scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-20 14:45:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Refactor Azure configuration [SCI-4098]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2019-11-26 15:09:40 +01:00
parent 722958a716
commit 6b20a10473
8 changed files with 27 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/api_controller.rb
View file

@ -80,7 +80,7 @@ module Api
end
# Default token implementation
unless iss == Api.configuration.core_api_token_iss
unless iss == Rails.configuration.x.core_api_token_iss
raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss')
end
payload = CoreJwt.decode(token)

2
app/models/user.rb
View file

@ -486,7 +486,7 @@ class User < ApplicationRecord
includes(:user_identities)
.where(
'user_identities.provider=? AND user_identities.uid=?',
Api.configuration.azure_ad_apps[token_payload[:aud]][:provider],
Rails.configuration.x.azure_ad_apps[token_payload[:aud]][:provider],
token_payload[:sub]
)
.references(:user_identities)

31
app/services/api.rb
View file

@ -1,31 +0,0 @@
module Api
class << self
attr_accessor :configuration
end
def self.configuration
@configuration ||= Configuration.new
end
def self.configure
yield(configuration)
end
class Configuration
attr_accessor :core_api_sign_alg
attr_accessor :core_api_token_ttl
attr_accessor :core_api_token_iss
attr_accessor :azure_ad_apps
attr_accessor :core_api_v1_enabled
attr_accessor :core_api_rate_limit
def initialize
@core_api_sign_alg = 'HS256'
@core_api_token_ttl = 30.minutes
@core_api_token_iss = 'SciNote'
@azure_ad_apps = {}
@core_api_v1_enabled = false
@core_api_rate_limit = 1000
end
end
end

4
app/services/api/azure_jwt.rb
View file

@ -9,7 +9,7 @@ module Api
def self.fetch_rsa_key(k_id, app_id)
cache_key = "api_azure_ad_rsa_key_#{k_id}"
Rails.cache.fetch(cache_key, expires_in: KEYS_CACHING_PERIOD) do
conf_url = Api.configuration.azure_ad_apps[app_id][:conf_url]
conf_url = Rails.configuration.x.azure_ad_apps[app_id][:conf_url]
keys_url = JSON.parse(Net::HTTP.get(URI(conf_url)))['jwks_uri']
data = JSON.parse(Net::HTTP.get(URI.parse(keys_url)))
verif_key = data['keys'].find { |key| key['kid'] == k_id }
@ -35,7 +35,7 @@ module Api
# Now search for matching app variables in configuration
app_id = unverified_token[0]['aud']
app_config = Api.configuration.azure_ad_apps[app_id]
app_config = Rails.configuration.x.azure_ad_apps[app_id]
unless app_config
raise JWT::VerificationError,
'Azure AD: No application configured with such ID'

8
app/services/api/core_jwt.rb
View file

@ -7,15 +7,15 @@ module Api
if expires_at
payload[:exp] = expires_at
else
payload[:exp] = Api.configuration.core_api_token_ttl.from_now.to_i
payload[:exp] = Rails.configuration.x.core_api_token_ttl.from_now.to_i
end
payload[:iss] = Api.configuration.core_api_token_iss
JWT.encode(payload, KEY_SECRET, Api.configuration.core_api_sign_alg)
payload[:iss] = Rails.configuration.x.core_api_token_iss
JWT.encode(payload, KEY_SECRET, Rails.configuration.x.core_api_sign_alg)
end
def self.decode(token)
HashWithIndifferentAccess.new(
JWT.decode(token, KEY_SECRET, Api.configuration.core_api_sign_alg)[0]
JWT.decode(token, KEY_SECRET, Rails.configuration.x.core_api_sign_alg)[0]
)
end

36
config/initializers/api.rb
View file

@ -1,36 +1,32 @@
Api.configure do |config|
if ENV['CORE_API_SIGN_ALG']
config.core_api_sign_alg = ENV['CORE_API_SIGN_ALG']
end
if ENV['CORE_API_TOKEN_TTL']
config.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds
end
if ENV['CORE_API_TOKEN_ISS']
config.core_api_token_iss = ENV['CORE_API_TOKEN_ISS']
end
Rails.application.configure do
config.x.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] if ENV['CORE_API_SIGN_ALG']
config.core_api_rate_limit =
ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000
config.x.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds if ENV['CORE_API_TOKEN_TTL']
config.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED']
config.x.core_api_token_iss = ENV['CORE_API_TOKEN_ISS'] if ENV['CORE_API_TOKEN_ISS']
config.x.core_api_rate_limit = ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000
config.x.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED']
vars = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ }
vars.each do |name, value|
app_name = name.sub('_AZURE_AD_APP_ID', '')
config.azure_ad_apps[value] = {}
config.x.azure_ad_apps[value] = {}
iss = ENV["#{app_name}_AZURE_AD_ISS"]
raise StandardError, "No ISS for #{app_name} Azure app" unless iss
config.azure_ad_apps[value][:iss] = iss
config.x.azure_ad_apps[value][:iss] = iss
conf_url = ENV["#{app_name}_AZURE_AD_CONF_URL"]
raise StandardError, "No CONF_URL for #{app_name} Azure app" unless conf_url
config.azure_ad_apps[value][:conf_url] = conf_url
config.x.azure_ad_apps[value][:conf_url] = conf_url
provider = ENV["#{app_name}_AZURE_AD_PROVIDER_NAME"]
unless provider
raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app"
end
config.azure_ad_apps[value][:provider] = provider
raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app" unless provider
config.x.azure_ad_apps[value][:provider] = provider
end
end

4
config/initializers/rack_attack.rb
View file

@ -2,10 +2,10 @@
return unless Rails.env.production?
return if Api.configuration.core_api_rate_limit.zero?
return if Rails.configuration.x.core_api_rate_limit.zero?
Rack::Attack.throttle('api requests by ip',
limit: Api.configuration.core_api_rate_limit,
limit: Rails.configuration.x.core_api_rate_limit,
period: 60) do |request|
request.ip if request.path.match?(%r{^\/api\/})
end

2
config/routes.rb
View file

@ -620,7 +620,7 @@ Rails.application.routes.draw do
namespace :api, defaults: { format: 'json' } do
get 'health', to: 'api#health'
get 'status', to: 'api#status'
if Api.configuration.core_api_v1_enabled || Rails.env.development?
if Rails.configuration.x.core_api_v1_enabled
namespace :v1 do
resources :teams, only: %i(index show) do
resources :inventories,