Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

node backend: Consume both user and groups from http headers. #1439

Closed
jesade-vbg opened this issue Dec 4, 2023 · 1 comment
Closed

node backend: Consume both user and groups from http headers. #1439

jesade-vbg opened this issue Dec 4, 2023 · 1 comment
Assignees
Milestone

Comments

@jesade-vbg
Copy link
Contributor

We need a way, a diffrent way, to verify access and layervisibility using headers.

The suggested middle way is to have a proxy that sends both user and groups to nodejs backend using http headers.
Then... the nodejs backend consumes both user and groups from the http headers.

Example input to nodejs. Headers configured in .env-file

X-Control-Header:USER
X-Control-Group-Header:Group1,Group2,Group3

This way, nodejs does not need the AD connection and search capabilities because this is moved to the proxy.

By implementing this, it might be a sollution to get up and running faster when using IIS webserver.

Not that:
This sollution will also require a working proxy and @Hallbergs has a potential .net core IIS module for this.
The potential proxy will be linked in this issue in the near future.

@jesade-vbg jesade-vbg added this to the 3.x milestone Dec 4, 2023
@jesade-vbg jesade-vbg self-assigned this Dec 4, 2023
jacobwod added a commit that referenced this issue Dec 5, 2023
…an what could be expected when inside an instance of ActiveDirectory. Let's save and use a variable reference to the logger.
jacobwod added a commit that referenced this issue Dec 5, 2023
…an what could be expected when inside an instance of ActiveDirectory. Let's save and use a variable reference to the logger.
jacobwod added a commit that referenced this issue Dec 5, 2023
@jesade-vbg jesade-vbg modified the milestones: 3.x, 3.13 Dec 5, 2023
@jesade-vbg
Copy link
Contributor Author

Now running this live on multiple Hajk-instances on IIS using NodeHoster

jacobwod added a commit that referenced this issue Mar 7, 2024
* npm up

* Added the ENABLE_WEBSOCKETS variable to .env so we can easily turn this functionality on and off.

* Streamlining Halmstad's production branch, removed unused components.

* Changed browserslist to a simple 'defaults' only.

* Added an optional hyphen and centered the app load text.

* Deps bump for Backend

* Since the separation of V1 and V2 APIs, hajkLogger has been moved to utils.

* First step towards making Backend fully ESM-compatible:
- Necessary changes made in package.json
- Most other changes are due to a missing file extension in most imports.
- One small change was that __dirname isn't available when using ESM, so I changed the way we resolve path to the YAML specifications by using process.cwd(), as we do in other fs.* functions.
- I'm testing the VSCode-GitHub integration now, hence the branch name that does not follow our convention - sorry

* Removed Babel, etc:
- Removed Babel, including: 'compile' step in package.json and other commands, all dependencies and configuration file
- Replaced the 'compile' step with a basic copy of directory to dist/. The reasoning behind this is that it let's us continue using current Dockerfiles etc without any changes.
- Major cleanups in ESlint config. Seems good so far, check out the screenshot in this issue: https://github.com/hajkmap/Hajk/issues/1328\#issuecomment-1517542129
- Moved Prettier's config to an own file
- Prettier seems fine too, see screenshot above
- If this works as intended, we have a much cleaner toolchain. NodeJS 16+ is now required but it shouldn't be a major problem.

* Added missing definition, no idea how it got lost.

* New lock file after clean deps install. Should close #1328.

* Workaround the fact that __dirname isn't available in ESM. This pretty much closes #1328.

* Removed Windows Service references as they're not needed in our environment.

* Fixes to the WebSocket part that exists in this branch, its imports must also be converted to ESM of course.

* Ensure that the OpenApiValidator runs _after_ any async routes have been imported:
- This was discovered in #1332 but the problem first came up in #1309.
- OAV will only take care of routes that exists when the middleware runs. Hence, any async imports that haven't yet run will be unknown to the OAV and render a 404.
- This ugly setTimeout fix takes care of it but I'm open for a better solution (including discussing the future of OAV in our Backend).

* npm i

* Upgraded query-string that awaited the completition of #1328.

* I need to bump the version number across the product to easily keep track of running versions.

* This has grown pretty big since yesterday, time for an initial commit:
- WIP so expect a lot of warnings
- See #1360 for issue
- See also the README.md in the plugin's dir for more info on configuration.

* Now also passing down the coordinates of clicked point.

* Revert "Merge pull request #1346 from hajkmap/feature/1316-PermanentDrawerOption"

This reverts commit 38564d6, reversing
changes made to dbbc37e.

This will be re-merged once #1367 is closed.

* GeosuiteExport is not part of our toolset.

* We've successfully migrated Draw->Sketch so there's no need to include it in the build anymore.

* Fix for #1309: import of XMLParser fell behind in the V2 API after the split. Corrected now.

* Some significant dependencies bumped to latest versions:
- Most notably a couple of our dependencies now dropped support for Node 8 (which we don't support anyway), so shouldn't be breaking to us.

* Infoclick: allow for some common Markdown and URL characters inside the infoclick placeholder string:
- I've implemented both of the proposals from #1368 in this commit
- Closes #1368.

* A refined approach towards grabbing and replacing infoclick placeholders with values, closes #1368.

* Ensure that useMapService always evaluates to a boolean. Fix for 'new' API's loading of simpleMapConfig if no mapserviceBase is specified.

* Bumped version across the project to reflect the latest changes.

* Manually added CSS class definition for .material-icons:
- For reasons unknown, the definition has disappeard recently.
- We should look into this further, but to fix it as quickly as possible, I'm adding it manually for now.

* v.3.13.4

* Turns out the solution in 6b6429a was the correct one:
- According to the docs, adding the .material-icons class is exactly what has to be done.
- I'm doing another commit on it thought, to reflect the official structure inside the class, as specified in https://fontsource.org/docs/getting-started/material-icons

* Removed all references to the legacy 'shortcode' feature in FeatureInfo, also removed unused deps.

* Removed legacy/unused plugins:
- Draw
- Measure
- VTSearch

* Latest package-lock

* Used 'npx depcheck' to identify missing deps. Fixed by adding.

* Migrated from 'magic' module resolving to relative paths, this will be needed to further migrate to e.g. Vite anyway, so it's good to fix it right away.

* Version bump

* Succesfully upgraded a couple of deps:
- The upgrades here are verified to work
- Notable change is the major version bump on ESlint and Prettier. There have been some new defaults, among which new default for https://prettier.io/docs/en/options.html\#trailing-commas caused some confusion. The team has decided to disable it in our project, hence the change in .prettierrc.
- I also ran 'npx prettier -w .' so there are some minor changes to the formatting in various files.

* Fixed what was necessary to upgrade react-number-format. Didn't have time to properly replace this (as we seem to use it solely for the thousands separator) as I suggested elsewhere. Nevertheless, closes #1207.

* Upgraded IntroJS and deps to latest version.

* Upgraded MUI's DataGrid to v6

* Major upgrade: PDFjs.

* Added plugin-proposal-private-property-in-object to the list of dependencies in order to get rid of a warning from Babel

* Finalized the migration to consolidated loading approach, first started in #682:
- Ensured that the static approach (aka simpleMapConfig loading) works in the consolidated loading part of code
- Merged simpleMapConfig and simpleLayersConfig into a new file. Added keys needed for consolidated parser. Removed legacy files.
- This could still be rewritten to async/await rather than the current Promise callback hell way of doing things, but I leave it for now.

* Removed 'experimentalNewApi' from appConfig

* Rewrote initial loading to async/await, added new Error page:
- I got rid of the nested promise callbacks, now it's all in one try/catch
- A new error page is added. It's (hopefully) nice and clean. It also features a reload button that will attempt to reset the application's state by redirecting to '/'. Should this not work, there are more things to try out (parsing the documnent.location and removing searchParams manually).

* Version bump

* Much better placement of loading error box across different screen sizes.

* Make it possible to have a clean appConfig.json by emulating default values for some required properties in index.js.

* Version bump

* Ensure that the default API path in Swagger leads to V2.

* Typo

* Added the 'Simple Edit Workflow' to edit plugin, closes #1377.

* Version bump

* Hotfix to 7decf9c, #1377:
- Ensure that we auto-activate the modify tool if user goes backwards in the Simple Edit workflow.

* Version bump

* Get rid of warning about 'preset' not being part of active plugins: it's core nowadays, hence it can be hard-coded as active.

* Bug fix: the 'missing plugins' message was not so silent after all. Fixed. Shows only if it detects something.

* Deps bump

* Removed unused keys from default appConfig

* Removed unused dependency from hook deps array in Measurer.

* This has grown pretty big since yesterday, time for an initial commit:
- WIP so expect a lot of warnings
- See #1360 for issue
- See also the README.md in the plugin's dir for more info on configuration.

* Now also passing down the coordinates of clicked point.

* New approach towards setting layers' visibility. Taking a break for now though since I need to investigate some strange behaviour in LayerGroupItem related to #1252.

* Added two comments about lines modified in #1304 to fix #1291 that don't do much.

* Some progress once I gave up the sublayers functionality:
- Toggeling a sublayer will toggle all sublayers under the same layer. This is a trade-off.
- Some nice functionality added, such as the layer toggler, better listing including nice icon (from infoclick config), etc.

* init commit, changed logic that prev removed drawerButtons

* minor fix

* Major additions:
- UI revised
- Quick toggle buttons for often accessed layers
- and more…

* Added the optional bgColor setter for features in MapClickViewer, closes #1385.

* v3.13.10

* Revert "Revert "Merge pull request #1346 from hajkmap/feature/1316-PermanentDrawerOption""

This reverts commit 55b01ed.

* v3.13.11

* Addded the CHANGELOG.md with some initial (incomplete) entries.

* CHANGELOG additions

* CHANGELOG.md is up-to-date with the current state in hstd-main.

* Upgraded deps.

* Corrected the UI, added info that shows when no features are returned. Other fixes.

* Updated changelog

* The QuickLayer toggle buttons now show both icon and caption.

* Multiple additions:
- Features that belong to the same layer (but different sublayers) are now shown next to each other.
- The control whether the layer actually exists in OLMap or not happens outside the FeatureItem view. This means that the component could be simplified by removing unneccesary checks that were previously required.
- UI changes, hopefully for the better.
- Some preparations for sending the GetFeatureInfo for specific layer (i.e. auto-trigger MapClickViewer). This will however require more work and refactoring in MapClickModel.

* Added a nice little snackbar that informs user to click in map to select a property.

* Made it easier to toggle layer visibility by allowing click on the entire list item

* Added a help dialog that explains how to use this tool.

* Terminology change after dialog with reference group.

* Info about #1403 in changelog

* v3.13.12, see CHANGELOG.md for more info

* QuickLayerToggleButtons correctly reflect the initial layer visibility state.

* Better help desc, according to focus group.

* Fix to stop propagation in the help dialog.

* Added the Report Dialog:
- For each property that got matched, users can now make a selection of layers that have been 'controlled' (in some way, depending on the procedure).
- Layers with ticked checkboxes will now appear in a separate Dialog window, called Report Dialog.
- From here, users will be able to select the text (I'll probably add some copy-to-clipboard soon) and paste into their reports/other systems.

* Minor fixes

* The Report dialog has been greatly enhanced with a copy-to-clipboard function that copies both as plain text and rich text (suitable for e.g. pasting into Word).

* Typo

* Updates in CHANGELOG

* Added a script to ease deps install.

* The Report dialog looks better, the list now has bullets too.

* Removed the 360px width limit in MapClickViewer lists. Closes #1411.

* Added note on #1411 to changelog.

* v.3.13.13

* The `/ad/findCommonADGroupsForUsers` endpoint works again. Closes #1415.

* v.3.13.14

* Made the layer ids visible in Admins layer manager list.

* Initial changes required to expand this plugin with another view - Digital Plans:
- As the requirements have changed a bit, I'm not making some refactoring. The plan is to expand the plugin with a new view that will show
  another list of properties, different from the list created from the initial request ('check layer').
- I'm not implementing the new view yet, as it's not really clear how we want to display it. But we're ready from now on.

* Rough WIP: added Tabs to separate the check layer features from digital plan features. This will need refactoring, comming up soon.

* Major refactoring after a meeting with the client: this way it'll be easier to maintain and expand in the future. Nothing new in the UI since the last commit.

* Big commit with the following:
- Completely rewritten the way that we render list of check layer items. In addition to visual changes, there's a new field available that allows users to write simple notations on each item, that will get transferred to the final report.
- I've started the initial implementation of showing those notes in the final report. I'm not done yet though as I await response from the client regarding which form this should be presented in.
- Speaking of response from client: it turns out that they'd want to use this tool to show another report that showcases which digital layers affect the clicked point. This led me to rewrite and add more parts to the plugin. The new concept is called Digital Plans and shows up as a second tab (next to the Check Layer items). The new Digital Plans check will become a part of the final report as well, but I'm awaiting feedback here too.

* Preparations for the first Public Beta of PropertyChecker:
- Cleaned up the report generator, ensured same output to different formats.
- Removed some logs messages.
- Other fixes.

* Upgraded deps in Client and Backend

* v3.13.15: First Public Beta of Property Checker

* Fixes a bug where GetFeatureInfo used wrong resolution.

* v3.13.16

* Tightened security in backend: if AD_LOOKUP_ACTIVE is 'false' but RESTRICT_ADMIN_ACCESS_TO_AD_GROUPS has a value, access to admin-only endpoints will be restricted (to everyone).

* v3.13.17

* v3.13.17

* Avoid float values in z param in URL hash, closes #1422.

* Added #1422 to the changelog.

* Added an option to Admin that allows setting autofocus in Search field on app load, closes #1424.

* v3.13.18

* Fix to #1257: ensure that even non-togglable groups are marked with bold font. Plus a minor change from 'style' to 'sx' in one element.

* Bump to v3.13.19

* Upgraded deps, among those react-markdown, which required some work. Closes #1425.

* Changes in changelog

* Don't render tabs in LayerSwitcher if no layers are to be shown inside, closes #1431.

* Support for the EPSG:5847 in Admin UI. Keep in mind that you still need to add appropriate projection definitions to each map config.

* v3.13.20

* The tools list in Admin is now refreshed: only current tools are available, sorting is alphabetical.

* WMSLayer's onImageError should also result in the load failed indicator in LayerSwitcher.

* Sorting in PropertyChecker now takes layer's caption into account.

* Show layer load error indicator in PropertyChecker's layers list, if loading failed.

* Changelog

* Merged two new PRs from upstream

* Fix for #1439 and its LdapService: 'this' refers to something else than what could be expected when inside an instance of ActiveDirectory. Let's save and use a variable reference to the logger.

* Added #1439 to the changelog

* Backend: show 403 Forbidden rather than 500 if access was not allowed:
- I created a custom error class, AccessError, in order to distinguish access errors from the rest in our handleStandardResponse().
- The Service will now send an AccessError if the reason is that the authenticated user lacks autorizaton to a certain resource.

* Updated changelog

* Updated deps in Client and Backend

* Fixed some irritating whitespace formatting mismatches between current and older ESlint versions.

* Prettier fixes in Backend too.

* Cleanups in PropertyChecker to get rid of some warnings.

* A whole lot of refactoring. The plugin is growing, I need to separate the views.

* Important additions, implemented a first view of digital plans. Some work remains, such as adding checkboxes etc (as in the Check Layers view), the Report and so on. But it's a good start.

* PropertyChecker: added an option to disable the Generate Report functionality. Needed when we want to release this tool to a broader public audience.

* Major additions to PropertyChecker, main feature is the new Digital Plans view and correpsonding Report.

* Replaced all hard-coded attribute names with values retrived from Admin. This will aid anyone wanting to adapt it into their own setup.

* PropertyChecker: important improvment - clicks that'd give results from more than 1 property are disallowed. Also, marker feature is added only for the property layer, not digital plans layer.

* Updated changelog for v3.13.22

* Warning fix

* PropertyChecker: Fix to hide unneeded UI elements when enableDigitalPlansReport is false.

* Missed two files in v3.13.22

* Prepared the v3.13.23 release.

* Implemented auto-rotation (to an admin-specified value) for background layers. Closes #1451.

* Release v3.13.24

* Added recent changes, merged from develop, to the changelog.

* The reinstall dependencies script now also runs audit fix.

* Updated deps, version number

* Fixed missing keys in Docker's appConfig.json

* Revert Halmstad-specific branding

* Updated CHANGELOG to reflect recent merge

---------

Co-authored-by: OlofSvahnVbg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

No branches or pull requests

2 participants