Skip to content

Commit

Permalink
refactor(cmd-api-server): pull OAuth2 endpoint scopes from openapi.json
Browse files Browse the repository at this point in the history
Primary Changes
----------------
1. added OAuth2 security endpoints scopes to openapi.json
2. added a test to make sure if the scopes are indeed getting
   pulled from the spec file

Fixes #2693

Signed-off-by: aldousalvarez <[email protected]>

1. Please also refactor the third endpoint (prometheus metrics) accordingly
2. Also please extend the test case with each tokens having specific scopes
and then assert that the tokesn with the correct scopes work and the ones
that don't have the correct scopes do not even when they are otherwise
valid tokens.

Signed-off-by: Peter Somogyvari <[email protected]>
  • Loading branch information
aldousalvarez committed Nov 26, 2024
1 parent 27a24dd commit 585aad9
Show file tree
Hide file tree
Showing 30 changed files with 1,106 additions and 45 deletions.
2 changes: 1 addition & 1 deletion packages/cactus-cmd-api-server/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@
"fastify": "4.28.1",
"fs-extra": "11.2.0",
"google-protobuf": "3.21.4",
"http-status-codes": "2.1.3",
"jose": "4.15.5",
"json-stable-stringify": "1.0.2",
"lmify": "0.3.0",
Expand Down Expand Up @@ -134,7 +135,6 @@
"google-protobuf": "3.21.4",
"grpc-tools": "1.12.4",
"grpc_tools_node_protoc_ts": "5.3.3",
"http-status-codes": "2.1.4",
"protobufjs": "7.4.0",
"tsx": "4.16.2"
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ client.go
configuration.go
go.mod
go.sum
model_cmd_api_server_endpoint_error_response.go
model_health_check_response.go
model_memory_usage.go
model_watch_healthcheck_v1.go
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,14 +84,26 @@ Class | Method | HTTP request | Description

## Documentation For Models

- [CmdApiServerEndpointErrorResponse](docs/CmdApiServerEndpointErrorResponse.md)
- [HealthCheckResponse](docs/HealthCheckResponse.md)
- [MemoryUsage](docs/MemoryUsage.md)
- [WatchHealthcheckV1](docs/WatchHealthcheckV1.md)


## Documentation For Authorization

Endpoints do not require authorization.

Authentication schemes defined for the API:
### bearerTokenAuth

- **Type**: HTTP Bearer token authentication

Example

```golang
auth := context.WithValue(context.Background(), sw.ContextAccessToken, "BEARER_TOKEN_STRING")
r, err := client.Service.Operation(auth, args)
```


## Documentation for Utility Methods
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ info:
version: 2.0.0
servers:
- url: /
security:
- bearerTokenAuth:
- read:health
- read:metrics
- read:spec
paths:
/api/v1/api-server/healthcheck:
get:
Expand All @@ -21,6 +26,21 @@ paths:
schema:
$ref: '#/components/schemas/HealthCheckResponse'
description: OK
"401":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Unauthorized - Invalid token
"403":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Forbidden - Valid token but missing correct scope
security:
- bearerTokenAuth:
- read:health
summary: Can be used to verify liveness of an API server instance
x-hyperledger-cacti:
http:
Expand All @@ -37,6 +57,21 @@ paths:
schema:
$ref: '#/components/schemas/PrometheusExporterMetricsResponse'
description: OK
"401":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Unauthorized - Invalid token
"403":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Forbidden - Valid token but missing correct scope
security:
- bearerTokenAuth:
- read:metrics
summary: Get the Prometheus Metrics
x-hyperledger-cacti:
http:
Expand All @@ -54,6 +89,21 @@ paths:
schema:
$ref: '#/components/schemas/GetOpenApiSpecV1EndpointResponse'
description: OK
"401":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Unauthorized - Invalid token
"403":
content:
'*/*':
schema:
$ref: '#/components/schemas/CmdApiServerEndpointErrorResponse'
description: Forbidden - Valid token but missing correct scope
security:
- bearerTokenAuth:
- read:spec
x-hyperledger-cacti:
http:
verbLowerCase: get
Expand Down Expand Up @@ -127,3 +177,14 @@ components:
GetOpenApiSpecV1EndpointResponse:
nullable: false
type: string
CmdApiServerEndpointErrorResponse:
properties:
message:
example: |
Forbidden - Valid token but missing correct scope
type: string
securitySchemes:
bearerTokenAuth:
bearerFormat: JSON Web Tokens
scheme: bearer
type: http

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 585aad9

Please sign in to comment.