316 lines
10 KiB
JavaScript
316 lines
10 KiB
JavaScript
export const methods = {
|
|
|
|
/* Request payload : null
|
|
Reply:
|
|
{
|
|
"action": "GETACTIVEUSERS",
|
|
"payload": [
|
|
{
|
|
"uid": "steinic",
|
|
"email": "Nicolas.STEIN@ext.ec.europa.eu",
|
|
"given_name": "Nicolas",
|
|
"family_name": "STEIN",
|
|
"userRoles": [
|
|
"BP_PO",
|
|
"SP_Admin",
|
|
"Org_Member",
|
|
"Org_Pending",
|
|
"EIC_Dev"
|
|
],
|
|
"sessionExpire": 3594,
|
|
"busConnected": true
|
|
}
|
|
],
|
|
"success": true,
|
|
"reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a"
|
|
}
|
|
*/
|
|
async action_GETACTIVEUSERS(action, payload, reqid){
|
|
if(!this.accessRights.canDo(this.roles, 'getActiveUsers')) {
|
|
this.sendErr(action, 'Unauthorized action !', reqid);
|
|
return
|
|
}
|
|
|
|
//TODO: take from new config key instead of hardcded
|
|
const iterOptions = {
|
|
TYPE: 'string',
|
|
MATCH: 'authorizer:sessid_*'
|
|
}
|
|
|
|
let activeUsers = []
|
|
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
|
|
let sess = null
|
|
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
|
|
catch(err) { console.log('bad sess info')}
|
|
if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID)
|
|
|| (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)){
|
|
continue
|
|
}
|
|
|
|
let ttl = await this.rediscnx.redisGetTtl(key, '')
|
|
activeUsers.push({
|
|
uid: sess.userInfo.euLoginId,
|
|
email: sess.userInfo.email,
|
|
given_name: sess.userInfo.given_name,
|
|
family_name: sess.userInfo.family_name,
|
|
userRoles: sess.userInfo.userRoles,
|
|
sessionExpire: ttl,
|
|
busConnected: this.wssSrv.sessionConnected(sess.sessionID),
|
|
})
|
|
}
|
|
var reply = {
|
|
'action': action,
|
|
'payload': activeUsers,
|
|
'success': true,
|
|
};
|
|
if(reqid) reply.reqid = reqid;
|
|
this.send(JSON.stringify(reply));
|
|
},
|
|
/*
|
|
* payload: {
|
|
uids: [ 'fallimi' ],
|
|
notRoles : ['EIC_ADMIN', 'EIC_Dev' ],
|
|
ttl: 0
|
|
}
|
|
=> Both conditions must be met (here nothing gets done as fallimi is EIC_Dev)
|
|
|
|
Any uid, but not some roles :
|
|
{
|
|
uids: null,
|
|
notRoles : ['EIC_ADMIN', 'EIC_Dev' ],
|
|
ttl: 0
|
|
}
|
|
|
|
Some uids, don't care their roles in 30 seconds :
|
|
{
|
|
uids: [ 'infosca', 'nz01234' ],
|
|
notRoles : [],
|
|
ttl: 30
|
|
}
|
|
|
|
*/
|
|
|
|
|
|
/* Request payload : { "uid":"steinni" }
|
|
Reply:
|
|
{
|
|
"action": "GETUSERSTATUS",
|
|
"payload":
|
|
{
|
|
"uid": "steinic",
|
|
"email": "Nicolas.STEIN@ext.ec.europa.eu",
|
|
"given_name": "Nicolas",
|
|
"family_name": "STEIN",
|
|
"sessionExpire": 3594,
|
|
"busConnected": true
|
|
},
|
|
"success": true,
|
|
"reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a"
|
|
}
|
|
*/
|
|
async action_GETUSERSTATUS(action, payload, reqid){
|
|
if(!this.accessRights.canDo(this.roles, 'getUserStatus')) {
|
|
this.sendErr(action, 'Unauthorized action !', reqid);
|
|
return
|
|
}
|
|
|
|
const iterOptions = {
|
|
TYPE: 'string',
|
|
MATCH: 'authorizer:sessid_*'
|
|
}
|
|
|
|
let user = {
|
|
uid: payload.uid,
|
|
email: null,
|
|
given_name: null,
|
|
family_name: null,
|
|
sessionExpire: null,
|
|
busConnected: null,
|
|
}
|
|
|
|
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
|
|
let sess = null
|
|
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
|
|
catch(err) { console.log('bad sess info')}
|
|
|
|
if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID)
|
|
|| (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)
|
|
|| (sess.userInfo.euLoginId != payload.uid)
|
|
) {
|
|
continue
|
|
} else {
|
|
let ttl = await this.rediscnx.redisGetTtl(key, '')
|
|
user={
|
|
uid: sess.userInfo.euLoginId,
|
|
email: sess.userInfo.email,
|
|
given_name: sess.userInfo.given_name,
|
|
family_name: sess.userInfo.family_name,
|
|
sessionExpire: ttl,
|
|
busConnected: this.wssSrv.sessionConnected(sess.sessionID),
|
|
}
|
|
break
|
|
}
|
|
}
|
|
|
|
var reply = {
|
|
'action': action,
|
|
'payload': user,
|
|
'success': true,
|
|
};
|
|
if(reqid) reply.reqid = reqid;
|
|
this.send(JSON.stringify(reply));
|
|
},
|
|
|
|
async action_KILLSESSION(action, payload, reqid){
|
|
if(!this.accessRights.canDo(this.roles, 'killSessions')) {
|
|
this.sendErr(action, 'Unauthorized action !', reqid);
|
|
return
|
|
}
|
|
if( (!payload.notRoles) || (!Array.isArray(payload.notRoles)) || (payload.uids && (!Array.isArray(payload.uids))) ){
|
|
this.sendErr(action, 'Bad payload !', reqid);
|
|
return
|
|
}
|
|
|
|
|
|
|
|
//TODO: take from new config key instead of hardcded
|
|
const iterOptions = {
|
|
TYPE: 'string',
|
|
MATCH: 'authorizer:sessid_*'
|
|
}
|
|
|
|
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
|
|
if(key.endsWith('_cookie')) continue
|
|
let sess = null
|
|
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
|
|
catch(err) { console.log('bad sess info')}
|
|
if((!sess) || (!sess.isAuthenticated)) continue
|
|
|
|
if(payload.uids && (payload.uids.indexOf(sess.userInfo['euLoginId'])<0)) continue
|
|
let intersect = payload.notRoles.filter(value => sess.userInfo.userRoles.includes(value));
|
|
if(intersect.length>0) continue
|
|
|
|
if((!payload.ttl) || (typeof(payload.ttl)!= number) || (payload.ttl<0) || (payload.ttl>3600)) payload.ttl=0
|
|
let ttl = await this.rediscnx.redisSetTtl(key, payload.ttl, '')
|
|
|
|
}
|
|
var reply = {
|
|
'action': action,
|
|
'success': true,
|
|
};
|
|
if(reqid) reply.reqid = reqid;
|
|
this.send(JSON.stringify(reply));
|
|
},
|
|
|
|
/* Request: (curtain down, except for devs & admins)
|
|
{
|
|
"action": "SETSPARCSTATE",
|
|
"payload" : {
|
|
blockedUids: [],
|
|
allowedRoles : ['EIC_Admin', 'EIC_Dev'],
|
|
},
|
|
}
|
|
|
|
Request: (curtain up, for everyone)
|
|
{
|
|
"action": "SETSPARCSTATE",
|
|
"payload" : {
|
|
blockedUids: [],
|
|
allowedRoles : '*',
|
|
},
|
|
}
|
|
|
|
Request: (curtain up, block some bad-guys)
|
|
{
|
|
"action": "SETSPARCSTATE",
|
|
"payload" : {
|
|
blockedUids: ['hacker1', 'hacker2'],
|
|
allowedRoles : '*',
|
|
},
|
|
}
|
|
|
|
Reply:
|
|
{
|
|
"success": true,
|
|
"reqid": "6az5e4r6a",
|
|
"payload": { the accessrights }
|
|
}
|
|
*/
|
|
async action_SETPLATFORMMODE(action, payload, reqid){
|
|
if(!this.accessRights.canDo(this.roles, 'setPlatformState')) {
|
|
this.sendErr(action, 'Unauthorized action !', reqid);
|
|
return
|
|
}
|
|
if((typeof(payload)!='object') || (!Array.isArray(payload.blockedUUIDs)) ||
|
|
( (typeof(payload.platformRestrictions)=='object') && (!Array.isArray(payload.platformRestrictions.allowedRoles)) )
|
|
){
|
|
this.sendErr(action, 'Invalid payload', reqid)
|
|
return
|
|
}
|
|
|
|
if(typeof(payload.platformRestrictions)=='object'){ // curtain down
|
|
if(!payload.platformRestrictions.allowedRoles.includes('EIC_Dev')){ // anti-shoot-your-foot
|
|
payload.platformRestrictions.allowedRoles.push('EIC_Dev')
|
|
}
|
|
} else { // curtain up
|
|
//force-in an example
|
|
payload.XX_platformRestrictions = { "allowedRoles":["EIC_Admin","EIC_Dev"],"allowedUUIDs":["valentin"] }
|
|
}
|
|
|
|
|
|
|
|
await this.rediscnx.redisSet(this.config.redis.platformStateKey,
|
|
payload,
|
|
0,
|
|
''
|
|
)
|
|
|
|
var reply = {
|
|
'action': action,
|
|
'success': true
|
|
};
|
|
if(reqid) reply.reqid = reqid;
|
|
this.send(JSON.stringify(reply));
|
|
},
|
|
|
|
|
|
/* Request:
|
|
{
|
|
"action": "GETSPARCMODE"
|
|
"payload": {
|
|
"key": "keyname"
|
|
}
|
|
"reqid": "6az5e4r6a"
|
|
}
|
|
Reply:
|
|
{
|
|
"action":"STORE",
|
|
"success":true,
|
|
"payload": {
|
|
...the sparc mode
|
|
}
|
|
"reqid": reqid
|
|
}
|
|
*/
|
|
async action_GETPLATFORMMODE(action, payload, reqid){
|
|
if(!this.accessRights.canDo(this.roles, 'getPlatformState')) {
|
|
this.sendErr(action, 'Unauthorized action !', reqid);
|
|
return
|
|
}
|
|
|
|
let rawVal = await this.rediscnx.redisGet(this.config.redis.platformStateKey, '')
|
|
let val = null
|
|
try { val = JSON.parse(rawVal)}
|
|
catch(err) { console.error('Action GETSPARCMODE: Not a json !? ', rawVal) }
|
|
|
|
var reply = {
|
|
'action': action,
|
|
'payload': val,
|
|
'success': true,
|
|
};
|
|
if(reqid) reply.reqid = reqid;
|
|
this.send(JSON.stringify(reply));
|
|
}
|
|
|
|
|
|
} |