From 57a42f810b2d69f07b935bef7f924b04acbc9bed Mon Sep 17 00:00:00 2001 From: FORESTIER Fabien <fabien.forestier@soprasteria.com> Date: Fri, 20 Mar 2020 16:55:40 +0100 Subject: [PATCH] Add middleware legacy auth documentation --- docs/components/middlewares/legacy-auth.md | 28 +++++++++++++++++++ .../proxies/web-mapping-services.md | 10 ++++--- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/docs/components/middlewares/legacy-auth.md b/docs/components/middlewares/legacy-auth.md index 41e6048..7f4e0d1 100644 --- a/docs/components/middlewares/legacy-auth.md +++ b/docs/components/middlewares/legacy-auth.md @@ -3,10 +3,38 @@ ## Features +This middleware provides an interface for our services, for the web application and for the admin GUI toward the `Legacy auth service`. As the lecacy auth service is a bit old fashioned, it sometimes requires the user's login and password to be passed along with the request or even an admin login and password. As a consequence the middleware also does: + +- encryption of the user's password on the login request which is then sent along with the user info to the authentication service +- decryption of the user's password from the jwt (payload) received as a cookie in the incomming request which is then passed along with the original request to the upstream server +- addition of an admin login and password in some requests that require admin accesses + ## Dependencies +This middleware depends on the Legacy auth service (Django) and on the [Email service](../services/mailer.md). + ## Endpoints +This middleware provides the following endpoints: + +1. `/legacy/user` (GET, POST and DELETE) +2. `/legacy/user/validateAccount` +3. `/legacy/user/login` +4. `/legacy/user/updatePassword` +5. `/legacy/user/update` +6. `/legacy/user/resetPassword` +7. `/legacy/user/resources` +8. `/legacy/user/resources/add` +9. `/legacy/user/resources/renew` +10. `/legacy/user/resources/delete` +11. `/legacy/isPasswordResetTokenValid` +12. `/legacy/passwordForgotten` +13. `/legacy/services` +14. `/legacy/restrictedAccessDatasets` +15. `/legacy/publicKey` +16. `/health` +returning a `200` HTTP code if the API is healthy, `503` otherwise. For the service to be healthy, the underlying redis service must be up as well as the email service. Note that for technical reasons the health check on the legacy auth service has been disabled. + ## Implementation The service is implemented using the [NestJS](https://nestjs.com/) framework. We refer the reader to the [NestJS-based micro-services](../../miscellaneous/nestjs-micro-services.md) page for further details concerning the latter framework and the features it provides. diff --git a/docs/components/proxies/web-mapping-services.md b/docs/components/proxies/web-mapping-services.md index 7562108..c2dbca7 100644 --- a/docs/components/proxies/web-mapping-services.md +++ b/docs/components/proxies/web-mapping-services.md @@ -15,14 +15,16 @@ In order for the map to work properly and to always be able to display the full This proxy has two dependencies: -* `Elasticsearch` -* `MapServer` +* `Elasticsearch`: used to verify whether the user has access to the requested service and for the specified layer +* `MapServer`: which expose the WMS and MVT services ## Endpoints It provides two endpoints: -* `/wms`: -* `/mvt`: +* `/wms`: which proxy request to the WMS service +* `/mvt`: which proxy request to the MVT service ## Implementation + +This proxy has been written in [Node.js](https://nodejs.org/) and based on [http-proxy](https://github.com/http-party/node-http-proxy) node module. -- GitLab