Issue #861

rest/src/main/resources/openapi/exts/v7.0/openapi.yaml

@@ -0,0 +1,66 @@
+openapi: 3.0.2
+info:
+  title: API pro externí aplikace
+  description: |
+    Popis je platný k verzi 7.0.38 a vyšší. Kramerius obsahuje REST API, které je určeno pro externí aplikace a bude se dále rozšiřovat.
+  version: "7.0"
+
+servers:
+  - url: /search/api/exts/v7.0
+
+tags:
+
+  - name: Získání servisního tokenu
+    description: >
+        Pokud je potřeba aby aplikace pracovala s JWT tokenem, který má jinou expirační dobu (typicky dlouho trvajicí proces), může administrátor vyrvořit nový objekt v keycloaku typu client, k němu přiřadit servisní roli.  Proces pomocí endpointu krameria, clientId a secret je schopen získat token. Administrátor může upravit vlastnosti klienta dle požadavků procesu
+
+paths:
+  /tokens/{clientid}:
+    get:
+      tags:
+        - Získání servisního tokenu
+      summary: Získání servisního tokenu
+      description: Získání servisního tokenu
+      parameters:
+
+        - name: clientid
+          in: path
+          required: true
+          description: Identifikátor objektu client
+          schema:
+            type: string
+
+        - name: secrets
+          in: query
+          required: true
+          description: Secrets svázaný s přístupem na token. 
+          schema:
+            type: string
+
+
+      responses:
+        '200':
+          description: JSON odpověď z keycloaku 
+          content:
+            application/json:
+              schema:
+                type: string
+              example: {
+                   "access_token": "xxxxfffffaaa",
+                    "expires_in": 36000,
+                    "refresh_expires_in": 0,
+                    "token_type": "Bearer",
+                    "not-before-policy": 0,
+                    "scope": "profile email"
+                  }
+
+        '401':
+          description: Neautorizovaný přístup
+          content:
+            application/json:
+              schema:
+                type: string
+              example: {
+                 "error": "unauthorized_client",
+                  "error_description": "Invalid client secret"
+              }

search/web/openapi/exts/v7.0/index.css

@@ -0,0 +1,16 @@
+html {
+    box-sizing: border-box;
+    overflow: -moz-scrollbars-vertical;
+    overflow-y: scroll;
+}
+
+*,
+*:before,
+*:after {
+    box-sizing: inherit;
+}
+
+body {
+    margin: 0;
+    background: #fafafa;
+}

search/web/openapi/exts/v7.0/index.html

@@ -0,0 +1,120 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Swagger UI</title>
+    <link rel="stylesheet" type="text/css" href="./swagger-ui.css" />
+    <link rel="stylesheet" type="text/css" href="index.css" />
+    <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
+    <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
+    <style>
+    /* Styl pro vlastní tlačítka */
+    .app-custom-auth-buttons {
+      background: #f3f3f3;
+      border-bottom: 1px solid #e0e0e0;
+    }
+
+    .app-custom-auth-buttons .app-container {
+      text-align: right;
+      margin: 0 auto;
+      max-width: 1460px;
+      width: 100%;
+      padding: 16px 0;
+    }
+
+    .app-custom-auth-buttons button {
+      margin-left: 5px;
+      padding: 5px 10px;
+    }
+
+
+    .swagger-ui .topbar {
+      display: none;
+    }
+  </style>
+  </head>
+
+  <body>
+
+    <div class="app-custom-auth-buttons">
+      <div class="app-container">
+        <button id="login-button" onclick="login(CLIENT_URL)">Login</button>
+        <button id="logout-button" onclick="logout(CLIENT_URL)" disabled>Logout</button>
+      </div>
+    </div>
+
+    <div id="swagger-ui"></div>
+
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
+
+    <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
+    <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
+    <script src="./swagger-initializer.js" charset="UTF-8"> </script>
+    <script src="../../openapi-initializer.js" charset="UTF-8"> </script>
+
+    <script>
+
+
+        const currentUrl = window.location.origin;
+        window.onload = function() {
+        const ui = SwaggerUIBundle({
+            url: EXTS_DEFINITION_URL, 
+            dom_id: '#swagger-ui',
+            deepLinking: true,
+            defaultModelsExpandDepth: -1,
+            validatorUrl : null,
+            presets: [
+              SwaggerUIBundle.presets.apis,
+              SwaggerUIStandalonePreset
+            ],
+            plugins: [
+              SwaggerUIBundle.plugins.DownloadUrl
+            ],
+
+            requestInterceptor: (request) => {
+                if (TOKEN && TOKEN["access_token"]) {
+                    request.headers['Authorization'] = `Bearer ${TOKEN["access_token"]}`;
+                }
+                return request;
+            },
+
+            layout: "StandaloneLayout"
+      });
+      window.ui = ui;
+
+      setTimeout(function() {
+        const url = new URL(window.location.href);
+        const code = url.searchParams.get('code');
+        const tokenSet = url.searchParams.get('tokenSet');
+        if (code && !tokenSet) {
+            const redirectUri = window.location.origin + CLIENT_URL;
+            const encodedRedirectUri = encodeURIComponent(redirectUri);
+            const tokenUrl = window.location.origin + `/search/api/client/v7.0/user/auth/token?code=${encodeURIComponent(code)}&redirect_uri=${encodedRedirectUri}`;
+
+            $.get(tokenUrl)
+                .done(function(response) {
+
+                    if (response.error) {
+                        logout(CLIENT_URL);
+                    } else {
+                        TOKEN = response;
+                    }
+
+
+                    if (TOKEN && TOKEN["access_token"]) { 
+                        $("#login-button").prop("disabled", true);
+                        $("#logout-button").prop("disabled", false);
+                    }
+
+                }).fail(function(jqXHR, textStatus, errorThrown) {
+                    logout();
+                    console.error('Error fetching token:', textStatus, errorThrown);
+                });
+            }       
+        },1000);
+
+     };
+  </script>
+  </body>
+</html>

search/web/openapi/exts/v7.0/oauth2-redirect-kram.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="cs">
+<head>
+  <meta charset="UTF-8">
+  <title>OAuth2 Redirect</title>
+</head>
+<body>
+  <script>
+    'use strict';
+    // Tento skript umožňuje Swagger UI správně zpracovat OAuth2 redirect
+    function run() {
+      const params = window.location.hash.substring(1);
+      const query = {};
+      params.split('&').forEach(pair => {
+        const [key, value] = pair.split('=');
+        query[key] = decodeURIComponent(value);
+      });
+      window.opener.swaggerUIRedirectOauth2 && window.opener.swaggerUIRedirectOauth2(query);
+      window.close();
+    }
+
+    run();
+  </script>
+</body>
+</html>

search/web/openapi/exts/v7.0/oauth2-redirect.html

@@ -0,0 +1,79 @@
+<!doctype html>
+<html lang="en-US">
+<head>
+    <title>Swagger UI: OAuth2 Redirect</title>
+</head>
+<body>
+<script>
+    'use strict';
+    function run () {
+        var oauth2 = window.opener.swaggerUIRedirectOauth2;
+        var sentState = oauth2.state;
+        var redirectUrl = oauth2.redirectUrl;
+        var isValid, qp, arr;
+
+        if (/code|token|error/.test(window.location.hash)) {
+            qp = window.location.hash.substring(1).replace('?', '&');
+        } else {
+            qp = location.search.substring(1);
+        }
+
+        arr = qp.split("&");
+        arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
+        qp = qp ? JSON.parse('{' + arr.join() + '}',
+                function (key, value) {
+                    return key === "" ? value : decodeURIComponent(value);
+                }
+        ) : {};
+
+        isValid = qp.state === sentState;
+
+        if ((
+          oauth2.auth.schema.get("flow") === "accessCode" ||
+          oauth2.auth.schema.get("flow") === "authorizationCode" ||
+          oauth2.auth.schema.get("flow") === "authorization_code"
+        ) && !oauth2.auth.code) {
+            if (!isValid) {
+                oauth2.errCb({
+                    authId: oauth2.auth.name,
+                    source: "auth",
+                    level: "warning",
+                    message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
+                });
+            }
+
+            if (qp.code) {
+                delete oauth2.state;
+                oauth2.auth.code = qp.code;
+                oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
+            } else {
+                let oauthErrorMsg;
+                if (qp.error) {
+                    oauthErrorMsg = "["+qp.error+"]: " +
+                        (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
+                        (qp.error_uri ? "More info: "+qp.error_uri : "");
+                }
+
+                oauth2.errCb({
+                    authId: oauth2.auth.name,
+                    source: "auth",
+                    level: "error",
+                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
+                });
+            }
+        } else {
+            oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
+        }
+        window.close();
+    }
+
+    if (document.readyState !== 'loading') {
+        run();
+    } else {
+        document.addEventListener('DOMContentLoaded', function () {
+            run();
+        });
+    }
+</script>
+</body>
+</html>

search/web/openapi/exts/v7.0/swagger-initializer.js

@@ -0,0 +1,20 @@
+window.onload = function() {
+  //<editor-fold desc="Changeable Configuration Block">
+
+  // the following lines will be replaced by docker/configurator, when it runs in a docker-container
+  window.ui = SwaggerUIBundle({
+    url: "https://petstore.swagger.io/v2/swagger.json",
+    dom_id: '#swagger-ui',
+    deepLinking: true,
+    presets: [
+      SwaggerUIBundle.presets.apis,
+      SwaggerUIStandalonePreset
+    ],
+    plugins: [
+      SwaggerUIBundle.plugins.DownloadUrl
+    ],
+    layout: "StandaloneLayout"
+  });
+
+  //</editor-fold>
+};

search/web/openapi/openapi-initializer.js

@@ -0,0 +1,24 @@
+
+/** Definition url */
+var CLIENT_URL = '/search/openapi/client/v7.0/index.html'
+var ADMIN_URL = '/search/openapi/admin/v7.0/index.html'
+var EXTS_URL = '/search/openapi/exts/v7.0/index.html'
+
+/** Clients url */	
+var CLIENT_DEFINITION_URL = "/search/api/client/v7.0/embedded/files/client/v7.0/openapi.yaml"
+var ADMIN_DEFINITION_URL = "/search/api/client/v7.0/embedded/files/admin/v7.0/openapi.yaml"
+var EXTS_DEFINITION_URL = "/search/api/client/v7.0/embedded/files/exts/v7.0/openapi.yaml"
+
+var TOKEN = null;
+
+function login(redirectPostfix) {
+  const redirectUri = window.location.origin + redirectPostfix;
+  const authorizationUrl = `/search/api/client/v7.0/user/auth/login?redirect_uri=${encodeURIComponent(redirectUri)}`;
+  window.location.href = authorizationUrl;
+}
+
+function logout(redirectPostfix) {
+  const redirectUri = window.location.origin + redirectPostfix;
+  const authorizationUrl = `/search/api/client/v7.0/user/auth/logout?redirect_uri=${encodeURIComponent(redirectUri)}`;
+  window.location.href = authorizationUrl;
+}