From bc9219e9abbd55174375365217e5fe6ce14b1322 Mon Sep 17 00:00:00 2001 From: "(skovati) Luke" Date: Wed, 27 Dec 2023 08:51:44 -0800 Subject: [PATCH] convert sso token env var to string array --- docs/ENVIRONMENT.md | 2 +- src/env.ts | 6 +++--- src/packages/auth/adapters/CAMAuthAdapter.ts | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index fa66956..5e4676e 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -9,7 +9,7 @@ This document provides detailed information about environment variables for the | `AUTH_TYPE` | Mode of authentication. Set to `cam` to enable CAM authentication. | `string` | none | | `AUTH_URL` | URL of Auth provider's REST API. Used if the given `AUTH_TYPE` is not set to `none`. | `string` | https://atb-ocio-12b.jpl.nasa.gov:8443/cam-api | | `AUTH_UI_URL` | URL of Auth provider's login UI. Returned to the UI if SSO token is invalid, so user is redirected | `string` | https://atb-ocio-12b.jpl.nasa.gov:8443/cam-ui | -| `AUTH_SSO_TOKEN_NAME` | The name of the SSO token the Gateway should parse cookies for. Likely found in auth provider docs. | `string` | iPlanetDirectoryPro | +| `AUTH_SSO_TOKEN_NAME` | The name of the SSO token the Gateway should parse cookies for. Likely found in auth provider docs. | `array` | ["iPlanetDirectoryPro"] | | `DEFAULT_ROLE` | Default role when authentication is enabled. | `array` | user | | `DEFAULT_ROLE_NO_AUTH` | Default role when authentication is disabled. | `array` | aerie_admin | | `GQL_API_URL` | URL of GraphQL API for the GraphQL Playground. | `string` | http://localhost:8080/v1/graphql | diff --git a/src/env.ts b/src/env.ts index beaf9f4..0d58870 100644 --- a/src/env.ts +++ b/src/env.ts @@ -3,7 +3,7 @@ import type { Algorithm } from 'jsonwebtoken'; export type Env = { ALLOWED_ROLES: string[]; ALLOWED_ROLES_NO_AUTH: string[]; - AUTH_SSO_TOKEN_NAME: string; + AUTH_SSO_TOKEN_NAME: string[]; AUTH_TYPE: string; AUTH_UI_URL: string; AUTH_URL: string; @@ -30,7 +30,7 @@ export type Env = { export const defaultEnv: Env = { ALLOWED_ROLES: ['user', 'viewer'], ALLOWED_ROLES_NO_AUTH: ['aerie_admin', 'user', 'viewer'], - AUTH_SSO_TOKEN_NAME: 'iPlanetDirectoryPro', + AUTH_SSO_TOKEN_NAME: ['iPlanetDirectoryPro'], // default CAM token name AUTH_TYPE: 'cam', AUTH_UI_URL: 'https://atb-ocio-12b.jpl.nasa.gov:8443/cam-ui/', AUTH_URL: 'https://atb-ocio-12b.jpl.nasa.gov:8443/cam-api', @@ -92,7 +92,7 @@ export function getEnv(): Env { const AUTH_TYPE = env['AUTH_TYPE'] ?? defaultEnv.AUTH_TYPE; const AUTH_URL = env['AUTH_URL'] ?? defaultEnv.AUTH_URL; const AUTH_UI_URL = env['AUTH_UI_URL'] ?? defaultEnv.AUTH_UI_URL; - const AUTH_SSO_TOKEN_NAME = env['AUTH_SSO_TOKEN_NAME'] ?? defaultEnv.AUTH_SSO_TOKEN_NAME; + const AUTH_SSO_TOKEN_NAME = parseArray(env['AUTH_SSO_TOKEN_NAME'], defaultEnv.AUTH_SSO_TOKEN_NAME); const DEFAULT_ROLE = env['DEFAULT_ROLE'] ?? defaultEnv.DEFAULT_ROLE; const DEFAULT_ROLE_NO_AUTH = env['DEFAULT_ROLE_NO_AUTH'] ?? defaultEnv.DEFAULT_ROLE_NO_AUTH; const GQL_API_URL = env['GQL_API_URL'] ?? defaultEnv.GQL_API_URL; diff --git a/src/packages/auth/adapters/CAMAuthAdapter.ts b/src/packages/auth/adapters/CAMAuthAdapter.ts index 6b929a5..bf33af1 100644 --- a/src/packages/auth/adapters/CAMAuthAdapter.ts +++ b/src/packages/auth/adapters/CAMAuthAdapter.ts @@ -28,7 +28,7 @@ export const CAMAuthAdapter: AuthAdapter = { const { AUTH_SSO_TOKEN_NAME, AUTH_URL } = getEnv(); const cookies = req.cookies; - const ssoToken = cookies[AUTH_SSO_TOKEN_NAME]; + const ssoToken = cookies[AUTH_SSO_TOKEN_NAME[0]]; const body = JSON.stringify({ ssoToken }); const url = `${AUTH_URL}/ssoToken?action=invalidate`; @@ -42,7 +42,7 @@ export const CAMAuthAdapter: AuthAdapter = { const { AUTH_SSO_TOKEN_NAME, AUTH_URL, AUTH_UI_URL } = getEnv(); const cookies = req.cookies; - const ssoToken = cookies[AUTH_SSO_TOKEN_NAME]; + const ssoToken = cookies[AUTH_SSO_TOKEN_NAME[0]]; const body = JSON.stringify({ ssoToken }); const url = `${AUTH_URL}/ssoToken?action=validate`;