Files
P42_wssGateway/actions/sessions.js
T
2025-09-14 21:06:13 +00:00

316 lines
10 KiB
JavaScript

export const methods = {
/* Request payload : null
Reply:
{
"action": "GETACTIVEUSERS",
"payload": [
{
"uid": "steinic",
"email": "Nicolas.STEIN@ext.ec.europa.eu",
"given_name": "Nicolas",
"family_name": "STEIN",
"userRoles": [
"BP_PO",
"SP_Admin",
"Org_Member",
"Org_Pending",
"EIC_Dev"
],
"sessionExpire": 3594,
"busConnected": true
}
],
"success": true,
"reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a"
}
*/
async action_GETACTIVEUSERS(action, payload, reqid){
if(!this.accessRights.canDo(this.roles, 'getActiveUsers')) {
this.sendErr(action, 'Unauthorized action !', reqid);
return
}
//TODO: take from new config key instead of hardcded
const iterOptions = {
TYPE: 'string',
MATCH: 'authorizer:sessid_*'
}
let activeUsers = []
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
let sess = null
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
catch(err) { console.log('bad sess info')}
if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID)
|| (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)){
continue
}
let ttl = await this.rediscnx.redisGetTtl(key, '')
activeUsers.push({
uid: sess.userInfo.euLoginId,
email: sess.userInfo.email,
given_name: sess.userInfo.given_name,
family_name: sess.userInfo.family_name,
userRoles: sess.userInfo.userRoles,
sessionExpire: ttl,
busConnected: this.wssSrv.sessionConnected(sess.sessionID),
})
}
var reply = {
'action': action,
'payload': activeUsers,
'success': true,
};
if(reqid) reply.reqid = reqid;
this.send(JSON.stringify(reply));
},
/*
* payload: {
uids: [ 'fallimi' ],
notRoles : ['EIC_ADMIN', 'EIC_Dev' ],
ttl: 0
}
=> Both conditions must be met (here nothing gets done as fallimi is EIC_Dev)
Any uid, but not some roles :
{
uids: null,
notRoles : ['EIC_ADMIN', 'EIC_Dev' ],
ttl: 0
}
Some uids, don't care their roles in 30 seconds :
{
uids: [ 'infosca', 'nz01234' ],
notRoles : [],
ttl: 30
}
*/
/* Request payload : { "uid":"steinni" }
Reply:
{
"action": "GETUSERSTATUS",
"payload":
{
"uid": "steinic",
"email": "Nicolas.STEIN@ext.ec.europa.eu",
"given_name": "Nicolas",
"family_name": "STEIN",
"sessionExpire": 3594,
"busConnected": true
},
"success": true,
"reqid": "df58a401-4ed2-4908-a2b1-8bae155e413a"
}
*/
async action_GETUSERSTATUS(action, payload, reqid){
if(!this.accessRights.canDo(this.roles, 'getUserStatus')) {
this.sendErr(action, 'Unauthorized action !', reqid);
return
}
const iterOptions = {
TYPE: 'string',
MATCH: 'authorizer:sessid_*'
}
let user = {
uid: payload.uid,
email: null,
given_name: null,
family_name: null,
sessionExpire: null,
busConnected: null,
}
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
let sess = null
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
catch(err) { console.log('bad sess info')}
if((!sess) || (!sess.isAuthenticated) || (!sess.sessionID)
|| (!sess.userInfo) || (!sess.userInfo.userRoles) || (!sess.userInfo.euLoginId)
|| (sess.userInfo.euLoginId != payload.uid)
) {
continue
} else {
let ttl = await this.rediscnx.redisGetTtl(key, '')
user={
uid: sess.userInfo.euLoginId,
email: sess.userInfo.email,
given_name: sess.userInfo.given_name,
family_name: sess.userInfo.family_name,
sessionExpire: ttl,
busConnected: this.wssSrv.sessionConnected(sess.sessionID),
}
break
}
}
var reply = {
'action': action,
'payload': user,
'success': true,
};
if(reqid) reply.reqid = reqid;
this.send(JSON.stringify(reply));
},
async action_KILLSESSION(action, payload, reqid){
if(!this.accessRights.canDo(this.roles, 'killSessions')) {
this.sendErr(action, 'Unauthorized action !', reqid);
return
}
if( (!payload.notRoles) || (!Array.isArray(payload.notRoles)) || (payload.uids && (!Array.isArray(payload.uids))) ){
this.sendErr(action, 'Bad payload !', reqid);
return
}
//TODO: take from new config key instead of hardcded
const iterOptions = {
TYPE: 'string',
MATCH: 'authorizer:sessid_*'
}
for await (const key of this.rediscnx.redisClient.scanIterator(iterOptions)) {
if(key.endsWith('_cookie')) continue
let sess = null
try{ sess = JSON.parse(await this.rediscnx.redisGet(key, '')) }
catch(err) { console.log('bad sess info')}
if((!sess) || (!sess.isAuthenticated)) continue
if(payload.uids && (payload.uids.indexOf(sess.userInfo['euLoginId'])<0)) continue
let intersect = payload.notRoles.filter(value => sess.userInfo.userRoles.includes(value));
if(intersect.length>0) continue
if((!payload.ttl) || (typeof(payload.ttl)!= number) || (payload.ttl<0) || (payload.ttl>3600)) payload.ttl=0
let ttl = await this.rediscnx.redisSetTtl(key, payload.ttl, '')
}
var reply = {
'action': action,
'success': true,
};
if(reqid) reply.reqid = reqid;
this.send(JSON.stringify(reply));
},
/* Request: (curtain down, except for devs & admins)
{
"action": "SETSPARCSTATE",
"payload" : {
blockedUids: [],
allowedRoles : ['EIC_Admin', 'EIC_Dev'],
},
}
Request: (curtain up, for everyone)
{
"action": "SETSPARCSTATE",
"payload" : {
blockedUids: [],
allowedRoles : '*',
},
}
Request: (curtain up, block some bad-guys)
{
"action": "SETSPARCSTATE",
"payload" : {
blockedUids: ['hacker1', 'hacker2'],
allowedRoles : '*',
},
}
Reply:
{
"success": true,
"reqid": "6az5e4r6a",
"payload": { the accessrights }
}
*/
async action_SETPLATFORMMODE(action, payload, reqid){
if(!this.accessRights.canDo(this.roles, 'setPlatformState')) {
this.sendErr(action, 'Unauthorized action !', reqid);
return
}
if((typeof(payload)!='object') || (!Array.isArray(payload.blockedUUIDs)) ||
( (typeof(payload.platformRestrictions)=='object') && (!Array.isArray(payload.platformRestrictions.allowedRoles)) )
){
this.sendErr(action, 'Invalid payload', reqid)
return
}
if(typeof(payload.platformRestrictions)=='object'){ // curtain down
if(!payload.platformRestrictions.allowedRoles.includes('EIC_Dev')){ // anti-shoot-your-foot
payload.platformRestrictions.allowedRoles.push('EIC_Dev')
}
} else { // curtain up
//force-in an example
payload.XX_platformRestrictions = { "allowedRoles":["EIC_Admin","EIC_Dev"],"allowedUUIDs":["valentin"] }
}
await this.rediscnx.redisSet(this.config.redis.platformStateKey,
payload,
0,
''
)
var reply = {
'action': action,
'success': true
};
if(reqid) reply.reqid = reqid;
this.send(JSON.stringify(reply));
},
/* Request:
{
"action": "GETSPARCMODE"
"payload": {
"key": "keyname"
}
"reqid": "6az5e4r6a"
}
Reply:
{
"action":"STORE",
"success":true,
"payload": {
...the sparc mode
}
"reqid": reqid
}
*/
async action_GETPLATFORMMODE(action, payload, reqid){
if(!this.accessRights.canDo(this.roles, 'getPlatformState')) {
this.sendErr(action, 'Unauthorized action !', reqid);
return
}
let rawVal = await this.rediscnx.redisGet(this.config.redis.platformStateKey, '')
let val = null
try { val = JSON.parse(rawVal)}
catch(err) { console.error('Action GETSPARCMODE: Not a json !? ', rawVal) }
var reply = {
'action': action,
'payload': val,
'success': true,
};
if(reqid) reply.reqid = reqid;
this.send(JSON.stringify(reply));
}
}