Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NASA-AMMOS/aerie-gateway
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.5.0
Choose a base ref
...
head repository: NASA-AMMOS/aerie-gateway
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: develop
Choose a head ref
Loading
6 changes: 6 additions & 0 deletions .env.template
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
GATEWAY_DB_USER=
GATEWAY_DB_PASSWORD=

HASURA_API_URL=http://localhost:8080

HASURA_GRAPHQL_JWT_SECRET=
13 changes: 3 additions & 10 deletions .eslintrc.cjs
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
module.exports = {
extends: [
'eslint:recommended',
'plugin:@typescript-eslint/recommended',
'prettier',
],
extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended', 'prettier'],
ignorePatterns: ['static/*'],
parser: '@typescript-eslint/parser',
parserOptions: {
ecmaVersion: 2020,
@@ -15,10 +12,6 @@ module.exports = {
'@typescript-eslint/no-explicit-any': 'off',
'@typescript-eslint/no-inferrable-types': 'off',
'no-undef': 'off',
'sort-keys': [
'error',
'asc',
{ caseSensitive: true, minKeys: 2, natural: false },
],
'sort-keys': ['error', 'asc', { caseSensitive: true, minKeys: 2, natural: false }],
},
};
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -1 +1 @@
* @camargo
* @NASA-AMMOS/aerie-backend @NASA-AMMOS/aerie-frontend
12 changes: 7 additions & 5 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -4,11 +4,13 @@ on:
pull_request:
branches:
- develop
- dev-[0-9]+.[0-9]+.[0-9]+
push:
branches:
- develop
tags:
- v*
workflow_dispatch:

jobs:
analyze:
@@ -26,22 +28,22 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
- name: NASA Scrub
run: |
pip install nasa-scrub
python3 -m scrub.tools.parsers.translate_results /home/runner/work/aerie-gateway/results/*.sarif /home/runner/work/aerie-gateway/results/codeql.scrub ${{ github.workspace }} scrub
python3 -m scrub.tools.parsers.csv_parser /home/runner/work/aerie-gateway/results
- name: Upload CodeQL Artifacts
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: codeql-artifacts
path: /home/runner/work/aerie-gateway/results/*
32 changes: 32 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Lint

on:
push:
branches:
- develop
pull_request:
branches:
- develop

jobs:
lint:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
- name: Install Dev Dependencies and Build
run: |
npm install
npm run build
- name: Lint
run: |
npm run lint
- name: Check formatting
run: |
npm run format:check
30 changes: 20 additions & 10 deletions .github/workflows/ci.yml → .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -1,26 +1,36 @@
name: ci
name: Publish

on:
push:
branches:
- develop
- dev-[0-9]+.[0-9]+.[0-9]+
tags:
- v*
pull_request:
types:
# publish images for PRs labeled "publish" whenever changed/labeled
[ opened, reopened, synchronize, labeled ]
workflow_dispatch:

env:
REGISTRY: ghcr.io

jobs:
ci:
publish:
# for PRs, should only publish if it has "publish" label
if: ${{ (github.event_name != 'pull_request') || contains(github.event.pull_request.labels.*.name, 'publish') }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '16.13.0'
node-version-file: '.nvmrc'
cache: npm
- name: Install Dev Dependencies and Build
run: |
npm install
@@ -30,20 +40,20 @@ jobs:
rm -rf node_modules
npm install --only=production
- name: Login to the Container Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
- name: Extract Metadata (tags and labels) for Docker
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}
- name: Build Docker Image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: .
load: true
@@ -57,7 +67,7 @@ jobs:
ignore-unfixed: true
severity: 'CRITICAL'
- name: Push Docker Image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: .
push: true
29 changes: 29 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Test

on:
pull_request:
branches:
- develop
- dev-[0-9]+.[0-9]+.[0-9]+
push:
branches:
- develop
tags:
- v*
workflow_dispatch:

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
- name: Install Dependencies
run: npm ci
- name: Test
run: npm run test
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -3,3 +3,5 @@
dist
files/*
node_modules
.env
.idea/
1 change: 1 addition & 0 deletions .nvmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
20
19 changes: 18 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -4,9 +4,26 @@

The API gateway for [Aerie](https://github.com/NASA-AMMOS/aerie).

## Need Help?

- Join us on the [NASA-AMMOS Slack](https://join.slack.com/t/nasa-ammos/shared_invite/zt-1mlgmk5c2-MgqVSyKzVRUWrXy87FNqPw) (#aerie-users)
- Contact aerie-support@googlegroups.com

## Develop

First make sure you have [Node.js LTS](https://nodejs.org) installed. Set the default `POSTGRES_USER` and `POSTGRES_PASSWORD` environment variables, then do:
First make sure you have [Node.js LTS](https://nodejs.org) installed.

If you are doing active local development outside of a container, duplicate the `.env.template` and rename it to `.env`. Set the default `GATEWAY_DB_USER`, `GATEWAY_DB_PASSWORD`, and `HASURA_GRAPHQL_JWT_SECRET` [environment variables](./docs/ENVIRONMENT.md).
If your Hasura instance is not hosted on `http://localhost:8080`, update the value of `HASURA_API_URL` in the `.env` as well. Afterwards, run the following:

```sh
npm install
npm run dev
```

This will watch for code changes and rebuild and restart the gateway server automatically.

If you are running Aerie Gateway within a container (i.e. the docker-compose from the main Aerie repo), run the following before starting the container:

```sh
npm install
34 changes: 34 additions & 0 deletions docs/ENVIRONMENT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Environment

This document provides detailed information about environment variables for the gateway.

| Name | Description | Type | Default |
| --------------------------- |------------------------------------------------------------------------------------------------------| -------- | ---------------------------------------------- |
| `ALLOWED_ROLES` | Allowed roles when authentication is enabled. | `array` | ["user", "viewer"] |
| `ALLOWED_ROLES_NO_AUTH` | Allowed roles when authentication is disabled. | `array` | ["aerie_admin", "user", "viewer"] |
| `AUTH_GROUP_ROLE_MAPPINGS` | JSON object that maps auth provider groups to Aerie roles. See [SSO authentication docs][SSO authn] | `JSON` | {} |
| `AUTH_TYPE` | Mode of authentication. Set to `cam` to enable CAM authentication. | `string` | none |
| `AUTH_URL` | URL of Auth provider's REST API. Used if the given `AUTH_TYPE` is not set to `none`. | `string` | https://atb-ocio-12b.jpl.nasa.gov:8443/cam-api |
| `AUTH_UI_URL` | URL of Auth provider's login UI. Returned to the UI if SSO token is invalid, so user is redirected | `string` | https://atb-ocio-12b.jpl.nasa.gov:8443/cam-ui |
| `AUTH_SSO_TOKEN_NAME` | The name of the SSO tokens the Gateway should parse cookies for. Likely found in auth provider docs. | `array` | ["iPlanetDirectoryPro"] |
| `DEFAULT_ROLE` | Default roles when authentication is enabled. See [SSO authorization docs][SSO authz] for details. | `array` | ["user"] |
| `DEFAULT_ROLE_NO_AUTH` | Default role when authentication is disabled. | `string` | aerie_admin |
| `GQL_API_URL` | URL of GraphQL API for the GraphQL Playground. | `string` | http://localhost:8080/v1/graphql |
| `GQL_API_WS_URL` | URL of GraphQL WebSocket API for the GraphQL Playground. | `string` | ws://localhost:8080/v1/graphql |
| `HASURA_API_URL` | URL of the base Hasura API. | `string` | http://hasura:8080/ |
| `HASURA_GRAPHQL_JWT_SECRET` | The JWT secret. Also in Hasura. **Required** even if auth off in Hasura. | `string` | |
| `JWT_ALGORITHMS` | List of [JWT signing algorithms][algorithms]. Must include algorithm in `HASURA_GRAPHQL_JWT_SECRET`. | `array` | ["HS256"] |
| `JWT_EXPIRATION` | Amount of time until JWT expires. | `string` | 36h |
| `LOG_FILE` | Either an output filepath to log to, or 'console'. | `string` | console |
| `LOG_LEVEL` | Logging level for filtering logs. | `string` | warn |
| `PORT` | Port the Gateway server listens on. | `number` | 9000 |
| `AERIE_DB_HOST` | Hostname of the Aerie Posgres Database. | `string` | localhost |
| `AERIE_DB_PORT` | Port of the Aerie Posgres Database. | `number` | 5432 |
| `GATEWAY_DB_USER` | Username of the Gateway DB User. | `string` | |
| `GATEWAY_DB_PASSWORD` | Password of the Gateway DB User. | `string` | |
| `RATE_LIMITER_FILES_MAX` | Max requests allowed every 15 minutes to file endpoints | `number` | 1000 |
| `RATE_LIMITER_LOGIN_MAX` | Max requests allowed every 15 minutes to login endpoints | `number` | 1000 |

[algorithms]: https://github.com/auth0/node-jsonwebtoken#algorithms-supported
[SSO authn]: https://nasa-ammos.github.io/aerie-docs/deployment/advanced-authentication
[SSO authz]: https://nasa-ammos.github.io/aerie-docs/deployment/advanced-permissions
Loading