export const methods = { /* Request payload : null Reply: { "action": "GETACTIVEUSERS", "payload": [ { "uid": "steinic", "email": "Nicolas.STEIN@ext.ec.europa.eu", "given_name": "Nicolas", "family_name": "STEIN", "userRoles": [ "BP_PO", "SP_Admin", "Org_Member", "Org_Pending", "EIC_Dev" ], "sessionExpire": 3594, "busConnected": true } ], "success": true, "reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a" } */ async action_GETACTIVEUSERS(action, payload, reqid){ if(!this.accessRights.canDo(this.roles, 'getActiveUsers')) { this.sendErr(action, 'Unauthorized action !', reqid); return } //TODO: take from new config key instead of hardcded const iterOptions = { TYPE: 'string', MATCH: 'authorizer:sessid_*' } let activeUsers = [] for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) { let sess = null try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) } catch(err) { console.log('bad sess info')} if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID) || (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)){ continue } let ttl = await this.rediscnx.redisGetTtl(key, '') activeUsers.push({ uid: sess.userInfo.euLoginId, email: sess.userInfo.email, given_name: sess.userInfo.given_name, family_name: sess.userInfo.family_name, userRoles: sess.userInfo.userRoles, sessionExpire: ttl, busConnected: this.wssSrv.sessionConnected(sess.sessionID), }) } var reply = { 'action': action, 'payload': activeUsers, 'success': true, }; if(reqid) reply.reqid = reqid; this.send(JSON.stringify(reply)); }, /* * payload: { uids: [ 'fallimi' ], notRoles : ['EIC_ADMIN', 'EIC_Dev' ], ttl: 0 } => Both conditions must be met (here nothing gets done as fallimi is EIC_Dev) Any uid, but not some roles : { uids: null, notRoles : ['EIC_ADMIN', 'EIC_Dev' ], ttl: 0 } Some uids, don't care their roles in 30 seconds : { uids: [ 'infosca', 'nz01234' ], notRoles : [], ttl: 30 } */ /* Request payload : { "uid":"steinni" } Reply: { "action": "GETUSERSTATUS", "payload": { "uid": "steinic", "email": "Nicolas.STEIN@ext.ec.europa.eu", "given_name": "Nicolas", "family_name": "STEIN", "sessionExpire": 3594, "busConnected": true }, "success": true, "reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a" } */ async action_GETUSERSTATUS(action, payload, reqid){ if(!this.accessRights.canDo(this.roles, 'getUserStatus')) { this.sendErr(action, 'Unauthorized action !', reqid); return } const iterOptions = { TYPE: 'string', MATCH: 'authorizer:sessid_*' } let user = { uid: payload.uid, email: null, given_name: null, family_name: null, sessionExpire: null, busConnected: null, } for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) { let sess = null try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) } catch(err) { console.log('bad sess info')} if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID) || (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId) || (sess.userInfo.euLoginId != payload.uid) ) { continue } else { let ttl = await this.rediscnx.redisGetTtl(key, '') user={ uid: sess.userInfo.euLoginId, email: sess.userInfo.email, given_name: sess.userInfo.given_name, family_name: sess.userInfo.family_name, sessionExpire: ttl, busConnected: this.wssSrv.sessionConnected(sess.sessionID), } break } } var reply = { 'action': action, 'payload': user, 'success': true, }; if(reqid) reply.reqid = reqid; this.send(JSON.stringify(reply)); }, async action_KILLSESSION(action, payload, reqid){ if(!this.accessRights.canDo(this.roles, 'killSessions')) { this.sendErr(action, 'Unauthorized action !', reqid); return } if( (!payload.notRoles) || (!Array.isArray(payload.notRoles)) || (payload.uids && (!Array.isArray(payload.uids))) ){ this.sendErr(action, 'Bad payload !', reqid); return } //TODO: take from new config key instead of hardcded const iterOptions = { TYPE: 'string', MATCH: 'authorizer:sessid_*' } for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) { if(key.endsWith('_cookie')) continue let sess = null try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) } catch(err) { console.log('bad sess info')} if((!sess) || (!sess.isAuthenticated)) continue if(payload.uids && (payload.uids.indexOf(sess.userInfo['euLoginId'])<0)) continue let intersect = payload.notRoles.filter(value => sess.userInfo.userRoles.includes(value)); if(intersect.length>0) continue if((!payload.ttl) || (typeof(payload.ttl)!= number) || (payload.ttl<0) || (payload.ttl>3600)) payload.ttl=0 let ttl = await this.rediscnx.redisSetTtl(key, payload.ttl, '') } var reply = { 'action': action, 'success': true, }; if(reqid) reply.reqid = reqid; this.send(JSON.stringify(reply)); }, /* Request: (curtain down, except for devs & admins) { "action": "SETSPARCSTATE", "payload" : { blockedUids: [], allowedRoles : ['EIC_Admin', 'EIC_Dev'], }, } Request: (curtain up, for everyone) { "action": "SETSPARCSTATE", "payload" : { blockedUids: [], allowedRoles : '*', }, } Request: (curtain up, block some bad-guys) { "action": "SETSPARCSTATE", "payload" : { blockedUids: ['hacker1', 'hacker2'], allowedRoles : '*', }, } Reply: { "success": true, "reqid": "6az5e4r6a", "payload": { the accessrights } } */ async action_SETPLATFORMMODE(action, payload, reqid){ if(!this.accessRights.canDo(this.roles, 'setPlatformState')) { this.sendErr(action, 'Unauthorized action !', reqid); return } if((typeof(payload)!='object') || (!Array.isArray(payload.blockedUUIDs)) || ( (typeof(payload.platformRestrictions)=='object') && (!Array.isArray(payload.platformRestrictions.allowedRoles)) ) ){ this.sendErr(action, 'Invalid payload', reqid) return } if(typeof(payload.platformRestrictions)=='object'){ // curtain down if(!payload.platformRestrictions.allowedRoles.includes('EIC_Dev')){ // anti-shoot-your-foot payload.platformRestrictions.allowedRoles.push('EIC_Dev') } } else { // curtain up //force-in an example payload.XX_platformRestrictions = { "allowedRoles":["EIC_Admin","EIC_Dev"],"allowedUUIDs":["valentin"] } } await this.rediscnx.redisSet(this.config.redis.platformStateKey, payload, 0, '' ) var reply = { 'action': action, 'success': true }; if(reqid) reply.reqid = reqid; this.send(JSON.stringify(reply)); }, /* Request: { "action": "GETSPARCMODE" "payload": { "key": "keyname" } "reqid": "6az5e4r6a" } Reply: { "action":"STORE", "success":true, "payload": { ...the sparc mode } "reqid": reqid } */ async action_GETPLATFORMMODE(action, payload, reqid){ if(!this.accessRights.canDo(this.roles, 'getPlatformState')) { this.sendErr(action, 'Unauthorized action !', reqid); return } let rawVal = await this.rediscnx.redisGet(this.config.redis.platformStateKey, '') let val = null try { val = JSON.parse(rawVal)} catch(err) { console.error('Action GETSPARCMODE: Not a json !? ', rawVal) } var reply = { 'action': action, 'payload': val, 'success': true, }; if(reqid) reply.reqid = reqid; this.send(JSON.stringify(reply)); } }