✨🔧 452 - [Feature branch] - Add ega permissions integration

.env.example

@@ -26,7 +26,7 @@ JWT_TOKEN_PUBLIC_KEY=
 ############
 # true or false
 VAULT_ENABLED=false
-VAULT_SECRETS_PATH=/service/secrets_v1
+VAULT_SECRETS_PATH=
 VAULT_URL=
 VAULT_ROLE=
 # for local development/testing
@@ -48,34 +48,34 @@ DACO_REVIEW_POLICY_NAME=DACO-REVIEW
 ############
 # Storage  #
 ############
-OBJECT_STORAGE_ENDPOINT=https://object.cancercollaboratory.org:9080
-OBJECT_STORAGE_REGION=
-OBJECT_STORAGE_BUCKET=
-OBJECT_STORAGE_KEY=
-OBJECT_STORAGE_SECRET=
+OBJECT_STORAGE_ENDPOINT=http://localhost:8085
+OBJECT_STORAGE_REGION=nova
+OBJECT_STORAGE_BUCKET=daco
+OBJECT_STORAGE_KEY=minio
+OBJECT_STORAGE_SECRET=minio123
 OBJECT_STORAGE_TIMEOUT_MILLIS=5000
 
 
 ############
 # EMAIL    #
 ############
-EMAIL_HOST=smtp.gmail.com
-EMAIL_PORT=587
+EMAIL_HOST=localhost
+EMAIL_PORT=1025
 EMAIL_USER=
 EMAIL_PASSWORD=
-EMAIL_FROM_ADDRESS=
-EMAIL_FROM_NAME=
-EMAIL_DACO_ADDRESS=
+EMAIL_FROM_ADDRESS=[email protected]
+EMAIL_FROM_NAME=DacoAdmin
+EMAIL_DACO_ADDRESS=[email protected]
 # for emails directed to daco reviewers
-EMAIL_REVIEWER_FIRSTNAME=
-EMAIL_REVIEWER_LASTNAME=
+EMAIL_REVIEWER_FIRSTNAME=DACO
+EMAIL_REVIEWER_LASTNAME=ADMIN
 DCC_MAILING_LIST=
 DACO_SURVEY_URL=
 
 ##############
 # UI         #
 ##############
-DACO_UI_BASE_URL=https://dac.dev.argo.cancercollaboratory.org
+DACO_UI_BASE_URL=http://localhost:3000
 DACO_UI_APPLICATION_SECTION_PATH=/applications/{id}?section={section}
 
 ##############
@@ -88,16 +88,16 @@ FILE_UPLOAD_LIMIT=#in bytes x * 1024 * 1024
 ##############
 
 # ATTESTATION
-ATTESTATION_UNIT_COUNT=
-ATTESTATION_UNIT_OF_TIME=
-DAYS_TO_ATTESTATION=
+ATTESTATION_UNIT_COUNT=1
+ATTESTATION_UNIT_OF_TIME=years
+DAYS_TO_ATTESTATION=45
 
 # EXPIRY
-DAYS_TO_EXPIRY_1=
-DAYS_TO_EXPIRY_2=
-DAYS_POST_EXPIRY=
-EXPIRY_UNIT_COUNT=
-EXPIRY_UNIT_OF_TIME=
+DAYS_TO_EXPIRY_1=90
+DAYS_TO_EXPIRY_2=45
+DAYS_POST_EXPIRY=90
+EXPIRY_UNIT_COUNT=2
+EXPIRY_UNIT_OF_TIME=years
 
 #############
 # Daco Encryption
@@ -109,3 +109,13 @@ DACO_ENCRYPTION_KEY=
 #############
 FEATURE_RENEWAL_ENABLED=false
 FEATURE_ADMIN_PAUSE_ENABLED=false
+
+#############
+# EGA
+#############
+EGA_CLIENT_ID=
+EGA_AUTH_HOST=
+EGA_AUTH_REALM_NAME=
+EGA_API_URL=
+EGA_USERNAME=
+EGA_PASSWORD=

.gitignore

@@ -62,4 +62,5 @@ typings/
 dist/
 
 # misc
-.DS_Store
+.DS_Store
+.vscode/settings.json

Makefile

@@ -4,15 +4,15 @@ debug: dcompose
 
 #run the docker compose file
 dcompose:
-	docker-compose -f dac-api-compose/docker-compose.yaml up -d
+	docker compose -f dac-api-compose/docker-compose.yaml up -d
 
 # run all tests
 verify:
 	npm run test
 
 stop:
-	docker-compose  -f dac-api-compose/docker-compose.yaml down --remove-orphans 
+	docker compose  -f dac-api-compose/docker-compose.yaml down --remove-orphans
 
 # delete. everything.
 nuke:
-	docker-compose  -f dac-api-compose/docker-compose.yaml down --volumes --remove-orphans 
+	docker compose  -f dac-api-compose/docker-compose.yaml down --volumes --remove-orphans

README.md

@@ -8,6 +8,17 @@ Development of the Data Access Control API
 | ---------- | ------------- | ----------------------------------------------------------------------------------------- | --------------------------------- | ------- |
 | `NODE_ENV` | isDevelopment | Enables `'/applications/:id'` DELETE endpoint. Enables `debug.log` file in Logger options | set `NODE_ENV` to `"development"` | `false` |
 
+## Environment Variables
+
+| Name                | Description                                                                   | Type     | Required | Default |
+| ------------------- | ----------------------------------------------------------------------------- | -------- | -------- | ------- |
+| EGA_CLIENT_ID       | Client ID for EGA API                                                         | `string` | true     |         |
+| EGA_AUTH_HOST       | Root URL for EGA authentication server                                        | `string` | true     |         |
+| EGA_AUTH_REALM_NAME | Realm name for EGA authentication server                                      | `string` | true     |         |
+| EGA_API_URL         | Root URL for EGA API                                                          | `string` | true     |         |
+| EGA_USERNAME        | Username for account used to gain access token from EGA authentication server | `string` | true     |         |
+| EGA_PASSWORD        | Password for account used to gain access token from EGA authentication server | `string` | true     |         |
+
 ## Feature Flags
 
 | Name                        | Config Path                      | Description                                                                                                                                                                                                                                                                                                               | Trigger                   | Default |

dac-api-compose/docker-compose.yaml

@@ -1,8 +1,6 @@
-version: '3.8'
-
 services:
   vault:
-    image: vault
+    image: vault:1.13.3
     volumes:
       - $PWD/logs/:/tmp/logs
       - ./vault:/scripts
@@ -47,8 +45,8 @@ services:
 
   # for email services
   mailhog:
-    image: mailhog/mailhog
-    container_name: 'mailhog'
+    image: jcalonso/mailhog:latest
+    container_name: mailhog
     ports:
       - '1025:1025'
       - '8025:8025'

package.json

@@ -37,6 +37,7 @@
     "@types/errorhandler": "^1.5.0",
     "@types/express": "^4.17.11",
     "@types/express-fileupload": "^1.1.6",
+    "@types/jsonwebtoken": "^9.0.7",
     "@types/lodash": "^4.14.168",
     "@types/memoizee": "^0.4.5",
     "@types/migrate-mongo": "^8.1.0",
@@ -84,6 +85,7 @@
     "@overture-stack/ego-token-middleware": "^2.4.1",
     "archiver": "^5.3.0",
     "aws-sdk": "^2.923.0",
+    "axios": "^1.7.7",
     "body-parser": "^1.19.0",
     "cd": "^0.3.3",
     "connect-mongo": "^4.4.1",