This commit is contained in:
STEINNI
2025-08-30 23:26:12 +00:00
commit 6fb75a0888
9 changed files with 7079 additions and 0 deletions
+9
View File
@@ -0,0 +1,9 @@
# package directories
node_modules
jspm_packages
# Nike stuff
package-lock.json
/node_modules
*.log
+25
View File
@@ -0,0 +1,25 @@
function corsResolver(req, res, next) {
if(1==0) { // allow browser / postman / world
// Allow only from Mike & Nike devs
//if(['https://steinni.dev.eismea.eu','https://fallimi.dev.eismea.eu'].indexOf(req.headers.origin)<0) {
console.log('Bad origin for CORS : ',req.headers.origin)
next();
return;
}
// Website you wish to allow to connect
// running front-end application on port 3000
res.setHeader('Access-Control-Allow-Origin', req.headers.origin ? req.headers.origin : '' );
// Request methods you wish to allow
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
// Request headers you wish to allow
res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type,Authorization');
// Set to true if you need the website to include cookies in the requests sent
// to the API (e.g. in case you use sessions)
res.setHeader('Access-Control-Allow-Credentials', true);
// Pass to next layer of middleware
next();
}
module.exports = corsResolver;
+28
View File
@@ -0,0 +1,28 @@
import argon2 from 'argon2'
// --- Hash a password (e.g. at signup) ---
export async function hashPassword(plainPassword) {
try {
const hash = await argon2.hash(plainPassword, {
type: argon2.argon2id, // recommended variant
memoryCost: 2 ** 16, // ~64 MB
timeCost: 3, // iterations
parallelism: 1 // threads
})
return hash // store this string in MySQL
} catch (err) {
console.error('Error hashing password:', err)
throw err
}
}
// --- Verify a password (e.g. at login) ---
export async function verifyPassword(plainPassword, storedHash) {
try {
const match = await argon2.verify(storedHash, plainPassword)
return match // true or false
} catch (err) {
console.error('Error verifying password:', err)
return false
}
}
+211
View File
@@ -0,0 +1,211 @@
const mysql = require('mysql2/promise');
class P42ApiEndpoints{
constructor(app) {
this.db = null
this.app = app
this.userinfos = null
this.registerPaths()
}
registerPaths(){
this.app.get('/hw', this.hw.bind(this))
}
async connectDB(mysqlCreds) {
this.db = await mysql.createConnection({
host: mysqlCreds.host,
port: mysqlCreds.port,
socketPath: mysqlCreds.socketPath,
database: mysqlCreds.database,
user: mysqlCreds.user,
password: mysqlCreds.password
});
setInterval(() => {
this.db.query('SELECT 1');
}, 5000);
}
err(req, res, msg, debug, status=500) {
if(!debug) debug = msg
let jsonResp = {'success':false,
'payload': null,
'error': {
'displayMessage' : msg,
'debugMessage' : debug
}
};
res.set('Content-Type', 'application/json');
res.status(status)
res.send(JSON.stringify(jsonResp));
}
ok(req, res, payload) {
let jsonResp = { "success": true,
"payload": payload,
};
res.set('Content-Type', 'application/json');
res.send(JSON.stringify(jsonResp));
}
async makeSession(req, res) {
req.session.userinfo = req.body
console.log('REQ body:', req.body)
this.ok(req, res, {})
}
getSession(req, res) {
this.userinfos = {
"at_hash": "fhaNqJbWprmseino7D7vQhdEIWzlss6a08DvgY_Y7ik",
"sub": "steinic",
"amr": [
"pwd"
],
"iss": "https://ecas.acceptance.ec.europa.eu/cas/oauth2",
// Impersonate here
"preferred_username": "fallimi", //"steinic",
"locale": "en",
"https://ecas.ec.europa.eu/claims/domain": "eu.europa.ec",
"acr": "https://ecas.ec.europa.eu/loa/basic",
"auth_time": 1686415198,
"nickname": "steinic",
"https://ecas.ec.europa.eu/claims/teleworking_priority": false,
"exp": 1686415501,
"iat": 1686415201,
"email": "Nicolas.STEIN@ext.ec.europa.eu",
"https://ecas.ec.europa.eu/claims/employee_number": "90218167",
"email_verified": true,
"https://ecas.ec.europa.eu/claims/department_number": "EISMEA.C.02.2",
"https://ecas.ec.europa.eu/claims/employee_type": "x",
"given_name": "Nicolas",
"https://ecas.ec.europa.eu/claims/org_id": "232619",
"aud": "zjDAOobFg2JJzMxhzfoTyPg1BrOzPzG4EMUJOoqUbF1mYTkwddaZwL4o9YzzK3unIZAEunze7fQAfOoOgXnq9Xhr-NaAc23CqASenqizgfAeUl6",
"c_hash": "8pzkBbmGEZW48yLZYoEoR_H3QC0GIeWYxlzUCfRMElg",
"https://ecas.ec.europa.eu/claims/sso": false,
"https://ecas.ec.europa.eu/claims/authentication_factors": [
{
"username": "steinic"
}
],
"name": "Nicolas STEIN",
"https://ecas.ec.europa.eu/claims/uid": "steinic",
"family_name": "STEIN",
"userRoles": [
"BP_PO",
"APPLICANT",
]
}
return(true)
if((!req.session.userinfo) || (!req.session.userinfo.isAuthenticated)) {
this.err(req, res, 'Not authenticated !')
this.userinfos = null
return(false)
} else {
req.session.touch()
this.userinfos = req.session.userinfo
return(true)
}
}
hasRole(roles) {
if(!this.userinfos.userRoles) return(false)
if(typeof(roles) == 'string') return(this.userinfos.userRoles.includes(roles))
else if(Array.isArray(roles)) {
for(let role of roles) {
if(this.userinfos.userRoles.includes(role)) return(true)
}
}
return(false)
}
CheckMapOutput(data, remap, transformers) {
if(!data) return(null)
let rows = Array.isArray(data) ? data : [data]
let filteredRows = []
for(let row of rows) {
let filteredRow = {}
Object.keys(row).forEach((key, index) => {
if(Object.keys(remap).indexOf(key)>-1) {
if(transformers && transformers[key] && (typeof(transformers[key])=='function')) {
filteredRow[remap[key]] = transformers[key](row[key])
} else filteredRow[remap[key]] = row[key]
}
});
filteredRows.push(filteredRow)
}
if(Array.isArray(data)) return(filteredRows)
else return(filteredRows[0])
}
CheckMapInput(dataIn, remap, checks) {
let dataOut = {}
for(let field in checks) {
let dbName = checks[field](dataIn[field])
if(dbName && (dataIn[field]!=null)) dataOut[remap[field]] = dataIn[field]
}
return(dataOut)
}
async isMemberOf(pic) {
let [rows, fields] = await this.db.query(`
SELECT count(*) as cnt FROM organisation_members
WHERE (om_pic=?)
AND (om_uid=?)
`,
[pic, this.userinfos.preferred_username]);
return(rows[0]['cnt']>0)
}
async isOrgAdminOf(pic) {
let [rows, fields] = await this.db.query(`
SELECT count(*) as cnt FROM organisation_members
WHERE (om_pic=?)
AND (om_uid=?)
AND om_administrator=1
`,
[pic, this.userinfos.preferred_username]);
return(rows[0]['cnt']>0)
}
async isPropAdminOf(pid) {
let [rows, fields] = await this.db.query(`
SELECT count(*) as cnt FROM shortprops_members
WHERE (spm_prop_id=?)
AND (spm_uid=?)
AND spm_administrator=1
`,
[pid, this.userinfos.preferred_username]);
return(rows[0]['cnt']>0)
}
async isPropMemberOf(pid) {
let [rows, fields] = await this.db.query(`
SELECT count(*) as cnt FROM shortprops_members
WHERE (spm_prop_id=?)
AND (spm_uid=?)
`,
[pid, this.userinfos.preferred_username]);
return(rows[0]['cnt']>0)
}
async merge(table, where, whereVals, data) {
let [rows, field] = await this.db.query(`SELECT * FROM ${table} WHERE ${where}`, whereVals)
if(rows.length==0) return(data)
else return(Object.assign(rows[0], data))
}
///////////////////////////API starts here.../////////////////////////////
async hw(req, res) {
this.ok(req, res, {hello:'world'})
}
}
module.exports = P42ApiEndpoints;
Executable
+63
View File
@@ -0,0 +1,63 @@
#!/usr/bin/env node
'use strict'
const p42apiConfig = require("./p42api.json");
const http = require('http');
const express = require("express");
const bodyParser = require('body-parser');
const session = require('express-session')
const MySQLStore = require('express-mysql-session')(session);
const corsResolver = require('./corsMiddleware')
const P42ApiEndpoints = require('./p42ApiEndpoints')
const mysqlCreds = {
// host: '127.0.0.1',
// port: 3306,
socketPath: '/var/run/mysqld/mysqld.sock',
user: 'p42',
password: 'C3h=V9!r>Mvc>skxPf9?W2P3duJTk',
database: 'p42'
}
const sessionStore = new MySQLStore({ ...mysqlCreds,
createDatabaseTable: false,
clearExpired: true,
schema: {
tableName: 'p42_sessions',
columnNames: {
session_id: 'session_id',
expires: 'expires',
data: 'data'
}
}
});
const app = express();
app.set('trust proxy', 1) // trust first proxy (nginx), so we serve http to nginx, but we still behave as if we're in https
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json())
app.use(corsResolver);
app.use(session({
name: 'p42.api.sid',
secret: 'qNhy555Y9vyxj?!3yaYA=aKfgk+Wy5eymNtP*?4i',
store: sessionStore,
resave: false,
saveUninitialized: false,
cookie: {
maxAge: 1000 * 60 * 60 * 4,
secure: true, //See trust proxy above
sameSite: 'lax',
},
}
))
let eps = new P42ApiEndpoints(app)
eps.connectDB(mysqlCreds)
const server = http.createServer(app)
.listen(p42apiConfig.listenPort, p42apiConfig.listenHost, function (req, res) {
console.log("p42api now listening on %j:%j ", p42apiConfig.listenHost, p42apiConfig.listenPort);
});
+12
View File
@@ -0,0 +1,12 @@
{
"dependencies": {
"argon2": "^0.44.0",
"body-parser": "^2.2.0",
"express": "^5.1.0",
"express-mysql-session": "^3.0.3",
"express-session": "^1.18.2",
"mysql": "^2.18.1",
"mysql2": "^3.14.3",
"swagger-ui-express": "^5.0.1"
}
}
Executable
+13
View File
@@ -0,0 +1,13 @@
#!/bin/sh
cd /opt/p42api/
pid=`ps -ef | grep p42api |grep -v grep | awk '{print $2}'`
if [ -z "$pid" ]
then
node p42api.js > p42api.log 2>&1 &
else
echo ''
echo 'Already running PID='"$pid"' (use stopApi.sh to stop it)'
echo ''
fi
Executable
+6
View File
@@ -0,0 +1,6 @@
#!/bin/sh
pid=`ps -ef | grep p42api |grep -v grep | awk '{print $2}'`
kill -9 $pid
+6712
View File
File diff suppressed because it is too large Load Diff