some fix for UI login
This commit is contained in:
gowthaman.b
@@ -46,12 +46,12 @@ class AppAccessManager : AccessManager {
|
||||
}
|
||||
|
||||
val isAllowed = currentRoles().count { allowedRoles.contains(it) } > 0
|
||||
logger.warn("entity - $entity, action $action, userroles = ${currentRoles()}, allowed = $allowedRoles, isAllowed? $isAllowed, enforce? ${appConfig.enforceRoleRestriction()}")
|
||||
logger.warn("entity - $entity, action $action, user roles = ${currentRoles()}, allowed = $allowedRoles, isAllowed? $isAllowed, enforce? ${appConfig.enforceRoleRestriction()}")
|
||||
if (isAllowed || !appConfig.enforceRoleRestriction() || allowedRoles.isEmpty()) {
|
||||
//if role is allowed, or enforcement is turned off or no roles are explicitly allowed
|
||||
handler.handle(ctx)
|
||||
} else {
|
||||
ctx.status(HttpStatus.UNAUTHORIZED).result("unauthorized request")
|
||||
ctx.status(HttpStatus.FORBIDDEN).result("user not allowed to do this")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,6 +12,8 @@ import com.restapi.config.Roles
|
||||
import com.restapi.controllers.Entities
|
||||
import com.restapi.domain.DataNotFoundException
|
||||
import com.restapi.domain.Session
|
||||
import com.restapi.domain.Session.currentTenant
|
||||
import com.restapi.domain.Session.currentUser
|
||||
import com.restapi.domain.Session.objectMapper
|
||||
import com.restapi.domain.Session.redis
|
||||
import com.restapi.domain.Session.setAuthorizedUser
|
||||
@@ -34,6 +36,7 @@ import java.net.http.HttpRequest.BodyPublishers
|
||||
import java.net.http.HttpResponse.BodyHandlers
|
||||
import java.nio.charset.StandardCharsets
|
||||
import java.security.MessageDigest
|
||||
import java.time.LocalDateTime
|
||||
import java.util.*
|
||||
import java.util.concurrent.TimeUnit
|
||||
import kotlin.jvm.optionals.getOrDefault
|
||||
@@ -73,6 +76,9 @@ fun main(args: Array<String>) {
|
||||
|
||||
path("/auth") {
|
||||
//for testing, development only
|
||||
get("/endpoint") {
|
||||
it.json(getAuthEndpoint())
|
||||
}
|
||||
get("/init") {
|
||||
val endpoint = getAuthEndpoint().authorizationEndpoint
|
||||
|
||||
@@ -83,6 +89,8 @@ fun main(args: Array<String>) {
|
||||
get("/code") {
|
||||
|
||||
val code = it.queryParam("code") ?: throw BadRequestResponse("not proper")
|
||||
val redirectUri = it.queryParam("redirectUrl") ?: appConfig.iamClientRedirectUri()
|
||||
val iamClient = it.queryParam("client") ?: appConfig.iamClient()
|
||||
|
||||
val ep = getAuthEndpoint().tokenEndpoint
|
||||
val client = HttpClient.newHttpClient()
|
||||
@@ -93,8 +101,8 @@ fun main(args: Array<String>) {
|
||||
getFormDataAsString(
|
||||
mapOf(
|
||||
"code" to code,
|
||||
"redirect_uri" to appConfig.iamClientRedirectUri(),
|
||||
"client_id" to appConfig.iamClient(),
|
||||
"redirect_uri" to redirectUri,
|
||||
"client_id" to iamClient,
|
||||
"grant_type" to "authorization_code",
|
||||
)
|
||||
)
|
||||
@@ -104,9 +112,10 @@ fun main(args: Array<String>) {
|
||||
.build()
|
||||
val message = client.send(req, BodyHandlers.ofString()).body()
|
||||
val atResponse = objectMapper.readValue<AuthTokenResponse>(message)
|
||||
val parsed = validateAuthToken(atResponse.accessToken)
|
||||
|
||||
//lets keep auth token refreshed
|
||||
redis.sadd("AUTH_TOKEN", message)
|
||||
//keep track of this
|
||||
redis.rpush("AUTH_TOKEN_${parsed.userName}", message)
|
||||
it.result(atResponse.accessToken).contentType(ContentType.TEXT_PLAIN)
|
||||
|
||||
}
|
||||
@@ -155,6 +164,9 @@ fun main(args: Array<String>) {
|
||||
|
||||
|
||||
path("/api") {
|
||||
post("/audit/{action}") {
|
||||
logger.warn("User ${currentUser()} of tenant ${currentTenant()} has performed ${it.pathParam("action")} @ ${LocalDateTime.now()}")
|
||||
}
|
||||
post("/script/database/{name}", Entities::executeStoredProcedure, Roles(adminRole, Role.DbOps))
|
||||
post("/script/{file}/{name}", Entities::executeScript, Roles(adminRole, Role.DbOps))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user