Merge pull request #307 from SBU-BMI/refactor

Refactor promotion

.travis.yml

@@ -1,23 +1,15 @@
 sudo: required
-
-language: bash
-
+language: node_js
+node_js:
+  - "node"
 before_script:
-  - echo $TRAVIS_BUILD_DIR
-  - curl -L "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/shunit2/shunit2-2.1.6.tgz" | tar zx
-
+  - cd test
+  - npm install
+  - npm install -g mocha
+services:
+  - docker
 script:
-  - bash tests/equality_test.sh
-
-# TODO: Fix for full build
-#sudo: required
-#services:
-#    - docker
-#    - nodejs
-#    - phantomjs
-#before_install:
-#    - bash run_containers_develop.sh
-#    - cd tests
-#    - npm install -g casperjs
-#script:
-#    - casperjs test casper_test.js
+  - docker-compose -f ../caMicroscope.yml build
+  - docker-compose -f ../caMicroscope.yml up -d
+  - sleep 30
+  - mocha *.js --exit

Deps/Bindaas/Dockerfile

@@ -0,0 +1,34 @@
+FROM alpine:3.9
+LABEL maintainer="[email protected]"
+
+### update and include Shadow to manage users and groups
+RUN apk update
+RUN apk --no-cache add wget
+RUN apk --no-cache add shadow
+
+# Add group Bindaas and user Bindaas
+RUN groupadd -g 9999 bindaas && \
+    useradd -r -u 9999 -g bindaas bindaas
+
+WORKDIR /root/src
+
+RUN apk --no-cache add openjdk8-jre
+WORKDIR /root/bindaas/
+RUN wget https://github.com/sharmalab/bindaas/releases/download/v3.3.8/bindaas-dist-3.3.8.tar.gz
+RUN tar -xvf bindaas-dist-3.3.8.tar.gz && rm bindaas-dist-3.3.8.tar.gz
+COPY bindaas.config.json /root/bindaas/bin/
+COPY run.sh /root/bindaas/bin/
+
+# Add java to path
+ENV PATH /root/src/jre1.8.0_171/bin:$PATH
+
+RUN chown -R bindaas:bindaas /root/
+
+WORKDIR /root/bindaas/bin
+
+USER bindaas
+
+EXPOSE 9099
+EXPOSE 8080
+
+CMD ["sh", "run.sh"]

Deps/Bindaas/bindaas.config.json

@@ -0,0 +1,13 @@
+{
+  "host": "0.0.0.0",
+  "port": 9099,
+  "protocol": "http",
+  "enableAuthentication": false,
+  "enableAuthorization": false,
+  "enableAudit": true,
+  "authenticationProviderClass": "edu.emory.cci.bindaas.security.impl.DBAuthenticationProvider",
+  "authorizationProviderClass": "edu.emory.cci.bindaas.security_dashboard.service.AuthorizationProviderImpl",
+  "auditProviderClass": "edu.emory.cci.bindaas.security.impl.DBAuditProvider",
+  "proxyUrl": "http://localhost:9099",
+  "instanceName": "bindaas"
+}

Deps/Bindaas/run.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+java -jar -Dpid=BINDAAS_INSTANCE org.eclipse.osgi_3.10.100.v20150529-1857.jar
+
+while true; do sleep 1000; done

Deps/auth_service/Dockerfile

@@ -0,0 +1,9 @@
+FROM node:8-alpine
+RUN mkdir /root/src
+COPY . /root/src
+WORKDIR /root/src
+
+RUN npm install
+RUN npm install -g forever
+EXPOSE 8010
+CMD forever app.js

Deps/auth_service/about.md

@@ -0,0 +1 @@
+This is a pre-pathdb service to answer auth questions.

Deps/auth_service/app.js

@@ -0,0 +1,111 @@
+const express = require('express')
+const rp = require('request-promise');
+const app = express();
+const fs = require("fs");
+var jwt = require('jsonwebtoken');
+var jwkToPem = require('jwk-to-pem');
+var cookieParser = require('cookie-parser');
+var PORT = process.env.PORT || 8010
+var BASE_USER_URL = "http://ca-data:9099/services/caMicroscope/Authorization/query/getAuth?name="
+var SECRET = process.env.SECRET
+var EXPIRY = process.env.EXPIRY || "1d"
+
+// get cookies
+app.use(cookieParser())
+
+try {
+  let prikey_path = "/keys/key"
+  if(fs.existsSync(prikey_path)){
+    var PRIKEY = fs.readFileSync(prikey_path, 'utf8')
+  }
+} catch (err){
+  console.error(err)
+}
+
+try {
+  let pubkey_path = "/keys/key.pub"
+  if(fs.existsSync(pubkey_path)){
+    var PUBKEY = fs.readFileSync(pubkey_path, 'utf8')
+  }
+} catch (err){
+  console.error(err)
+}
+
+try {
+  let cert_path = "/keys/certificate"
+  if(fs.existsSync(cert_path)){
+    var SECRET = fs.readFileSync(cert_path, 'utf8')
+  }
+} catch (err){
+  console.error(err)
+}
+// jwks
+try {
+  let jwk_path = "/keys/jwk.json"
+  if(fs.existsSync(jwk_path)){
+    var SECRET = jwkToPem(JSON.parse(fs.readFileSync(jwk_path, 'utf8')))
+  }
+} catch (err){
+  console.error(err)
+}
+
+const getToken = function(req) {
+    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') { // Authorization: Bearer g1jipjgi1ifjioj
+        // Handle token presented as a Bearer token in the Authorization header
+    return req.headers.authorization.split(' ')[1];
+    } else if (req.query && req.query.token) {
+        // Handle token presented as URI param
+        return req.query.token;
+    } else if (req.cookies && req.cookies.token) {
+        // Handle token presented as a cookie parameter
+        return req.cookies.token;
+    }
+}
+// curry these calls
+function token_trade(check_key, sign_key){
+  return function(req,res){
+    jwt.verify(getToken(req), check_key, function(err, token){
+      if (err){
+        res.status(401).send(err)
+      } else {
+        if (!(token && (token.email || token.sub))){
+          // jwt doesn't say who you are, so bye
+          res.send(401).send({err:"email and sub are unset from source token"})
+        } else {
+          var name = token.email || token.sub
+          user_detail = rp({
+            uri: BASE_USER_URL + name,
+            json: true
+          })
+          user_detail.then(x=>{
+            console.log(x)
+            if (x.length >= 1 && x[0].hasOwnProperty('name')){
+              let attrs = x[0].attrs || []
+              data = {
+                'sub':name,
+                'name':x[0].name,
+                'attrs':attrs
+              }
+              // sign using the mounted key
+              var token = jwt.sign(data, sign_key, {algorithm:"RS256", expiresIn: EXPIRY})
+              res.send({'token':token})
+            } else {
+              res.status(401).send({"err":"User Unauthorized"})
+            }
+          })
+          user_detail.catch(e=>{
+            console.log(e)
+            res.status(401).send(e)
+          })
+        }
+      }
+    })
+  }
+}
+
+// convert or "check" a token
+app.get("/check", token_trade(SECRET, PRIKEY))
+// renew a token
+app.get("/renew", token_trade(PUBKEY, PRIKEY))
+
+app.listen(PORT, () => console.log('listening on ' + PORT))