add check access match

telefonicaid · Oct 7, 2024 · efbb8f7 · efbb8f7
1 parent 72a9d5d
commit efbb8f7
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 1 deletion.
diff --git a/configAccessMatch.js b/configAccessMatch.js
@@ -0,0 +1,29 @@
+'use strict';
+
+/**
+ * List of access match
+ */
+var configAccessMatch = {};
+
+// Activity related with a list of users
+configAccessMatch.users = [
+    'cloud_admin', 'pep',
+];
+
+// Activity related with request which the following headers
+configAccessMatch.headers = [
+    { "Fiware-service": "smartcity" },
+];
+
+// Activity related with request including the following subpaths
+configAccessMatch.subpath = [
+    '/v1',
+];
+
+// Activity related with request including the following strings in body
+configAccessMatch.body = [
+    'legacy'
+];
+
+
+exports.configAccessMatch = configAccessMatch;
diff --git a/lib/fiware-pep-steelskin.js b/lib/fiware-pep-steelskin.js
@@ -123,6 +123,7 @@ function setAccessLogger() {
             })
         ]
     });
+    proxyMiddleware.watchConfigAccessMatchFile();
 }
 
 /**

diff --git a/lib/middleware/proxy.js b/lib/middleware/proxy.js
@@ -36,8 +36,30 @@ var config = require('../../config'),
         'x-auth-token'
     ],
     winston = require('winston'),
+    logger = require('logops'),
+    configAccessMatch = require('../../configAccessMatch.js').configAccessMatch,
     accessLogger;
 
+const fs = require('fs');
+const configAccessMatchFilePath = './configAccessMatch.js';
+
+function requireUncached(module) {
+    delete require.cache[require.resolve(module)];
+    return require(module);
+}
+
+function watchConfigAccessMatchFile() {
+    fs.watch(configAccessMatchFilePath, (event, filename) => {
+        logger.info('watchConfigAccessMatchFile changed by %s detected in file %s', event, filename);
+        try {
+            configAccessMatch = requireUncached('../../configAccessMatch.js').configAccessMatch;
+            logger.debug('reloaded configAccessMatch %j', configAccessMatch);
+        } catch (err) {
+            logger.error('Error %s reloading module: %s ', err, filename);
+        }
+    });
+}
+
 /**
  * Middleware to extract the organization data from the request.
  *
@@ -196,7 +218,14 @@ function accountInfo(req, res, next) {
             });
         }
         req.fwdResponse = req.fwdResponse.on('response', function(res) {
-            accessLogger.info('Right Attempt' +
+            var accessMsg = "Right Attempt";
+
+            // CHeck here MATCH file patterns:
+            if (req.userName in configAccessMatch.users ) {
+                accessMsg += '  MATCHED USER';
+            }
+
+            accessLogger.info(accessMsg +
                               ' | ResponseStatus=' + req.fwdResponse.response.statusCode +
                               ' | Token=' + req.headers['x-auth-token'] +
                               ' | Origin=' + req.connection.remoteAddress +
@@ -260,3 +289,4 @@ exports.sendResponse = sendResponse;
 exports.accountInfo = accountInfo;
 exports.checkMandatoryHeaders = checkMandatoryHeaders(validationHeaders);
 exports.checkAuthorizationHeader = checkMandatoryHeaders(authorizationHeaders);
+exports.watchConfigAccessMatchFile = watchConfigAccessMatchFile;