2nd
This commit is contained in:
@@ -0,0 +1,316 @@
|
||||
module.exports.methods = {
|
||||
|
||||
/* Request payload : null
|
||||
Reply:
|
||||
{
|
||||
"action": "GETACTIVEUSERS",
|
||||
"payload": [
|
||||
{
|
||||
"uid": "steinic",
|
||||
"email": "Nicolas.STEIN@ext.ec.europa.eu",
|
||||
"given_name": "Nicolas",
|
||||
"family_name": "STEIN",
|
||||
"userRoles": [
|
||||
"BP_PO",
|
||||
"SP_Admin",
|
||||
"Org_Member",
|
||||
"Org_Pending",
|
||||
"EIC_Dev"
|
||||
],
|
||||
"sessionExpire": 3594,
|
||||
"busConnected": true
|
||||
}
|
||||
],
|
||||
"success": true,
|
||||
"reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a"
|
||||
}
|
||||
*/
|
||||
async action_GETACTIVEUSERS(action, payload, reqid){
|
||||
if(!this.accessRights.canDo(this.roles, 'getActiveUsers')) {
|
||||
this.sendErr(action, 'Unauthorized action !', reqid);
|
||||
return
|
||||
}
|
||||
|
||||
//TODO: take from new config key instead of hardcded
|
||||
const iterOptions = {
|
||||
TYPE: 'string',
|
||||
MATCH: 'authorizer:sessid_*'
|
||||
}
|
||||
|
||||
let activeUsers = []
|
||||
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
|
||||
let sess = null
|
||||
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
|
||||
catch(err) { console.log('bad sess info')}
|
||||
if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID)
|
||||
|| (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)){
|
||||
continue
|
||||
}
|
||||
|
||||
let ttl = await this.rediscnx.redisGetTtl(key, '')
|
||||
activeUsers.push({
|
||||
uid: sess.userInfo.euLoginId,
|
||||
email: sess.userInfo.email,
|
||||
given_name: sess.userInfo.given_name,
|
||||
family_name: sess.userInfo.family_name,
|
||||
userRoles: sess.userInfo.userRoles,
|
||||
sessionExpire: ttl,
|
||||
busConnected: this.wssSrv.sessionConnected(sess.sessionID),
|
||||
})
|
||||
}
|
||||
var reply = {
|
||||
'action': action,
|
||||
'payload': activeUsers,
|
||||
'success': true,
|
||||
};
|
||||
if(reqid) reply.reqid = reqid;
|
||||
this.send(JSON.stringify(reply));
|
||||
},
|
||||
/*
|
||||
* payload: {
|
||||
uids: [ 'fallimi' ],
|
||||
notRoles : ['EIC_ADMIN', 'EIC_Dev' ],
|
||||
ttl: 0
|
||||
}
|
||||
=> Both conditions must be met (here nothing gets done as fallimi is EIC_Dev)
|
||||
|
||||
Any uid, but not some roles :
|
||||
{
|
||||
uids: null,
|
||||
notRoles : ['EIC_ADMIN', 'EIC_Dev' ],
|
||||
ttl: 0
|
||||
}
|
||||
|
||||
Some uids, don't care their roles in 30 seconds :
|
||||
{
|
||||
uids: [ 'infosca', 'nz01234' ],
|
||||
notRoles : [],
|
||||
ttl: 30
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
|
||||
/* Request payload : { "uid":"steinni" }
|
||||
Reply:
|
||||
{
|
||||
"action": "GETUSERSTATUS",
|
||||
"payload":
|
||||
{
|
||||
"uid": "steinic",
|
||||
"email": "Nicolas.STEIN@ext.ec.europa.eu",
|
||||
"given_name": "Nicolas",
|
||||
"family_name": "STEIN",
|
||||
"sessionExpire": 3594,
|
||||
"busConnected": true
|
||||
},
|
||||
"success": true,
|
||||
"reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a"
|
||||
}
|
||||
*/
|
||||
async action_GETUSERSTATUS(action, payload, reqid){
|
||||
if(!this.accessRights.canDo(this.roles, 'getUserStatus')) {
|
||||
this.sendErr(action, 'Unauthorized action !', reqid);
|
||||
return
|
||||
}
|
||||
|
||||
const iterOptions = {
|
||||
TYPE: 'string',
|
||||
MATCH: 'authorizer:sessid_*'
|
||||
}
|
||||
|
||||
let user = {
|
||||
uid: payload.uid,
|
||||
email: null,
|
||||
given_name: null,
|
||||
family_name: null,
|
||||
sessionExpire: null,
|
||||
busConnected: null,
|
||||
}
|
||||
|
||||
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
|
||||
let sess = null
|
||||
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
|
||||
catch(err) { console.log('bad sess info')}
|
||||
|
||||
if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID)
|
||||
|| (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)
|
||||
|| (sess.userInfo.euLoginId != payload.uid)
|
||||
) {
|
||||
continue
|
||||
} else {
|
||||
let ttl = await this.rediscnx.redisGetTtl(key, '')
|
||||
user={
|
||||
uid: sess.userInfo.euLoginId,
|
||||
email: sess.userInfo.email,
|
||||
given_name: sess.userInfo.given_name,
|
||||
family_name: sess.userInfo.family_name,
|
||||
sessionExpire: ttl,
|
||||
busConnected: this.wssSrv.sessionConnected(sess.sessionID),
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
var reply = {
|
||||
'action': action,
|
||||
'payload': user,
|
||||
'success': true,
|
||||
};
|
||||
if(reqid) reply.reqid = reqid;
|
||||
this.send(JSON.stringify(reply));
|
||||
},
|
||||
|
||||
async action_KILLSESSION(action, payload, reqid){
|
||||
if(!this.accessRights.canDo(this.roles, 'killSessions')) {
|
||||
this.sendErr(action, 'Unauthorized action !', reqid);
|
||||
return
|
||||
}
|
||||
if( (!payload.notRoles) || (!Array.isArray(payload.notRoles)) || (payload.uids && (!Array.isArray(payload.uids))) ){
|
||||
this.sendErr(action, 'Bad payload !', reqid);
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
|
||||
//TODO: take from new config key instead of hardcded
|
||||
const iterOptions = {
|
||||
TYPE: 'string',
|
||||
MATCH: 'authorizer:sessid_*'
|
||||
}
|
||||
|
||||
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
|
||||
if(key.endsWith('_cookie')) continue
|
||||
let sess = null
|
||||
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
|
||||
catch(err) { console.log('bad sess info')}
|
||||
if((!sess) || (!sess.isAuthenticated)) continue
|
||||
|
||||
if(payload.uids && (payload.uids.indexOf(sess.userInfo['euLoginId'])<0)) continue
|
||||
let intersect = payload.notRoles.filter(value => sess.userInfo.userRoles.includes(value));
|
||||
if(intersect.length>0) continue
|
||||
|
||||
if((!payload.ttl) || (typeof(payload.ttl)!= number) || (payload.ttl<0) || (payload.ttl>3600)) payload.ttl=0
|
||||
let ttl = await this.rediscnx.redisSetTtl(key, payload.ttl, '')
|
||||
|
||||
}
|
||||
var reply = {
|
||||
'action': action,
|
||||
'success': true,
|
||||
};
|
||||
if(reqid) reply.reqid = reqid;
|
||||
this.send(JSON.stringify(reply));
|
||||
},
|
||||
|
||||
/* Request: (curtain down, except for devs & admins)
|
||||
{
|
||||
"action": "SETSPARCSTATE",
|
||||
"payload" : {
|
||||
blockedUids: [],
|
||||
allowedRoles : ['EIC_Admin', 'EIC_Dev'],
|
||||
},
|
||||
}
|
||||
|
||||
Request: (curtain up, for everyone)
|
||||
{
|
||||
"action": "SETSPARCSTATE",
|
||||
"payload" : {
|
||||
blockedUids: [],
|
||||
allowedRoles : '*',
|
||||
},
|
||||
}
|
||||
|
||||
Request: (curtain up, block some bad-guys)
|
||||
{
|
||||
"action": "SETSPARCSTATE",
|
||||
"payload" : {
|
||||
blockedUids: ['hacker1', 'hacker2'],
|
||||
allowedRoles : '*',
|
||||
},
|
||||
}
|
||||
|
||||
Reply:
|
||||
{
|
||||
"success": true,
|
||||
"reqid": "6az5e4r6a",
|
||||
"payload": { the accessrights }
|
||||
}
|
||||
*/
|
||||
async action_SETPLATFORMMODE(action, payload, reqid){
|
||||
if(!this.accessRights.canDo(this.roles, 'setPlatformState')) {
|
||||
this.sendErr(action, 'Unauthorized action !', reqid);
|
||||
return
|
||||
}
|
||||
if((typeof(payload)!='object') || (!Array.isArray(payload.blockedUUIDs)) ||
|
||||
( (typeof(payload.platformRestrictions)=='object') && (!Array.isArray(payload.platformRestrictions.allowedRoles)) )
|
||||
){
|
||||
this.sendErr(action, 'Invalid payload', reqid)
|
||||
return
|
||||
}
|
||||
|
||||
if(typeof(payload.platformRestrictions)=='object'){ // curtain down
|
||||
if(!payload.platformRestrictions.allowedRoles.includes('EIC_Dev')){ // anti-shoot-your-foot
|
||||
payload.platformRestrictions.allowedRoles.push('EIC_Dev')
|
||||
}
|
||||
} else { // curtain up
|
||||
//force-in an example
|
||||
payload.XX_platformRestrictions = { "allowedRoles":["EIC_Admin","EIC_Dev"],"allowedUUIDs":["valentin"] }
|
||||
}
|
||||
|
||||
|
||||
|
||||
await this.rediscnx.redisSet(this.config.redis.platformStateKey,
|
||||
payload,
|
||||
0,
|
||||
''
|
||||
)
|
||||
|
||||
var reply = {
|
||||
'action': action,
|
||||
'success': true
|
||||
};
|
||||
if(reqid) reply.reqid = reqid;
|
||||
this.send(JSON.stringify(reply));
|
||||
},
|
||||
|
||||
|
||||
/* Request:
|
||||
{
|
||||
"action": "GETSPARCMODE"
|
||||
"payload": {
|
||||
"key": "keyname"
|
||||
}
|
||||
"reqid": "6az5e4r6a"
|
||||
}
|
||||
Reply:
|
||||
{
|
||||
"action":"STORE",
|
||||
"success":true,
|
||||
"payload": {
|
||||
...the sparc mode
|
||||
}
|
||||
"reqid": reqid
|
||||
}
|
||||
*/
|
||||
async action_GETPLATFORMMODE(action, payload, reqid){
|
||||
if(!this.accessRights.canDo(this.roles, 'getPlatformState')) {
|
||||
this.sendErr(action, 'Unauthorized action !', reqid);
|
||||
return
|
||||
}
|
||||
|
||||
let rawVal = await this.rediscnx.redisGet(this.config.redis.platformStateKey, '')
|
||||
let val = null
|
||||
try { val = JSON.parse(rawVal)}
|
||||
catch(err) { console.error('Action GETSPARCMODE: Not a json !? ', rawVal) }
|
||||
|
||||
var reply = {
|
||||
'action': action,
|
||||
'payload': val,
|
||||
'success': true,
|
||||
};
|
||||
if(reqid) reply.reqid = reqid;
|
||||
this.send(JSON.stringify(reply));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user