Skip to content

Commit

Permalink
move data sent to nuts-pxp from headers to body (#495)
Browse files Browse the repository at this point in the history
* fix customers.json changes

* move data from headers to body

* delete customers.json files
  • Loading branch information
gerardsn authored Jul 17, 2024
1 parent dd0af3a commit 8385965
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 15 deletions.
22 changes: 17 additions & 5 deletions api/transfer.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package api

import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -201,14 +202,25 @@ func (w Wrapper) UpdateTransferNegotiationStatus(ctx echo.Context, transferID st
func (w Wrapper) NotifyTransferUpdate(ctx echo.Context, taskID string) error {
// This gets called by a transfer sending XIS to inform the local node there's FHIR tasks to be retrieved.
// The PEP added introspection result to the X-Userinfo header
introspectionResult := ctx.Request().Header.Get("X-Userinfo")
//log.Errorf("X-Userinfo: %s", introspectionResult)

if introspectionResult == "" {
b64IntrospectionResult := ctx.Request().Header.Get("X-Userinfo")
//log.Errorf("X-Userinfo: %s", b64IntrospectionResult)
if b64IntrospectionResult == "" {
return errors.New("missing X-Userinfo header")
}

// b64 -> json string
introspectionResult, err := base64.URLEncoding.DecodeString(b64IntrospectionResult)
if err != nil {
return fmt.Errorf("failed to base64 decode X-Userinfo header: %w", err)
}

// json string -> map
target := map[string]interface{}{}
_ = json.Unmarshal([]byte(introspectionResult), &target)
err = json.Unmarshal(introspectionResult, &target)
if err != nil {
return fmt.Errorf("failed to unmarshal X-Userinfo header: %w", err)
}

// client_id for senderDID and sub for customerDID
senderDID := target["client_id"].(string)
customerDID := target["sub"].(string)
Expand Down
3 changes: 1 addition & 2 deletions docker-compose/left/config/pep/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -102,8 +102,7 @@ http {
location /_oauth2_authorize {
internal;
proxy_method POST;
proxy_set_header request $request;
proxy_set_header X-Userinfo $http_x_userinfo;
proxy_set_header Content-Type "application/json";
proxy_pass http://pip-left/v1/data;
}
}
Expand Down
18 changes: 15 additions & 3 deletions docker-compose/left/config/pep/oauth2.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ function introspectAccessToken(r) {
const introspection = JSON.parse(reply.responseBody);
if (introspection.active === true) {
//dpop(r, introspection.cnf)
r.headersOut['X-Userinfo'] = reply.responseBody;
r.headersOut['X-Userinfo'] = btoa(reply.responseBody);
r.return(200);
} else {
r.return(403);
Expand All @@ -31,13 +31,25 @@ function introspectAccessToken(r) {
function authorize(r) {
// const xUserinfo = r.headersIn['X-Userinfo'];
// const requestLine = r.request
const input =
JSON.stringify({
"input": {
"request": {
"method": r.variables.request_method,
"path": r.variables.request_uri, // original non-normalized request_uri, may need some processing in more complex situations
"headers": {
"X-Userinfo": r.headersIn["X-Userinfo"]
}
}
}
});
r.subrequest("/_oauth2_authorize",
{ method: "POST"},
{ method: "POST", body: input},
function(reply) {
if (reply.status === 200) {
r.error(reply.responseBody);
const authResult = JSON.parse(reply.responseBody);
if (authResult.allow === true) {
if (authResult.result.allow === true) {
r.return(200);
} else {
r.return(403);
Expand Down
3 changes: 1 addition & 2 deletions docker-compose/right/config/pep/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -102,8 +102,7 @@ http {
location /_oauth2_authorize {
internal;
proxy_method POST;
proxy_set_header request $request;
proxy_set_header X-Userinfo $http_x_userinfo;
proxy_set_header Content-Type "application/json";
proxy_pass http://pip-right/v1/data;
}
}
Expand Down
19 changes: 16 additions & 3 deletions docker-compose/right/config/pep/oauth2.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ function introspectAccessToken(r) {
const introspection = JSON.parse(reply.responseBody);
if (introspection.active === true) {
//dpop(r, introspection.cnf)
r.headersOut['X-Userinfo'] = reply.responseBody;
r.headersOut['X-Userinfo'] = btoa(reply.responseBody);
r.return(200);
} else {
r.return(403);
Expand All @@ -31,13 +31,26 @@ function introspectAccessToken(r) {
function authorize(r) {
// const xUserinfo = r.headersIn['X-Userinfo'];
// const requestLine = r.request
const input =
JSON.stringify({
"input": {
"request": {
"method": r.variables.request_method,
"path": r.variables.request_uri, // original non-normalized request_uri, may need some processing in more complex situations
"headers": {
"X-Userinfo": r.headersIn["X-Userinfo"]
}
}

}
});
r.subrequest("/_oauth2_authorize",
{ method: "POST"},
{ method: "POST", body: input},
function(reply) {
if (reply.status === 200) {
r.error(reply.responseBody);
const authResult = JSON.parse(reply.responseBody);
if (authResult.allow === true) {
if (authResult.result.allow === true) {
r.return(200);
} else {
r.return(403);
Expand Down

0 comments on commit 8385965

Please sign in to comment.