Merge branch 'staging' into dev

51a32f48 · xgui3783 · GitHub · c98aca49 · 1a3d1ee0 · 51a32f48
Unverified Commit 51a32f48 authored 4 years ago by xgui3783 Committed by GitHub 4 years ago
--- a/deploy/app.js
+++ b/deploy/app.js
@@ -92,6 +92,11 @@ app.get('/', (req, res) => {
  res.status(200).send(`${indexTemplate.replace(/\$\$NONCE\$\$/g, res.locals.nonce)}`)
 })

+/**
+ * User route, for user profile/management
+ */
+app.use('/user', require('./user'))
+
 /**
 * only use compression for production
 * this allows locally built aot to be served without errors

--- a/deploy/auth/hbp-oidc-v2.js
+++ b/deploy/auth/hbp-oidc-v2.js
+const passport = require('passport')
+const { configureAuth } = require('./oidc')
+
+const HOSTNAME = process.env.HOSTNAME || 'http://localhost:3000'
+const HOST_PATHNAME = process.env.HOST_PATHNAME || ''
+const clientId = process.env.HBP_CLIENTID_V2 || 'no hbp id'
+const clientSecret = process.env.HBP_CLIENTSECRET_V2 || 'no hbp client secret'
+const discoveryUrl = 'https://iam.humanbrainproject.eu/auth/realms/hbp'
+const redirectUri = `${HOSTNAME}${HOST_PATHNAME}/hbp-oidc-v2/cb`
+const cb = (tokenset, {sub, given_name, family_name, ...rest}, done) => {
+  return done(null, {
+    id: `hbp-oidc-v2:${sub}`,
+    name: `${given_name} ${family_name}`,
+    type: `hbp-oidc-v2`,
+    tokenset,
+    rest
+  })
+}
+
+module.exports = async (app) => {
+  try {
+    const { oidcStrategy } = await configureAuth({
+      clientId,
+      clientSecret,
+      discoveryUrl,
+      redirectUri,
+      cb,
+      scope: 'openid email offline_access profile collab.drive',
+      clientConfig: {
+        redirect_uris: [ redirectUri ],
+        response_types: [ 'code' ]
+      }
+    })
+    
+    passport.use('hbp-oidc-v2', oidcStrategy)
+    app.get('/hbp-oidc-v2/auth', passport.authenticate('hbp-oidc-v2'))
+    app.get('/hbp-oidc-v2/cb', passport.authenticate('hbp-oidc-v2', {
+      successRedirect: `${HOST_PATHNAME}/`,
+      failureRedirect: `${HOST_PATHNAME}/`
+    }))
+  } catch (e) {
+    console.error(e)
+  }
+}
--- a/deploy/auth/index.js
+++ b/deploy/auth/index.js
 const hbpOidc = require('./hbp-oidc')
+const hbpOidc2 = require('./hbp-oidc-v2')
 const passport = require('passport')
 const objStoreDb = new Map()
 const HOST_PATHNAME = process.env.HOST_PATHNAME || ''
@@ -20,14 +21,7 @@ module.exports = async (app) => {
  })

  await hbpOidc(app)
-
-  app.get('/user', (req, res) => {
-    if (req.user) {
-      return res.status(200).send(JSON.stringify(req.user))
-    } else {
-      return res.status(401).end()
-    }
-  })
+  await hbpOidc2(app)

  app.get('/logout', (req, res) => {
    if (req.user && req.user.id) objStoreDb.delete(req.user.id)

--- a/deploy/package.json
+++ b/deploy/package.json
@@ -19,6 +19,7 @@
    "body-parser": "^1.19.0",
    "express": "^4.16.4",
    "express-session": "^1.15.6",
+    "hbp-seafile": "0.0.6",
    "helmet-csp": "^2.8.0",
    "jwt-decode": "^2.2.0",
    "memorystore": "^1.6.1",

--- a/deploy/user/index.js
+++ b/deploy/user/index.js
+const router = require('express').Router()
+const { readUserData, saveUserData } = require('./store')
+const bodyParser = require('body-parser')
+
+const loggedInOnlyMiddleware = (req, res, next) => {
+  const { user } = req
+  if (!user) return res.status(401).end()
+  return next()
+}
+
+router.get('', loggedInOnlyMiddleware, (req, res) => {
+  return res.status(200).send(JSON.stringify(req.user))
+})
+
+router.get('/config', loggedInOnlyMiddleware, async (req, res) => {
+  const { user } = req
+  try{
+    const data = await readUserData(user)
+    res.status(200).json(data)
+  } catch (e){
+    console.error(e)
+    res.status(500).send(e.toString())
+  }
+})
+
+router.post('/config', loggedInOnlyMiddleware, bodyParser.json(), async (req, res) => {
+  const { user, body } = req
+  try {
+    await saveUserData(user, body)
+    res.status(200).end()
+  } catch (e) {
+    console.error(e)
+    res.status(500).send(e.toString())
+  }
+})
+
+module.exports = router
\ No newline at end of file
--- a/deploy/user/store.js
+++ b/deploy/user/store.js
+const { Seafile } = require('hbp-seafile')
+const { Readable } = require('stream')
+
+const IAV_DIR_NAME = `interactive-atlas-viewer`
+const IAV_DIRECTORY = `/${IAV_DIR_NAME}/`
+const IAV_FILENAME = 'data.json'
+
+const getNewSeafilehandle = async ({ accessToken }) => {
+  const seafileHandle = new Seafile({ accessToken })
+  await seafileHandle.init()
+  return seafileHandle
+}
+
+const saveUserData = async (user, data) => {
+  const { access_token } = user && user.tokenset || {}
+  if (!access_token) throw new Error(`user or user.tokenset not set can only save logged in user data`)
+
+  let handle = await getNewSeafilehandle({ accessToken: access_token })
+
+  const s = await handle.ls()
+  const found = s.find(({ type, name }) => type === 'dir' && name === IAV_DIR_NAME)
+
+  // if dir exists, check permission. throw if no writable or readable permission
+  if (found && !/w/.test(found.permission) && !/r/.test(found.permission)){
+    throw new Error(`Writing to file not permitted. Current permission: ${found.permission}`)
+  }
+
+  // create new dir if does not exist. Should have rw permission
+  if (!found) {
+    await handle.mkdir({ dir: IAV_DIR_NAME })
+  }
+
+  const fileLs = await handle.ls({ dir: IAV_DIRECTORY })
+  const fileFound = fileLs.find(({ type, name }) => type === 'file' && name === IAV_FILENAME )
+
+  const rStream = new Readable()
+  rStream.path = IAV_FILENAME
+  rStream.push(JSON.stringify(data))
+  rStream.push(null)
+
+  if(!fileFound) {
+    return handle.uploadFile({ readStream: rStream, filename: `${IAV_FILENAME}` }, { dir: IAV_DIRECTORY })
+  }
+
+  if (fileFound && !/w/.test(fileFound.permission)) {
+    return new Error('file permission cannot be written')
+  }
+
+  return handle.updateFile({ dir: IAV_DIRECTORY, replaceFilepath: `${IAV_DIRECTORY}${IAV_FILENAME}` }, { readStream: rStream, filename: IAV_FILENAME })
+}
+
+const readUserData = async (user) => {
+  const { access_token } = user && user.tokenset || {}
+  if (!access_token) throw new Error(`user or user.tokenset not set can only save logged in user data`)
+
+  let handle = await getNewSeafilehandle({ accessToken: access_token })
+  try {
+    const r = await handle.readFile({ dir: `${IAV_DIRECTORY}${IAV_FILENAME}` })
+    return JSON.parse(r)
+  }catch(e){
+    return {}
+  }
+}
+
+module.exports = {
+  saveUserData,
+  readUserData
+}
--- a/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-100.png
+++ b/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-100.png
--- a/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-200.png
+++ b/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-200.png
--- a/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-300.png
+++ b/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-300.png
--- a/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-400.png
+++ b/src/res/images/AllenMouseCommonCoordinateFrameworkv32015-400.png
--- a/src/res/images/AllenMouseCommonCoordinateFrameworkv32015.png
+++ b/src/res/images/AllenMouseCommonCoordinateFrameworkv32015.png
--- a/src/res/images/BigBrainHistology-100.png
+++ b/src/res/images/BigBrainHistology-100.png
--- a/src/res/images/BigBrainHistology-200.png
+++ b/src/res/images/BigBrainHistology-200.png
--- a/src/res/images/BigBrainHistology-300.png
+++ b/src/res/images/BigBrainHistology-300.png
--- a/src/res/images/BigBrainHistology-400.png
+++ b/src/res/images/BigBrainHistology-400.png
--- a/src/res/images/BigBrainHistology.png
+++ b/src/res/images/BigBrainHistology.png
--- a/src/res/images/ICBM2009cNonlinearAsymmetric-100.png
+++ b/src/res/images/ICBM2009cNonlinearAsymmetric-100.png
--- a/src/res/images/ICBM2009cNonlinearAsymmetric-200.png
+++ b/src/res/images/ICBM2009cNonlinearAsymmetric-200.png
--- a/src/res/images/ICBM2009cNonlinearAsymmetric-300.png
+++ b/src/res/images/ICBM2009cNonlinearAsymmetric-300.png
--- a/src/res/images/ICBM2009cNonlinearAsymmetric-400.png
+++ b/src/res/images/ICBM2009cNonlinearAsymmetric-400.png