-api-server): pull OAuth2 endpoint scopes from openapi.json
Browse files Browse the repository at this point in the history
Primary Changes
----------------
1. added OAuth2 security endpoints scopes to openapi.json
2. added a test to make sure if the scopes are indeed getting
   pulled from the spec file

Fixes #2693

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>

1. Please also refactor the third endpoint (prometheus metrics) accordingly
2. Also please extend the test case with each tokens having specific scopes
and then assert that the tokesn with the correct scopes work and the ones
that don't have the correct scopes do not even when they are otherwise
valid tokens.

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
  • Loading branch information
aldousalvarez authored and petermetz committed Dec 1, 2024
1 parent 5b68592 commit 825a7bd
Show file tree
Hide file tree
Showing 30 changed files with 1,106 additions and 45 deletions.
2 changes: 1 addition & 1 deletion packages/cactus-cmd-api-server/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@
"fastify": "4.28.1",
"fs-extra": "11.2.0",
"google-protobuf": "3.21.4",
"http-status-codes": "2.1.3",
"jose": "4.15.5",
"json-stable-stringify": "1.0.2",
"lmify": "0.3.0",
Expand Down Expand Up @@ -134,7 +135,6 @@
"google-protobuf": "3.21.4",
"grpc-tools": "1.12.4",
"grpc_tools_node_protoc_ts": "5.3.3",
"http-status-codes": "2.1.4",
"protobufjs": "7.4.0",
"tsx": "4.16.2"
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ client.go
configuration.go
go.mod
go.sum
model_cmd_api_server_endpoint_error_response.go
model_health_check_response.go
model_memory_usage.go
model_watch_healthcheck_v1.go
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,14 +84,26 @@ Class | Method | HTTP request | Description

## Documentation For Models

- [CmdApiServerEndpointErrorResponse](docs/CmdApiServerEndpointErrorResponse.md)
- [HealthCheckResponse](docs/HealthCheckResponse.md)
- [MemoryUsage](docs/MemoryUsage.md)
- [WatchHealthcheckV1](docs/WatchHealthcheckV1.md)


## Documentation For Authorization

Endpoints do not require authorization.

Authentication schemes defined for the API:
### bearerTokenAuth

- **Type**: HTTP Bearer token authentication

Example

```golang
auth := context.WithValue(context.Background(), sw.ContextAccessToken, "BEARER_TOKEN_STRING")
r, err := client.Service.Operation(auth, args)
```


## Documentation for Utility Methods
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ info:
version: 2.0.0
servers:
- url: /
security:
- bearerTokenAuth:
- read:health
- read:metrics
- read:spec
paths:
/api/v1/api-server/healthcheck:
get:
Expand All @@ -21,6 +26,21 @@ paths:
schema:
$ref: '#/components/schemas/HealthCheckResponse'
description: OK
"401":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Unauthorized - Invalid token
"403":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Forbidden - Valid token but missing correct scope
security:
- bearerTokenAuth:
- read:health
summary: Can be used to verify liveness of an API server instance
x-hyperledger-cacti:
http:
Expand All @@ -37,6 +57,21 @@ paths:
schema:
$ref: '#/components/schemas/PrometheusExporterMetricsResponse'
description: OK
"401":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Unauthorized - Invalid token
"403":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Forbidden - Valid token but missing correct scope
security:
- bearerTokenAuth:
- read:metrics
summary: Get the Prometheus Metrics
x-hyperledger-cacti:
http:
Expand All @@ -54,6 +89,21 @@ paths:
schema:
$ref: '#/components/schemas/GetOpenApiSpecV1EndpointResponse'
description: OK
"401":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Unauthorized - Invalid token
"403":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Forbidden - Valid token but missing correct scope
security:
- bearerTokenAuth:
- read:spec
x-hyperledger-cacti:
http:
verbLowerCase: get
Expand Down Expand Up @@ -127,3 +177,14 @@ components:
GetOpenApiSpecV1EndpointResponse:
nullable: false
type: string
CmdApiServerEndpointErrorResponse:
properties:
message:
example: |
Forbidden - Valid token but missing correct scope
type: string
securitySchemes:
bearerTokenAuth:
bearerFormat: JSON Web Tokens
scheme: bearer
type: http

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 825a7bd

Please sign in to comment.