UNPKG

k2hr3-api

Version:

K2HR3 REST API is K2hdkc based Resource and Roles and policy Rules

k2hr3.antpick.ax

yahoojapan/k2hr3_api

199 lines (198 loc) 8.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
"use strict"; /* * K2HR3 REST API * * Copyright 2018 Yahoo Japan Corporation. * * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers * common management information for the cloud. * K2HR3 can dynamically manage information as "who", "what", "operate". * These are stored as roles, resources, policies in K2hdkc, and the * client system can dynamically read and modify these information. * * For the full copyright and license information, please view * the license file that was distributed with this source code. * * AUTHOR: Takeshi Nakatani * CREATE: Tue May 13 2020 * REVISION: * */ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const k2hr3apiutil_1 = __importDefault(require("./k2hr3apiutil")); const k2hr3cryptutil_1 = __importDefault(require("./k2hr3cryptutil")); const dbglogging_1 = __importDefault(require("./dbglogging")); const k2hr3keys_1 = require("./k2hr3keys"); const k2hr3config_1 = require("./k2hr3config"); const apiConf = new k2hr3config_1.r3ApiConfig(); //--------------------------------------------------------- // load userdata templates from config directory //--------------------------------------------------------- const LoadedExtdataObjs = (() => { const extdataobjs = { configs: {}, cryptconfig: null, kw_role_name: /{{= %K2HR3_ROLE_NAME% }}/g, // Role YRN full path kw_role_tenant: /{{= %K2HR3_ROLE_TENANT% }}/g, // Tenant YRN full path kw_role_token: /{{= %K2HR3_ROLE_TOKEN% }}/g, // Role Token kw_api_uri: /{{= %K2HR3_API_HOST_URI% }}/g, // K2HR3 API server URI(ex. https://localhost:3000) kw_err_msg: /{{= %K2HR3_ERROR_MSG% }}/g // Error message string when something error occured }; if (0 < apiConf.getExtdataConfigCount()) { extdataobjs.configs = apiConf.getAllExtdataConfig(); Object.keys(extdataobjs.configs).forEach(key => { if (k2hr3apiutil_1.default.isPlainObject(extdataobjs.configs[key]) && k2hr3apiutil_1.default.isSafeString(extdataobjs.configs[key].template)) { extdataobjs.configs[key].contents = k2hr3apiutil_1.default.readFileContents(extdataobjs.configs[key].template); } }); } extdataobjs.cryptconfig = apiConf.getUserdataCryptConfig(); return extdataobjs; })(); //--------------------------------------------------------- // Userdata Processing Class //--------------------------------------------------------- class ExtdataProcess { _extdataObjs; // // Constructor // constructor() { this._extdataObjs = LoadedExtdataObjs; } // // Methods // checkSuburi = (key) => { if (!k2hr3apiutil_1.default.isSafeString(key)) { dbglogging_1.default.elog('key parameter is empty.'); return false; } return k2hr3apiutil_1.default.isSafeEntity(this._extdataObjs.configs[key]); }; checkUserAgent = (agent, key) => { if (!k2hr3apiutil_1.default.isSafeString(agent)) { dbglogging_1.default.elog('agent and key parameters are empty.'); return false; } if (!k2hr3apiutil_1.default.isSafeEntity(this._extdataObjs.configs[key])) { dbglogging_1.default.elog('unkown key(suburi): ' + JSON.stringify(key)); return false; } if (!k2hr3apiutil_1.default.isSafeString(this._extdataObjs.configs[key].useragent)) { // allow any useragent return true; } return k2hr3apiutil_1.default.compareCaseString(agent, this._extdataObjs.configs[key].useragent); }; getContentType = (key) => { if (!k2hr3apiutil_1.default.isSafeEntity(this._extdataObjs.configs[key])) { dbglogging_1.default.elog('unkown key(suburi): ' + JSON.stringify(key)); return null; } if (!k2hr3apiutil_1.default.isSafeString(this._extdataObjs.configs[key].contenttype)) { return 'text/plain'; } return k2hr3apiutil_1.default.getSafeString(this._extdataObjs.configs[key].contenttype); }; // [NOTE] // For the encryption of Role information, the passphrase and the // algorithm set in userdata are used in common. // Therefore, Extdata-only encryption is not required, and the // composite uses the configuratino information of userdata. // decryptRoleInfo = (str) => { if (!k2hr3apiutil_1.default.isSafeString(str)) { dbglogging_1.default.elog('string parameter is empty.'); return null; } if (!k2hr3apiutil_1.default.isSafeEntity(this._extdataObjs.cryptconfig)) { dbglogging_1.default.elog('cryptconfig data is empty.'); return null; } const rawData = k2hr3cryptutil_1.default.r3DecryptJSON(str, this._extdataObjs.cryptconfig.passphrase, this._extdataObjs.cryptconfig.algorithm); if (!k2hr3apiutil_1.default.isValTypeRoleInfo(rawData)) { return null; } return rawData; }; getExtdata = (roleobj, key) => { let rolename = ''; let roletenant = ''; let roletoken = ''; let contents = ''; let baseuri = ''; let errorMsg = ''; if (!k2hr3apiutil_1.default.isSafeEntity(roleobj)) { dbglogging_1.default.elog('role object(role name, role token) parameter is empty.'); errorMsg = 'k2hr3 role information is wrong'; } else if (!k2hr3apiutil_1.default.isSafeString(roleobj.role)) { dbglogging_1.default.elog('role name parameter is empty.'); errorMsg = 'k2hr3 role name is empty'; } else if (!k2hr3apiutil_1.default.isSafeString(roleobj.token)) { dbglogging_1.default.elog('role token parameter is empty.'); errorMsg = 'k2hr3 role token is empty'; } else { rolename = k2hr3apiutil_1.default.getSafeString(roleobj.role); roletoken = k2hr3apiutil_1.default.getSafeString(roleobj.token); // Extract tenant yrn full path from role yrn full path const keys = (0, k2hr3keys_1.getK2hr3Keys)(); const roleptn = new RegExp('^' + keys.MATCH_ANY_TENANT_ROLE); // regex = /^yrn:yahoo:(.*)::(.*):role:(.*)/ const matches = rolename.match(roleptn); if (k2hr3apiutil_1.default.isNotEmptyArray(matches) && 4 <= matches.length && k2hr3apiutil_1.default.isSafeString(matches[2])) { roletenant = keys.NO_SERVICE_KEY + k2hr3apiutil_1.default.getSafeString(matches[1]) + '::' + k2hr3apiutil_1.default.getSafeString(matches[2]); } } if (k2hr3apiutil_1.default.isSafeEntity(this._extdataObjs.configs[key])) { const config = this._extdataObjs.configs[key]; if (k2hr3apiutil_1.default.isPlainObject(config)) { if (k2hr3apiutil_1.default.isSafeString(config.contents)) { contents = config.contents; } if (k2hr3apiutil_1.default.isSafeString(config.baseuri)) { baseuri = config.baseuri; } } } //----------------- // expands templates //----------------- let result = null; if (k2hr3apiutil_1.default.isSafeString(contents)) { result = contents .replace(this._extdataObjs.kw_role_name, rolename) .replace(this._extdataObjs.kw_role_tenant, roletenant) .replace(this._extdataObjs.kw_role_token, roletoken) .replace(this._extdataObjs.kw_api_uri, baseuri) .replace(this._extdataObjs.kw_err_msg, errorMsg); } return result; }; getGzipExtdata = (roleobj, key) => { // get expanded data const expanded = this.getExtdata(roleobj, key); return (k2hr3cryptutil_1.default.r3Gzip(expanded) ?? null); }; } //--------------------------------------------------------- // Exports //--------------------------------------------------------- // // Class // const extdataProcess = ExtdataProcess; exports.default = extdataProcess; /* * Local variables: * tab-width: 4 * c-basic-offset: 4 * End: * vim600: noexpandtab sw=4 ts=4 fdm=marker * vim<600: noexpandtab sw=4 ts=4 */