From ee72975b1738ad8e98504d6e17a5fe1c448585e8 Mon Sep 17 00:00:00 2001 From: Theo Sanderson Date: Wed, 1 May 2024 22:04:48 +0100 Subject: [PATCH 1/6] add keycloak client secret --- kubernetes/loculus/templates/_config-processor.tpl | 5 +++++ kubernetes/loculus/templates/loculus-website-config.yaml | 3 ++- website/src/types/runtimeConfig.ts | 1 + website/src/utils/KeycloakClientManager.ts | 4 ++-- website/src/utils/clientMetadata.ts | 9 +++++++-- website/tests/e2e.fixture.ts | 4 ++-- website/vitest.setup.ts | 1 + 7 files changed, 20 insertions(+), 7 deletions(-) diff --git a/kubernetes/loculus/templates/_config-processor.tpl b/kubernetes/loculus/templates/_config-processor.tpl index bd2263978..f6c0f2bd2 100644 --- a/kubernetes/loculus/templates/_config-processor.tpl +++ b/kubernetes/loculus/templates/_config-processor.tpl @@ -15,6 +15,11 @@ secretKeyRef: name: smtp-password key: secretKey + - name: LOCULUSSUB_backendKeycloakClientSecret + valueFrom: + secretKeyRef: + name: backend-keycloak-client-secret + key: backendKeycloakClientSecret {{- end }} diff --git a/kubernetes/loculus/templates/loculus-website-config.yaml b/kubernetes/loculus/templates/loculus-website-config.yaml index ad439b7e1..39cdfa2d8 100644 --- a/kubernetes/loculus/templates/loculus-website-config.yaml +++ b/kubernetes/loculus/templates/loculus-website-config.yaml @@ -36,7 +36,8 @@ data: }, "public": { {{- template "loculus.publicRuntimeConfig" dict "Values" .Values "externalLapisUrlConfig" $externalLapisUrlConfig -}} - } + }, + "backendKeycloakClientSecret" : "[[backendKeycloakClientSecret]]" } diff --git a/website/src/types/runtimeConfig.ts b/website/src/types/runtimeConfig.ts index aa2d7657e..7df78fd38 100644 --- a/website/src/types/runtimeConfig.ts +++ b/website/src/types/runtimeConfig.ts @@ -19,6 +19,7 @@ export const serverConfig = serviceUrls.merge( export const runtimeConfig = z.object({ public: serviceUrls, serverSide: serverConfig, + backendKeycloakClientSecret: z.string().min(5), devMode: z.boolean(), }); export type RuntimeConfig = z.infer; diff --git a/website/src/utils/KeycloakClientManager.ts b/website/src/utils/KeycloakClientManager.ts index 6c9c82eb9..b36358251 100644 --- a/website/src/utils/KeycloakClientManager.ts +++ b/website/src/utils/KeycloakClientManager.ts @@ -3,7 +3,7 @@ import { type BaseClient, Issuer } from 'openid-client'; import { realmPath } from './realmPath.ts'; import { getRuntimeConfig } from '../config.ts'; import { getInstanceLogger } from '../logger.ts'; -import { clientMetadata } from '../utils/clientMetadata.ts'; +import { getClientMetadata } from '../utils/clientMetadata.ts'; export class KeycloakClientManager { private static _keycloakClient: BaseClient | undefined; @@ -22,7 +22,7 @@ export class KeycloakClientManager { try { const keycloakIssuer = await Issuer.discover(issuerUrl); this.logger.info(`Keycloak issuer discovered: ${keycloakIssuer}`); - this._keycloakClient = new keycloakIssuer.Client(clientMetadata); + this._keycloakClient = new keycloakIssuer.Client(getClientMetadata()); } catch (error: any) { if (error.code !== 'ECONNREFUSED') { this.logger.error(`Error discovering keycloak issuer: ${error}`); diff --git a/website/src/utils/clientMetadata.ts b/website/src/utils/clientMetadata.ts index 4399d2ed0..cafa8673e 100644 --- a/website/src/utils/clientMetadata.ts +++ b/website/src/utils/clientMetadata.ts @@ -1,7 +1,12 @@ // TODO: #1337 Move to config -export const clientMetadata = { +import { getRuntimeConfig } from '../config'; + +const clientMetadata = { client_id: 'backend-client', response_types: ['code', 'id_token'], - client_secret: 'someSecret', public: true, }; + +export const getClientMetadata = () => { + return { ...clientMetadata, client_secret: getRuntimeConfig().backendKeycloakClientSecret }; +}; diff --git a/website/tests/e2e.fixture.ts b/website/tests/e2e.fixture.ts index 858bf8e15..9f4e86b98 100644 --- a/website/tests/e2e.fixture.ts +++ b/website/tests/e2e.fixture.ts @@ -19,7 +19,7 @@ import { ACCESS_TOKEN_COOKIE, REFRESH_TOKEN_COOKIE } from '../src/middleware/aut import { BackendClient } from '../src/services/backendClient'; import { GroupManagementClient } from '../src/services/groupManagementClient.ts'; import { type DataUseTerms, type NewGroup, openDataUseTermsType } from '../src/types/backend.ts'; -import { clientMetadata } from '../src/utils/clientMetadata.ts'; +import { getClientMetadata } from '../src/utils/clientMetadata.ts'; import { realmPath } from '../src/utils/realmPath.ts'; type E2EFixture = { @@ -93,7 +93,7 @@ const testUserTokens: Record = {}; export async function getToken(username: string, password: string) { const issuerUrl = `${keycloakUrl}${realmPath}`; const keycloakIssuer = await Issuer.discover(issuerUrl); - const client = new keycloakIssuer.Client(clientMetadata); + const client = new keycloakIssuer.Client(getClientMetadata()); if (username in testUserTokens) { const accessToken = testUserTokens[username].accessToken; diff --git a/website/vitest.setup.ts b/website/vitest.setup.ts index a0ea64d48..b8412648c 100755 --- a/website/vitest.setup.ts +++ b/website/vitest.setup.ts @@ -30,6 +30,7 @@ export const testConfig = { keycloakUrl: 'http://authentication.dummy', }, devMode: true, + backendKeycloakClientSecret: 'dummy', } as RuntimeConfig; export const metadataKey = 'originalMetaDataField'; From 4d6f04556867164bca4edc8f3cfd191e3c252f3e Mon Sep 17 00:00:00 2001 From: Theo Sanderson Date: Wed, 1 May 2024 22:08:58 +0100 Subject: [PATCH 2/6] Update clientMetadata.ts --- website/src/utils/clientMetadata.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/website/src/utils/clientMetadata.ts b/website/src/utils/clientMetadata.ts index cafa8673e..a346f23b0 100644 --- a/website/src/utils/clientMetadata.ts +++ b/website/src/utils/clientMetadata.ts @@ -1,4 +1,3 @@ -// TODO: #1337 Move to config import { getRuntimeConfig } from '../config'; const clientMetadata = { From 0eb68a7d528d2391d12c1008c7b3a289664485b9 Mon Sep 17 00:00:00 2001 From: Theo Sanderson Date: Wed, 1 May 2024 22:23:15 +0100 Subject: [PATCH 3/6] update --- website/src/utils/clientMetadata.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/website/src/utils/clientMetadata.ts b/website/src/utils/clientMetadata.ts index cafa8673e..7d13920c9 100644 --- a/website/src/utils/clientMetadata.ts +++ b/website/src/utils/clientMetadata.ts @@ -8,5 +8,13 @@ const clientMetadata = { }; export const getClientMetadata = () => { - return { ...clientMetadata, client_secret: getRuntimeConfig().backendKeycloakClientSecret }; + const configDir = import.meta.env.CONFIG_DIR; + let backendKeycloakClientSecret; + if (typeof configDir !== 'string' || configDir === '') { + backendKeycloakClientSecret = 'dummySecret'; + } else { + backendKeycloakClientSecret = getRuntimeConfig().backendKeycloakClientSecret; + } + + return { ...clientMetadata, client_secret: backendKeycloakClientSecret }; }; From b8388a2a3a3758f78a789bb2315f7ec60b8000c8 Mon Sep 17 00:00:00 2001 From: Theo Sanderson Date: Wed, 1 May 2024 22:54:50 +0100 Subject: [PATCH 4/6] update --- website/src/utils/clientMetadata.ts | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/website/src/utils/clientMetadata.ts b/website/src/utils/clientMetadata.ts index 8411d342d..afcec360c 100644 --- a/website/src/utils/clientMetadata.ts +++ b/website/src/utils/clientMetadata.ts @@ -7,13 +7,20 @@ const clientMetadata = { }; export const getClientMetadata = () => { - const configDir = import.meta.env.CONFIG_DIR; - let backendKeycloakClientSecret; - if (typeof configDir !== 'string' || configDir === '') { - backendKeycloakClientSecret = 'dummySecret'; - } else { - backendKeycloakClientSecret = getRuntimeConfig().backendKeycloakClientSecret; - } + + - return { ...clientMetadata, client_secret: backendKeycloakClientSecret }; + return { ...clientMetadata, client_secret: getClientSecret() }; }; + + +const getClientSecret = () => { + if (import.meta.env === undefined) { + return "dummySecret"; + } + const configDir = import.meta.env.CONFIG_DIR; + if (typeof configDir !== 'string' || configDir === '' ){ + return 'dummySecret'; + } + return getRuntimeConfig().backendKeycloakClientSecret; +} \ No newline at end of file From 948671dfe85c48475cdc6c795e35da86c5211aa8 Mon Sep 17 00:00:00 2001 From: Theo Sanderson Date: Wed, 1 May 2024 23:11:11 +0100 Subject: [PATCH 5/6] update --- website/src/utils/clientMetadata.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/website/src/utils/clientMetadata.ts b/website/src/utils/clientMetadata.ts index afcec360c..46b3fd993 100644 --- a/website/src/utils/clientMetadata.ts +++ b/website/src/utils/clientMetadata.ts @@ -15,6 +15,7 @@ export const getClientMetadata = () => { const getClientSecret = () => { + // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition if (import.meta.env === undefined) { return "dummySecret"; } From fb5c974e47719c8feced2499f9f49ca22239c4da Mon Sep 17 00:00:00 2001 From: Theo Sanderson Date: Wed, 1 May 2024 23:15:16 +0100 Subject: [PATCH 6/6] format --- website/src/utils/clientMetadata.ts | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/website/src/utils/clientMetadata.ts b/website/src/utils/clientMetadata.ts index 46b3fd993..771581910 100644 --- a/website/src/utils/clientMetadata.ts +++ b/website/src/utils/clientMetadata.ts @@ -7,21 +7,17 @@ const clientMetadata = { }; export const getClientMetadata = () => { - - - return { ...clientMetadata, client_secret: getClientSecret() }; }; - const getClientSecret = () => { // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition if (import.meta.env === undefined) { - return "dummySecret"; + return 'dummySecret'; } const configDir = import.meta.env.CONFIG_DIR; - if (typeof configDir !== 'string' || configDir === '' ){ + if (typeof configDir !== 'string' || configDir === '') { return 'dummySecret'; } return getRuntimeConfig().backendKeycloakClientSecret; -} \ No newline at end of file +};