feat: add jwt authorization to supply chain example

closes #1579

Signed-off-by: Elena Izaguirre <[email protected]>

Author: elenaizaguirre

README.md

@@ -34,9 +34,10 @@ As blockchain technology proliferates, blockchain integration will become an inc
       -p 4200:4200 \
       ghcr.io/hyperledger/cactus-example-supply-chain-app:2021-09-08--docs-1312
     ```
-3. Wait for the output to show the message `INFO (api-server): Cactus Cockpit reachable http://0.0.0.0:3100`
-4. Visit http://localhost:3100 in a web browser with Javascript enabled
-5. Use the graphical user interface to create data on both ledgers and observe that a consistent view of the data from different ledgers is provided.
+3. Wait for the output to show the message `INFO (api-server): Cactus Cockpit reachable http://0.0.0.0:3200`
+4. Token generated by the application is displayed below
+5. Visit http://localhost:3200 in a web browser with Javascript enabled and insert the token when prompted
+6. Use the graphical user interface to create data on both ledgers and observe that a consistent view of the data from different ledgers is provided.
 
 Once the last command has finished executing, open link printed on the console with a web browser of your choice
 

examples/cactus-example-supply-chain-backend/src/main/typescript/supply-chain-app.ts

@@ -1,7 +1,15 @@
 import { AddressInfo } from "net";
 import { Server } from "http";
 
-import { exportPKCS8, generateKeyPair, KeyLike, exportSPKI } from "jose";
+import {
+  exportPKCS8,
+  generateKeyPair,
+  KeyLike,
+  exportSPKI,
+  SignJWT,
+} from "jose";
+import expressJwt from "express-jwt";
+
 import { v4 as uuidv4 } from "uuid";
 import exitHook, { IAsyncExitHookDoneCallback } from "async-exit-hook";
 
@@ -24,7 +32,12 @@ import {
   Servers,
 } from "@hyperledger/cactus-common";
 
-import { ApiServer, ConfigService } from "@hyperledger/cactus-cmd-api-server";
+import {
+  ApiServer,
+  AuthorizationProtocol,
+  ConfigService,
+  IAuthorizationConfig,
+} from "@hyperledger/cactus-cmd-api-server";
 
 import { PluginConsortiumManual } from "@hyperledger/cactus-plugin-consortium-manual";
 import { PluginKeychainMemory } from "@hyperledger/cactus-plugin-keychain-memory";
@@ -73,6 +86,8 @@ export class SupplyChainApp {
   private _besuApiClient?: BesuApi;
   private _quorumApiClient?: QuorumApi;
   private _fabricApiClient?: FabricApi;
+  private authorizationConfig?: IAuthorizationConfig;
+  private token?: string;
 
   public get besuApiClientOrThrow(): BesuApi {
     if (this._besuApiClient) {
@@ -130,6 +145,48 @@ export class SupplyChainApp {
     this.shutdownHooks = [];
   }
 
+  async getOrCreateToken(): Promise<string> {
+    if (!this.token) {
+      await this.createAuthorizationConfig();
+    }
+    return this.token as string;
+  }
+
+  async getOrCreateAuthorizationConfig(): Promise<IAuthorizationConfig> {
+    if (!this.authorizationConfig) {
+      await this.createAuthorizationConfig();
+    }
+    return this.authorizationConfig as IAuthorizationConfig;
+  }
+
+  async createAuthorizationConfig(): Promise<void> {
+    const jwtKeyPair = await generateKeyPair("RS256", { modulusLength: 4096 });
+    const jwtPrivateKeyPem = await exportPKCS8(jwtKeyPair.privateKey);
+    const expressJwtOptions: expressJwt.Options = {
+      algorithms: ["RS256"],
+      secret: jwtPrivateKeyPem,
+      audience: uuidv4(),
+      issuer: uuidv4(),
+    };
+
+    const jwtPayload = { name: "Peter", location: "London" };
+    this.token = await new SignJWT(jwtPayload)
+      .setProtectedHeader({
+        alg: "RS256",
+      })
+      .setIssuer(expressJwtOptions.issuer)
+      .setAudience(expressJwtOptions.audience)
+      .sign(jwtKeyPair.privateKey);
+
+    this.authorizationConfig = {
+      unprotectedEndpointExemptions: [],
+      expressJwtOptions,
+      socketIoJwtOptions: {
+        secret: jwtPrivateKeyPem,
+      },
+    };
+  }
+
   public async start(): Promise<IStartInfo> {
     this.log.debug(`Starting SupplyChainApp...`);
 
@@ -174,9 +231,21 @@ export class SupplyChainApp {
     const addressInfoC = httpApiC.address() as AddressInfo;
     const nodeApiHostC = `http://localhost:${addressInfoC.port}`;
 
-    const besuConfig = new Configuration({ basePath: nodeApiHostA });
-    const quorumConfig = new Configuration({ basePath: nodeApiHostB });
-    const fabricConfig = new Configuration({ basePath: nodeApiHostC });
+    const token = await this.getOrCreateToken();
+    const baseOptions = { headers: { Authorization: `Bearer ${token}` } };
+
+    const besuConfig = new Configuration({
+      basePath: nodeApiHostA,
+      baseOptions,
+    });
+    const quorumConfig = new Configuration({
+      basePath: nodeApiHostB,
+      baseOptions,
+    });
+    const fabricConfig = new Configuration({
+      basePath: nodeApiHostC,
+      baseOptions,
+    });
 
     const besuApiClient = new BesuApi(besuConfig);
     const quorumApiClient = new QuorumApi(quorumConfig);
@@ -217,6 +286,11 @@ export class SupplyChainApp {
           consortiumDatabase,
           keyPairPem: keyPairPemA,
           logLevel: this.options.logLevel,
+          ctorArgs: {
+            baseOptions: {
+              headers: { Authorization: `Bearer ${token}` },
+            },
+          },
         }),
         new SupplyChainCactusPlugin({
           logLevel: this.options.logLevel,
@@ -256,6 +330,11 @@ export class SupplyChainApp {
           consortiumDatabase,
           keyPairPem: keyPairPemB,
           logLevel: this.options.logLevel,
+          ctorArgs: {
+            baseOptions: {
+              headers: { Authorization: `Bearer ${token}` },
+            },
+          },
         }),
         new SupplyChainCactusPlugin({
           logLevel: this.options.logLevel,
@@ -294,6 +373,11 @@ export class SupplyChainApp {
           consortiumDatabase,
           keyPairPem: keyPairPemC,
           logLevel: "INFO",
+          ctorArgs: {
+            baseOptions: {
+              headers: { Authorization: `Bearer ${token}` },
+            },
+          },
         }),
         new SupplyChainCactusPlugin({
           logLevel: "INFO",
@@ -333,6 +417,8 @@ export class SupplyChainApp {
 
     const apiServerC = await this.startNode(httpApiC, httpGuiC, registryC);
 
+    this.log.info(`JWT generated by the application: ${token}`);
+
     return {
       apiServerA,
       apiServerB,
@@ -341,13 +427,13 @@ export class SupplyChainApp {
       fabricApiClient,
       quorumApiClient,
       supplyChainApiClientA: new SupplyChainApi(
-        new Configuration({ basePath: nodeApiHostA }),
+        new Configuration({ basePath: nodeApiHostA, baseOptions }),
       ),
       supplyChainApiClientB: new SupplyChainApi(
-        new Configuration({ basePath: nodeApiHostA }),
+        new Configuration({ basePath: nodeApiHostA, baseOptions }),
       ),
       supplyChainApiClientC: new SupplyChainApi(
-        new Configuration({ basePath: nodeApiHostA }),
+        new Configuration({ basePath: nodeApiHostA, baseOptions }),
       ),
     };
   }
@@ -498,6 +584,8 @@ export class SupplyChainApp {
     properties.cockpitPort = addressInfoCockpit.port;
     properties.grpcPort = 0; // TODO - make this configurable as well
     properties.logLevel = this.options.logLevel || "INFO";
+    properties.authorizationProtocol = AuthorizationProtocol.JSON_WEB_TOKEN;
+    properties.authorizationConfigJson = await this.getOrCreateAuthorizationConfig();
 
     const apiServer = new ApiServer({
       config: properties,

examples/cactus-example-supply-chain-frontend/src/app/app.module.ts

@@ -17,15 +17,26 @@ import {
   FABRIC_DEMO_LEDGER_ID,
 } from "src/constants";
 import { ApiClient } from "@hyperledger/cactus-api-client";
+import { AuthConfig } from "./common/auth-config";
 
 LoggerProvider.setLogLevel("TRACE");
 
 const log: Logger = LoggerProvider.getOrCreate({ label: "app-module" });
 
+let token = "";
+while (token == "") {
+  token = window.prompt("Introduce the token generated by the application");
+}
+AuthConfig.authToken = token;
+log.info(`Inserted token: ${AuthConfig.authToken}`);
+
 log.info("Running AppModule...");
 const cactusApiUrl = location.origin;
 log.info("Instantiating ApiClient with CACTUS_API_URL=%o", cactusApiUrl);
-const configuration = new Configuration({ basePath: cactusApiUrl });
+const configuration = new Configuration({
+  basePath: cactusApiUrl,
+  baseOptions: { headers: { Authorization: `Bearer ${AuthConfig.authToken}` } },
+});
 const apiClient = new ApiClient(configuration);
 
 @NgModule({

examples/cactus-example-supply-chain-frontend/src/app/bamboo-harvest/bamboo-harvest-list/bamboo-harvest-list.page.ts

@@ -11,6 +11,8 @@ import { QUORUM_DEMO_LEDGER_ID } from "../../../constants";
 import { BambooHarvestDetailPage } from "../bamboo-harvest-detail/bamboo-harvest-detail.page";
 import { ModalController } from "@ionic/angular";
 
+import { AuthConfig } from "../../common/auth-config";
+
 @Component({
   selector: "app-bamboo-harvest-list",
   templateUrl: "./bamboo-harvest-list.page.html",
@@ -42,7 +44,11 @@ export class BambooHarvestListPage implements OnInit {
     this._supplyChainApi = await this.baseClient.ofLedger(
       this.quorumLedgerId,
       SupplyChainApi,
-      {},
+      {
+        baseOptions: {
+          headers: { Authorization: `Bearer ${AuthConfig.authToken}` },
+        },
+      },
     );
     await this.loadData();
   }

examples/cactus-example-supply-chain-frontend/src/app/bookshelf/bookshelf-detail/bookshelf-detail.page.ts

@@ -15,6 +15,8 @@ import {
 import { Logger, LoggerProvider } from "@hyperledger/cactus-common";
 import { QUORUM_DEMO_LEDGER_ID } from "src/constants";
 
+import { AuthConfig } from "../../common/auth-config";
+
 @Component({
   selector: "app-bookshelf-detail",
   templateUrl: "./bookshelf-detail.page.html",
@@ -52,7 +54,11 @@ export class BookshelfDetailPage implements OnInit {
     this._supplyChainApi = await this.baseClient.ofLedger(
       this.quorumLedgerId,
       SupplyChainApi,
-      {},
+      {
+        baseOptions: {
+          headers: { Authorization: `Bearer ${AuthConfig.authToken}` },
+        },
+      },
     );
 
     if (!this.bookshelf) {

examples/cactus-example-supply-chain-frontend/src/app/bookshelf/bookshelf-list/bookshelf-list.page.ts

@@ -11,6 +11,8 @@ import { BESU_DEMO_LEDGER_ID } from "../../../constants";
 import { BookshelfDetailPage } from "../bookshelf-detail/bookshelf-detail.page";
 import { ModalController } from "@ionic/angular";
 
+import { AuthConfig } from "../../common/auth-config";
+
 @Component({
   selector: "app-bookshelf-list",
   templateUrl: "./bookshelf-list.page.html",
@@ -42,7 +44,11 @@ export class BookshelfListPage implements OnInit {
     this._supplyChainApi = await this.baseClient.ofLedger(
       this.ledgerId,
       SupplyChainApi,
-      {},
+      {
+        baseOptions: {
+          headers: { Authorization: `Bearer ${AuthConfig.authToken}` },
+        },
+      },
     );
     await this.loadData();
   }

examples/cactus-example-supply-chain-frontend/src/app/common/auth-config.ts

@@ -0,0 +1,3 @@
+export class AuthConfig {
+  static authToken: string;
+}

examples/cactus-example-supply-chain-frontend/src/app/shipment/shipment-detail/shipment-detail.page.ts

@@ -15,6 +15,8 @@ import {
 import { Logger, LoggerProvider } from "@hyperledger/cactus-common";
 import { QUORUM_DEMO_LEDGER_ID } from "src/constants";
 
+import { AuthConfig } from "../../common/auth-config";
+
 @Component({
   selector: "app-shipment-detail",
   templateUrl: "./shipment-detail.page.html",
@@ -52,7 +54,11 @@ export class ShipmentDetailPage implements OnInit {
     this._supplyChainApi = await this.baseClient.ofLedger(
       this.quorumLedgerId,
       SupplyChainApi,
-      {},
+      {
+        baseOptions: {
+          headers: { Authorization: `Bearer ${AuthConfig.authToken}` },
+        },
+      },
     );
 
     if (!this.shipment) {

examples/cactus-example-supply-chain-frontend/src/app/shipment/shipment-list/shipment-list.page.ts

@@ -11,6 +11,8 @@ import { BESU_DEMO_LEDGER_ID } from "../../../constants";
 import { ShipmentDetailPage } from "../shipment-detail/shipment-detail.page";
 import { ModalController } from "@ionic/angular";
 
+import { AuthConfig } from "../../common/auth-config";
+
 @Component({
   selector: "app-shipment-list",
   templateUrl: "./shipment-list.page.html",
@@ -42,7 +44,11 @@ export class ShipmentListPage implements OnInit {
     this._supplyChainApi = await this.baseClient.ofLedger(
       this.ledgerId,
       SupplyChainApi,
-      {},
+      {
+        baseOptions: {
+          headers: { Authorization: `Bearer ${AuthConfig.authToken}` },
+        },
+      },
     );
     await this.loadData();
   }

examples/supply-chain-app/README.md

@@ -19,8 +19,8 @@
 2. Observe the example application pulling up in the logs
    1. the test ledger containers,
    2. a test consortium with multiple members and their Cactus nodes
-3. Wait for the output to show the message `INFO (api-server): Cactus Cockpit reachable http://0.0.0.0:3100`
-4. Visit http://0.0.0.0:3100 in your web browser with Javascript enabled
+3. Wait for the output to show the message `INFO (api-server): Cactus Cockpit reachable http://0.0.0.0:3200`
+4. Visit http://0.0.0.0:3200 in your web browser with Javascript enabled
 
 ## Building and running the container locally
 
@@ -61,4 +61,6 @@ On the terminal, issue the following commands (steps 1 to 6) and then perform th
 7. Locate the `.vscode/template.launch.json` file
 8. Within that file locate the entry named `"Example: Supply Chain App"`
 9. Copy the VSCode debug definition object from 2) to your `.vscode/launch.json` file
-10. At this point the VSCode `Run and Debug` panel on the left should have an option also titled `"Example: Supply Chain App"` which
+10. At this point the VSCode `Run and Debug` panel on the left should have an option also titled `"Example: Supply Chain App"` which starts the application
+11. When the application finishes loading, token generated is displayed on the terminal
+12. Visit http://localhost:3200 in a web browser with Javascript enabled and insert the token when prompted