gogo/apxtrib
1
0
Fork 0
Code Pull Requests Activity

maj prod

Browse Source
This commit is contained in:
philc
2023-12-05 07:42:35 +01:00
parent 5997ab759a
commit 763034e077
30 changed files with 1484 additions and 2066 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
api/middlewares/checkHeaders.js
View File

@@ -1,47 +1,51 @@
const conf = require(`${process.env.dirtown}/conf.json`);
/**
* @api{get}/CheckHeaders
* @api {get} http://header/CheckHeaders - CheckHeaders
* @apiGroup Middlewares
* @apiName CheckHeaders
* @apiDescription a list of header is mandatory to access apxtrib see tribes/townconf.json.exposedHeaders
* @apiDescription a list of headers are mandatory to access apxtrib see in your space town /conf.json.exposedHeaders
*
* @apiHeader {string} xalias anonymous or unique alias
* @apiHeader {string} xapp name of the webapp store in tribe/tribeid/www/xapp
* @apiHeader {string} xalias 'anonymous' or unique alias
* @apiHeader {string} xapp name of the webapp store in tribe/tribeid/www/{xapp}
* @apiHeader {string} xlang the 2 letter request langage (if does not exist then return en = english).
* @apiHeader {string} xtribe unique tribe name ere xapp exist
* @apiHeader {string} xtribe unique tribe name where xapp exist
* @apiHeader {string} xdays a timestamp 0 or generate during the authentifyme process
* @apiHeader {string} xhash anonymous or signature of message: xalias_xdays created by alias private key during authentifyme process
* @apiHeader {array[]} xprofils list of string profil apply into xtribe for xapp
* @apiHeader {string} xuuid a unique number c reated the fisrt time a domain is visited
* @apiHeader {string} xuuid a unique number uuid.v4 created the fisrt time a domain is visited on a device
* @apiHeader {integer} xtrkversion a version number link to tracking system
*
* @apiError missingexposedHeaders it miss an exposedHeaders
* @apiErrorExample {json} Error-Response:
* HTTP/1/1 400 Not Found
* {
* status:400,
* ref:"middlewares"
* msg:"missingheaders",
* data: ["headermissing1"]
* }
*@apiErrorExample {json} Error-Response:
* HTTP/1/1 404 Not Found
* {
* status:404,
* ref:"middlewares"
* msg:"tribeiddoesnotexist",
* data: {xalias}
* }
* @apiHeaderExample {json} Header-Exemple:
* {
* xtribe:"apache",
* xalias:"toto",
* xhash:"",
* xdays:"123"
* xlang:"en",
* xapp:"popular"
* }
*/
* @apiHeaderExample {json} Header-Example:
* {
* Cache-Control: "no-cache",
* Expires: 0, Pragma:"no-cache",
* xalias:"jojo",
* xapp:"presentation",
* xdays:1700733068298
* xhash:"LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEE1MTIKCmpvam9fMTcwMDczMzA2ODI5OAotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQoKd25VRUFSWUtBQ2NGZ21WZklJd0prTmFVQ0daRHVUYnBGaUVFTjZlc1ZMSWdURmtPRGFVaDFwUUlaa081Ck51a0FBR09MQVA5OS96c21YeEd0b0VuYnpnekppZDJMcDA3YlBNZ1gwNUdhOUFVWjlCQm91Z0VBOVlYVworYjZIM2JHWHVhbEVOc3BrdUk1alNlTFNUWGNkSStjTExTZk5OQTg9Cj1uVjhNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=",
* xlang:"fr",
* xprofils:["anonymous", "pagans"],
* xtribe:"smatchit",
* xtrkversion:1,
* xuuid:"ea1cf73f-27f5-4c69-ab53-197a0feab9b2"
* }
* @apiErrorExample {json} Error-Response:
* HTTP/1/1 400 Not Found
* {
* status:400,
* ref:"middlewares",
* msg:"missingheaders",
* data:["headermissing1"]
* }
* @apiErrorExample {json} Error-Response:
* HTTP/1/1 404 Not Found
* {
* status:404,
* ref:"middlewares"
* msg:"tribeiddoesnotexist",
* data: {xalias}
* }
*/
const checkHeaders = (req, res, next) => {
req.session = {};
const header = {};
@@ -66,6 +70,7 @@ const checkHeaders = (req, res, next) => {
if (missingheader != "") {
// bad request
return res.status(400).json({
status:400,
ref: "middlewares",
msg: "missingheader",
data: missingheader,
@@ -80,6 +85,7 @@ const checkHeaders = (req, res, next) => {
)
) {
return res.status(404).json({
status:404,
ref: "middlewares",
msg: "tribeiddoesnotexist",
data: { xtribe: header.xtribe },

54
api/middlewares/header.md
View File

@@ -14,13 +14,9 @@ Objects manage in apXtrib: pagans, notifications, nations, towns, tribes, wwws 
All others objects are manage in town/tribe 
persons is the only exception, schema is manage in apXtrib but data are store in a tribe.
apxtrib conf is set in a conf.json at the same folder level:
```plaintext
/apxtrib/ # core process
/townName_nationName/conf.json # town settings
/townName_nationName/conf.json # town settings contain all glabl parameter
```
url: **/api/routeName** For core api apXtrib in /apxtrib :
@@ -29,7 +25,7 @@ url: **/api/routeName** For core api apXtrib in /apxtrib :
/apxtrib/api/middlewares/
/apxtrib/api/routes/
/apxtrib/api/models/
/apxtrib/api/models/lg/ language customisation for api response
/apxtrib/api/models/lg/ lauage accessible by https://wall-ants.ndda.fr/nationchains/models/Checkjson_fr.json
/apxtrib/api/models/unitest/
```
@@ -38,13 +34,11 @@ url: **/api/smatchit/routeName** for tribe smatchit example api in /town\_nation
```plaintext
/town_nation/tribes/smatchit/api/routes/
/town_nation/tribes/smatchit/api/models/
/town_nation/tribes/smatchit/api/models/lg/ language customization
/town_nation/tribes/smatchit/api/models/lg/ language customization accessible https://smatchit.io/smatchit/models/model_lg.json
```
**static files** are served by nginx, each tribe nginx conf are store and can be customize in /town\_nation/www/nginx\_xtribe\_xapp.conf
object www/websitename are serve with nginx not express.
## Object management (Odmdb)
An object has a name and is defined by a schema that contain properties key.
@@ -52,6 +46,8 @@ An object has a name and is defined by a schema that contain properties key.
A propertie has a name and a list of caracteristics (type, pattern,format,...) that have to be validate to be accepted.
All properties respect the rules [https://json-schema.org/draft/2020-12/schema,](https://json-schema.org/draft/2020-12/schema,) some extra"format" can be add to mutualise recurrent regex pattern
To access a schema [https://wall-ants.ndda.fr/nationchains/schema/nations.json](https://wall-ants.ndda.fr/nationchains/schema/nations.json) and language specifique [https//:wall-ants.ndda.fr/nationchains/schema/lg/nations\_fr.json](https//:wall-ants.ndda.fr/nationchains/schema/lg/nations_fr.json)
A checkjson.js is available to manage all specific format [https://wall-ants.ndda.fr/Checkjson.js](https://wall-ants.ndda.fr/Checkjson.js) see **Odmdb - schema Checkjson**
**Additional properties that not exist in 2020-12/schema :**
@@ -75,26 +71,7 @@ Items of an object are store in files into :  
## api pre-request
**Valid header**
A private request to pass must contain exposeHeaders from town conf.json
api.exposedHeaders :\["xdays", "xhash", "xalias", "xlang", "xtribe", "xapp", "xuuid" \]
By default for anonymous user:
```plaintext
{"headers":{
"xtrkversion":1,
"xtribe":"tribeid ex: smatchit",
"xapp":"websitename ex:presentation",
"xlang":"fr",
"xalias":"anonymous",
"xhash":"anonymous",
"xdays":0
}
}
```
**Valid header see Middlewares**
App use openpgp.js lib to sign xdays\_xalias with a privatekey and store it in xhash.
@@ -102,22 +79,31 @@ App use openpgp.js lib to sign xdays\_xalias with a privatekey and store it in x
See Pagans models that contain authentification process
**api Return can be direct json in case of get without authenntification or an object data**
**api Return in 3 data structure:**
{status, ref,msg,data}:
A - data file from a classical get  [https://wall-ants.ndda.fr/Checkjson.js](https://smatchit.io/Checkjson.js)
B -  a json single answer {status, ref,msg,data}:
* status: http code return
* ref: model/route name reference where message come from
* msg: a message template key store into models/lg/name\_lg.json (where lg is 2 letters language)
* data: an object data use to render the value of the message key.
C - a json multi answer {status,multimsg:\[{ref,msg,data}\]}
         Each {ref,msg,data\] work the same way than B
To show feedback context message in a language lg => get /nationchains/models/{{ref}}\_{{lg}}.json
This contain a json {msg:"mustache template string to render with data"}  
## Accessrights:
An alias is just an identity, to access a tribe a person must exist with alias into /town/tribes/tribename/persons/itm/alias.json
An alias is just an identity, to access a tribe, a person must exist with an authenticated alias into /town/tribes/tribename/persons/itm/alias.json
A person has a property profils with a list of profilename, common profiles are : pagan (an identity)  / person (an identity with access right in a tribe) / druid (the administrator of a tribe) / major (administrator of a town/server)
A person has a property profils with a list of profilename, common profiles are : anonymous (no identity) / pagan (an identity)  / person (an identity with access right into a tribe) / druid (the administrator of a tribe) / major (administrator of a town/server)
Into a tribe you can have many other profil with specifics accessright on tribe's object.
Each object has an apxaccessrights that is a list of profil and CRUD access per object key .
## Add tribe's api:

71
api/middlewares/isAuthenticated.js
View File

@@ -6,52 +6,28 @@ const glob = require("glob");
const openpgp = require("openpgp");
/**
* @api{get}/istauthenticated
* @api {get} http://header/istauthenticated - isAuthenticated
* @apiGroup Middlewares
* @apiName isAUthenticated
* @apiDescription Check that exist in town/tmp/tokens/xalias_xdays_xhash.substr(20,200) if not, check the xhash signature with message xalias_xdays come from public key belonging to xalias. If check pass then store a xhash into /tmp/tokens.
* A process run each day to clean up all xhas tmp/tokens oldest than 24 hours.
* If authentify it returns header with xprofils store into a person objject -xtribes/person/alias
*
* @apiHeader {string} xalias anonymous or unique alias
* @apiHeader {string} xapp name of the webapp store in tribe/tribeid/www/xapp
* @apiHeader {string} xlang the 2 letter request langage (if does not exist then return en = english).
* @apiHeader {string} xtribe unique tribe name ere xapp exist
* @apiHeader {string} xdays a timestamp 0 or generate during the authentifyme process
* @apiHeader {string} xhash anonymous or signature of message: xalias_xdays created by alias private key during authentifyme process
* @apiHeader {array[]} xprofils list of string profil apply into xtribe for xapp
* @apiHeader {string} xuuid a unique number c reated the fisrt time a domain is visited
* @apiHeader {integer} xtrkversion a version number link to tracking system
*
* @apiErrorExample {json} Error-Response:
* HTTP/1/1 400 Not Found
* {
* status:400,
* ref:"middlewares"
* msg:"missingheaders",
* data: ["headermissing1"]
* }
*@apiErrorExample {json} Error-Response:
* HTTP/1/1 404 Not Found
* {
* status:404,
* ref:"middlewares"
* msg:"tribeiddoesnotexist",
* data: {xalias}
* }
*
* @apiHeaderExample {json} Header-Exemple:
* {
* xtribe:"apache",
* xalias:"toto",
* xhash:"",
* xdays:"123"
* xlang:"en",
* xapp:"popular"
* }
* @apiName isAuthenticated
* @apiDescription - valid if exist xalias_xdays_xhash.substr(20,200) in town/tmp/tokens/
* - if not,
* - valid if xhash signature sign xalias_xdays with alias's publickey.
* - if not valid => not allowed
* - If valid =>
* - store a xalias_xdays_xhash.substr (20,200) into /tmp/tokens with xprofils array from person.
* - update header.xprofils from this token
*
* apXtrib profils are anonymous, pagans, mayor (on a node server), druid (on a tribe like smatchit).
*
* pagan identity is independant of domain (tribe), by default profils are :['anonymous','pagans']. if this alias exist in a tribe domain as a person then his profils come from /tribes/{tribeId}/objects/person/itm/{alias}.json profils:['anonymous','pagans','person','seeker'] any profils allowed to act on tribe objects.
*
* Each profil have CRUD accessright on object managed in schema in apxaccessrights:{owner,profil:{"C":[],"R":[properties],"U":[properties],"D":[]}}, see Odmdb for details.
*
* A process run once each day to clean up all xhash tmp/tokens oldest than 24 hours.
*
**/
const isAuthenticated = async (req, res, next) => {
const withlog = true;
const withlog = false;
const currentday = dayjs().date();
fs.ensureDirSync(`${process.env.dirtown}/tmp/tokens`);
let menagedone = fs.existsSync(
@@ -197,8 +173,7 @@ const isAuthenticated = async (req, res, next) => {
return res.status(resnotauth.status).send(resnotauth);
}
// authenticated then get person profils (person = pagan for a xtrib)
req.session.header.xprofils.push("pagans");
const person = `${process.env.dirtown}/tribes/${req.session.header.xtribe}/persons/itm/${req.session.header.xalias}.json`;
const person = `${process.env.dirtown}/tribes/${req.session.header.xtribe}/objects/persons/itm/${req.session.header.xalias}.json`;
if (withlog) {
console.log("Profils tribe/app management");
console.log("person", person);
@@ -206,7 +181,11 @@ const isAuthenticated = async (req, res, next) => {
if (fs.existsSync(person)) {
const infoperson = fs.readJSONSync(person);
console.log(infoperson);
infoperson.profils.forEach((p) => req.session.header.xprofils.push(p));
infoperson.profils.forEach((p) => {
if (!req.session.header.xprofils.includes(p)) req.session.header.xprofils.push(p);
})
}else{
if (!req.session.header.xprofils.includes('pagans')) req.session.header.xprofils.push("pagans");
}
fs.outputJSONSync(tmpfs, req.session.header.xprofils);
} else {