Remove NutsAuthorizationCredential based authorization in preparation…

… for v6 features

api/auth.go

@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"github.com/nuts-foundation/nuts-demo-ehr/nuts/client/iam"
 	"net/http"
 	"strings"
 	"sync"
@@ -17,7 +18,6 @@ import (
 	"github.com/lestrrat-go/jwx/jwt"
 	"github.com/lestrrat-go/jwx/jwt/openid"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/customers"
-	"github.com/nuts-foundation/nuts-demo-ehr/nuts/client/auth"
 )
 
 const MaxSessionAge = time.Hour
@@ -35,7 +35,7 @@ type Auth struct {
 }
 
 type Session struct {
-	Presentation *auth.VerifiablePresentation
+	Presentation *iam.VerifiablePresentation
 	CustomerID   int
 	StartTime    time.Time
 	UserInfo     UserInfo

api/inbox.go

@@ -1,7 +1,6 @@
 package api
 
 import (
-	"errors"
 	"fmt"
 	"net/http"
 
@@ -17,15 +16,11 @@ func (w Wrapper) GetTransferRequest(ctx echo.Context, requestorDID string, fhirT
 	if err != nil {
 		return err
 	}
-	if session.Presentation == nil {
-		return errors.New("unable to get transfer request without elevation")
-	}
 
 	transferRequest, err := w.TransferReceiverService.GetTransferRequest(
 		ctx.Request().Context(),
 		session.CustomerID,
 		requestorDID,
-		*session.Presentation,
 		fhirTaskID,
 	)
 	if err != nil {

api/transfer.go

@@ -1,17 +1,15 @@
 package api
 
 import (
-	"errors"
 	"fmt"
+	"github.com/monarko/fhirgo/STU3/datatypes"
+	"github.com/monarko/fhirgo/STU3/resources"
+	"github.com/nuts-foundation/nuts-demo-ehr/domain/fhir"
 	"net/http"
 
-	"github.com/nuts-foundation/nuts-demo-ehr/http/proxy"
-
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/notification"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/transfer"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/types"
-	httpAuth "github.com/nuts-foundation/nuts-demo-ehr/http/auth"
-	nutsAuthClient "github.com/nuts-foundation/nuts-demo-ehr/nuts/client/auth"
 	"github.com/sirupsen/logrus"
 
 	"github.com/labstack/echo/v4"
@@ -200,35 +198,30 @@ func (w Wrapper) UpdateTransferNegotiationStatus(ctx echo.Context, transferID st
 
 func (w Wrapper) NotifyTransferUpdate(ctx echo.Context, taskID string) error {
 	// This gets called by a transfer sending XIS to inform the local node there's FHIR tasks to be retrieved.
-	rawToken := ctx.Get(httpAuth.AccessToken)
-	if rawToken == nil {
-		// should have been caught by security filter
-		return errors.New("missing access-token")
-	}
-	token, ok := rawToken.(nutsAuthClient.TokenIntrospectionResponse)
-	if !ok {
-		// should have been caught by security filter
-		return errors.New("missing access-token")
-	}
-
-	senderDID := token.Sub
-	if senderDID == nil {
-		return errors.New("missing 'sub' in access-token")
-	}
-	customerDID := token.Iss
-	if customerDID == nil {
-		return errors.New("missing 'Iss' in access-token")
-	}
+	// TODO: These need to come from token introspection
+	panic("not implemented, TODO")
+	var customerDID *string
+	var senderDID *string
 
+	codeError := datatypes.Code("error")
+	codeInvalid := datatypes.Code("invalid")
+	severityError := datatypes.Code("error")
 	customer, err := w.CustomerRepository.FindByDID(*customerDID)
 	if err != nil {
-		return ctx.JSON(http.StatusInternalServerError, &proxy.OperationOutcome{
-			Text: "an error occurred",
-			Issue: &proxy.Issue{
-				Code:     "error",
-				Severity: "error",
-				Details: &proxy.IssueDetails{
-					Text: err.Error(),
+
+		return ctx.JSON(http.StatusInternalServerError, &resources.OperationOutcome{
+			Domain: resources.Domain{
+				Text: &datatypes.Narrative{
+					Div: fhir.ToStringPtr("an error occurred"),
+				},
+			},
+			Issue: []resources.OperationOutcomeIssue{
+				{
+					Code:     &codeError,
+					Severity: &severityError,
+					Details: &datatypes.CodeableConcept{
+						Text: fhir.ToStringPtr(err.Error()),
+					},
 				},
 			},
 		})
@@ -237,13 +230,19 @@ func (w Wrapper) NotifyTransferUpdate(ctx echo.Context, taskID string) error {
 	if customer == nil {
 		logrus.Warnf("Received transfer notification for unknown customer DID: %s", *senderDID)
 
-		return ctx.JSON(http.StatusNotFound, &proxy.OperationOutcome{
-			Text: "taskOwner unknown on this server",
-			Issue: &proxy.Issue{
-				Code:     "invalid",
-				Severity: "error",
-				Details: &proxy.IssueDetails{
-					Text: fmt.Sprintf("received transfer notification for unknown taskOwner with DID: %s", *senderDID),
+		return ctx.JSON(http.StatusNotFound, &resources.OperationOutcome{
+			Domain: resources.Domain{
+				Text: &datatypes.Narrative{
+					Div: fhir.ToStringPtr("taskOwner unknown on this server"),
+				},
+			},
+			Issue: []resources.OperationOutcomeIssue{
+				{
+					Code:     &codeInvalid,
+					Severity: &codeError,
+					Details: &datatypes.CodeableConcept{
+						Text: fhir.ToStringPtr(fmt.Sprintf("received transfer notification for unknown taskOwner with DID: %s", *senderDID)),
+					},
 				},
 			},
 		})

config.go

@@ -46,10 +46,6 @@ func defaultConfig() Config {
 		Verbosity:       defaultLogLevel,
 		FHIR: FHIR{
 			Server: defaultHAPIFHIRServer,
-			Proxy: FHIRProxy{
-				Enable: true,
-				Path:   "/fhir",
-			},
 		},
 		CustomersFile:      defaultCustomerFile,
 		Credentials:        Credentials{Password: "demo"},
@@ -100,7 +96,6 @@ type CarePlanService struct {
 
 type FHIR struct {
 	Server FHIRServer `koanf:"server"`
-	Proxy  FHIRProxy  `koanf:"proxy"`
 }
 
 type FHIRServer struct {
@@ -112,11 +107,6 @@ func (server FHIRServer) SupportsMultiTenancy() bool {
 	return server.Type == "hapi-multi-tenant"
 }
 
-type FHIRProxy struct {
-	Enable bool   `koanf:"enable"`
-	Path   string `koanf:"path"`
-}
-
 type Credentials struct {
 	Password string `koanf:"password" json:"-"` // json omit tag to avoid having it printed in server log
 }

domain/episode/service.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/acl"
+	"github.com/nuts-foundation/nuts-demo-ehr/nuts/client"
 	"github.com/sirupsen/logrus"
 	"net/url"
 	"strings"
@@ -15,7 +16,6 @@ import (
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/fhir/zorginzage"
 	reports "github.com/nuts-foundation/nuts-demo-ehr/domain/reports"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/types"
-	"github.com/nuts-foundation/nuts-demo-ehr/http/auth"
 	"github.com/nuts-foundation/nuts-demo-ehr/nuts/registry"
 )
 
@@ -43,14 +43,14 @@ func parseAuthCredentialSubject(authCredential vc.VerifiableCredential) (*regist
 
 type service struct {
 	factory       fhir.Factory
-	auth          auth.Service
+	nutsClient    *client.HTTPClient
 	aclRepository *acl.Repository
 	registry      registry.OrganizationRegistry
 	vcr           registry.VerifiableCredentialRegistry
 }
 
-func NewService(factory fhir.Factory, auth auth.Service, registry registry.OrganizationRegistry, vcr registry.VerifiableCredentialRegistry, aclRepository *acl.Repository) Service {
-	return &service{factory: factory, auth: auth, registry: registry, vcr: vcr, aclRepository: aclRepository}
+func NewService(factory fhir.Factory, nutsClient *client.HTTPClient, registry registry.OrganizationRegistry, vcr registry.VerifiableCredentialRegistry, aclRepository *acl.Repository) Service {
+	return &service{factory: factory, nutsClient: nutsClient, registry: registry, vcr: vcr, aclRepository: aclRepository}
 }
 
 func parseEpisodeOfCareID(authCredential vc.VerifiableCredential) (string, error) {
@@ -215,7 +215,8 @@ func (service *service) GetReports(ctx context.Context, customerDID, patientSSN
 		return nil, fmt.Errorf("error while searching organization :%w", err)
 	}
 
-	accessToken, err := service.auth.RequestAccessToken(ctx, customerDID, issuer, zorginzage.ServiceName, []vc.VerifiableCredential{credentials[0]}, nil)
+	// TODO: Should be user access token?
+	accessToken, err := service.nutsClient.RequestServiceAccessToken(ctx, customerDID, issuer, zorginzage.ServiceName)
 	if err != nil {
 		return nil, err
 	}
@@ -225,7 +226,7 @@ func (service *service) GetReports(ctx context.Context, customerDID, patientSSN
 		return nil, err
 	}
 
-	fhirClient := fhir.NewFactory(fhir.WithURL(fhirServer), fhir.WithAuthToken(accessToken.AccessToken))()
+	fhirClient := fhir.NewFactory(fhir.WithURL(fhirServer), fhir.WithAuthToken(accessToken))()
 
 	fhirEpisode := &fhir.EpisodeOfCare{}
 	err = fhirClient.ReadOne(ctx, "/EpisodeOfCare/"+episodeOfCareID, fhirEpisode)

domain/notification/handler.go

@@ -4,14 +4,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	nutsClient "github.com/nuts-foundation/nuts-demo-ehr/nuts/client"
 
 	"github.com/monarko/fhirgo/STU3/resources"
-	"github.com/nuts-foundation/go-did/vc"
-
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/fhir"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/transfer"
 	"github.com/nuts-foundation/nuts-demo-ehr/domain/transfer/receiver"
-	"github.com/nuts-foundation/nuts-demo-ehr/http/auth"
 	"github.com/nuts-foundation/nuts-demo-ehr/nuts/registry"
 )
 
@@ -27,22 +25,22 @@ type Handler interface {
 }
 
 type handler struct {
-	auth                   auth.Service
+	nutsClient             *nutsClient.HTTPClient
 	localFHIRClientFactory fhir.Factory
 	transferService        receiver.TransferService
 	registry               registry.OrganizationRegistry
 	vcr                    registry.VerifiableCredentialRegistry
 }
 
 func NewHandler(
-	auth auth.Service,
+	nutsClient *nutsClient.HTTPClient,
 	localFHIRClientFactory fhir.Factory,
 	transferReceiverService receiver.TransferService,
 	registry registry.OrganizationRegistry,
 	vcr registry.VerifiableCredentialRegistry,
 ) Handler {
 	return &handler{
-		auth:                   auth,
+		nutsClient:             nutsClient,
 		localFHIRClientFactory: localFHIRClientFactory,
 		transferService:        transferReceiverService,
 		registry:               registry,
@@ -76,13 +74,13 @@ func (service *handler) Handle(ctx context.Context, notification Notification) e
 		return errors.New("no NutsAuthorizationCredential found to retrieve the Task resource")
 	}
 
-	accessToken, err := service.auth.RequestAccessToken(ctx, notification.CustomerDID, notification.SenderDID, "eOverdracht-sender", []vc.VerifiableCredential{credentials[0]}, nil)
+	accessToken, err := service.nutsClient.RequestServiceAccessToken(ctx, notification.CustomerDID, notification.SenderDID, "eOverdracht-sender")
 	if err != nil {
 		return err
 	}
 
 	task := &resources.Task{}
-	client := fhir.NewFactory(fhir.WithURL(fhirServer), fhir.WithAuthToken(accessToken.AccessToken))
+	client := fhir.NewFactory(fhir.WithURL(fhirServer), fhir.WithAuthToken(accessToken))
 
 	// FIXME: add query params to filter on the owner so to only process the customer addressed in the notification
 	err = client().ReadOne(ctx, taskPath, &task)