mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 14:45:56 +08:00
Refactor Azure configuration [SCI-4098]
This commit is contained in:
parent
722958a716
commit
6b20a10473
|
@ -80,7 +80,7 @@ module Api
|
|||
end
|
||||
|
||||
# Default token implementation
|
||||
unless iss == Api.configuration.core_api_token_iss
|
||||
unless iss == Rails.configuration.x.core_api_token_iss
|
||||
raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss')
|
||||
end
|
||||
payload = CoreJwt.decode(token)
|
||||
|
|
|
@ -486,7 +486,7 @@ class User < ApplicationRecord
|
|||
includes(:user_identities)
|
||||
.where(
|
||||
'user_identities.provider=? AND user_identities.uid=?',
|
||||
Api.configuration.azure_ad_apps[token_payload[:aud]][:provider],
|
||||
Rails.configuration.x.azure_ad_apps[token_payload[:aud]][:provider],
|
||||
token_payload[:sub]
|
||||
)
|
||||
.references(:user_identities)
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
module Api
|
||||
class << self
|
||||
attr_accessor :configuration
|
||||
end
|
||||
|
||||
def self.configuration
|
||||
@configuration ||= Configuration.new
|
||||
end
|
||||
|
||||
def self.configure
|
||||
yield(configuration)
|
||||
end
|
||||
|
||||
class Configuration
|
||||
attr_accessor :core_api_sign_alg
|
||||
attr_accessor :core_api_token_ttl
|
||||
attr_accessor :core_api_token_iss
|
||||
attr_accessor :azure_ad_apps
|
||||
attr_accessor :core_api_v1_enabled
|
||||
attr_accessor :core_api_rate_limit
|
||||
|
||||
def initialize
|
||||
@core_api_sign_alg = 'HS256'
|
||||
@core_api_token_ttl = 30.minutes
|
||||
@core_api_token_iss = 'SciNote'
|
||||
@azure_ad_apps = {}
|
||||
@core_api_v1_enabled = false
|
||||
@core_api_rate_limit = 1000
|
||||
end
|
||||
end
|
||||
end
|
|
@ -9,7 +9,7 @@ module Api
|
|||
def self.fetch_rsa_key(k_id, app_id)
|
||||
cache_key = "api_azure_ad_rsa_key_#{k_id}"
|
||||
Rails.cache.fetch(cache_key, expires_in: KEYS_CACHING_PERIOD) do
|
||||
conf_url = Api.configuration.azure_ad_apps[app_id][:conf_url]
|
||||
conf_url = Rails.configuration.x.azure_ad_apps[app_id][:conf_url]
|
||||
keys_url = JSON.parse(Net::HTTP.get(URI(conf_url)))['jwks_uri']
|
||||
data = JSON.parse(Net::HTTP.get(URI.parse(keys_url)))
|
||||
verif_key = data['keys'].find { |key| key['kid'] == k_id }
|
||||
|
@ -35,7 +35,7 @@ module Api
|
|||
|
||||
# Now search for matching app variables in configuration
|
||||
app_id = unverified_token[0]['aud']
|
||||
app_config = Api.configuration.azure_ad_apps[app_id]
|
||||
app_config = Rails.configuration.x.azure_ad_apps[app_id]
|
||||
unless app_config
|
||||
raise JWT::VerificationError,
|
||||
'Azure AD: No application configured with such ID'
|
||||
|
|
|
@ -7,15 +7,15 @@ module Api
|
|||
if expires_at
|
||||
payload[:exp] = expires_at
|
||||
else
|
||||
payload[:exp] = Api.configuration.core_api_token_ttl.from_now.to_i
|
||||
payload[:exp] = Rails.configuration.x.core_api_token_ttl.from_now.to_i
|
||||
end
|
||||
payload[:iss] = Api.configuration.core_api_token_iss
|
||||
JWT.encode(payload, KEY_SECRET, Api.configuration.core_api_sign_alg)
|
||||
payload[:iss] = Rails.configuration.x.core_api_token_iss
|
||||
JWT.encode(payload, KEY_SECRET, Rails.configuration.x.core_api_sign_alg)
|
||||
end
|
||||
|
||||
def self.decode(token)
|
||||
HashWithIndifferentAccess.new(
|
||||
JWT.decode(token, KEY_SECRET, Api.configuration.core_api_sign_alg)[0]
|
||||
JWT.decode(token, KEY_SECRET, Rails.configuration.x.core_api_sign_alg)[0]
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -1,36 +1,32 @@
|
|||
Api.configure do |config|
|
||||
if ENV['CORE_API_SIGN_ALG']
|
||||
config.core_api_sign_alg = ENV['CORE_API_SIGN_ALG']
|
||||
end
|
||||
if ENV['CORE_API_TOKEN_TTL']
|
||||
config.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds
|
||||
end
|
||||
if ENV['CORE_API_TOKEN_ISS']
|
||||
config.core_api_token_iss = ENV['CORE_API_TOKEN_ISS']
|
||||
end
|
||||
Rails.application.configure do
|
||||
config.x.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] if ENV['CORE_API_SIGN_ALG']
|
||||
|
||||
config.core_api_rate_limit =
|
||||
ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000
|
||||
config.x.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds if ENV['CORE_API_TOKEN_TTL']
|
||||
|
||||
config.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED']
|
||||
config.x.core_api_token_iss = ENV['CORE_API_TOKEN_ISS'] if ENV['CORE_API_TOKEN_ISS']
|
||||
|
||||
config.x.core_api_rate_limit = ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000
|
||||
|
||||
config.x.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED']
|
||||
|
||||
vars = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ }
|
||||
vars.each do |name, value|
|
||||
app_name = name.sub('_AZURE_AD_APP_ID', '')
|
||||
config.azure_ad_apps[value] = {}
|
||||
config.x.azure_ad_apps[value] = {}
|
||||
|
||||
iss = ENV["#{app_name}_AZURE_AD_ISS"]
|
||||
raise StandardError, "No ISS for #{app_name} Azure app" unless iss
|
||||
config.azure_ad_apps[value][:iss] = iss
|
||||
|
||||
config.x.azure_ad_apps[value][:iss] = iss
|
||||
|
||||
conf_url = ENV["#{app_name}_AZURE_AD_CONF_URL"]
|
||||
raise StandardError, "No CONF_URL for #{app_name} Azure app" unless conf_url
|
||||
config.azure_ad_apps[value][:conf_url] = conf_url
|
||||
|
||||
config.x.azure_ad_apps[value][:conf_url] = conf_url
|
||||
|
||||
provider = ENV["#{app_name}_AZURE_AD_PROVIDER_NAME"]
|
||||
unless provider
|
||||
raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app"
|
||||
end
|
||||
config.azure_ad_apps[value][:provider] = provider
|
||||
raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app" unless provider
|
||||
|
||||
config.x.azure_ad_apps[value][:provider] = provider
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,10 +2,10 @@
|
|||
|
||||
return unless Rails.env.production?
|
||||
|
||||
return if Api.configuration.core_api_rate_limit.zero?
|
||||
return if Rails.configuration.x.core_api_rate_limit.zero?
|
||||
|
||||
Rack::Attack.throttle('api requests by ip',
|
||||
limit: Api.configuration.core_api_rate_limit,
|
||||
limit: Rails.configuration.x.core_api_rate_limit,
|
||||
period: 60) do |request|
|
||||
request.ip if request.path.match?(%r{^\/api\/})
|
||||
end
|
||||
|
|
|
@ -620,7 +620,7 @@ Rails.application.routes.draw do
|
|||
namespace :api, defaults: { format: 'json' } do
|
||||
get 'health', to: 'api#health'
|
||||
get 'status', to: 'api#status'
|
||||
if Api.configuration.core_api_v1_enabled || Rails.env.development?
|
||||
if Rails.configuration.x.core_api_v1_enabled
|
||||
namespace :v1 do
|
||||
resources :teams, only: %i(index show) do
|
||||
resources :inventories,
|
||||
|
|
Loading…
Reference in a new issue