Mercurial > gemma

changeset 5610:a826d84485c8 erdms2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use token server to fetch token for ERDMS requests.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Mon, 31 Oct 2022 19:05:28 +0100
parents e1936db6db8e
children 8062c4a05ad9
files pkg/config/config.go pkg/imports/erdms.go pkg/soap/erdms2/service.go pkg/soap/oauth.go pkg/soap/soap.go
diffstat 5 files changed, 97 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/pkg/config/config.go	Mon Oct 31 17:51:54 2022 +0100
+++ b/pkg/config/config.go	Mon Oct 31 19:05:28 2022 +0100
@@ -132,6 +132,9 @@
 // LogLevel is the log level of the application.
 func LogLevel() log.Level { return log.ParseLogLevel(viper.GetString("log-level")) }
 
+// TokenURL is the ERDMS token service URL.
+func TokenURL() string { return viper.GetString("token-url") }
+
 var (
 	proxyKeyOnce       sync.Once
 	proxyKey           []byte
@@ -307,6 +310,7 @@
 	str("log-file", "", "path to a file to log to.")
 	str("log-level", log.InfoLogLevel.String(), "path to a file to log to.")
 
+	str("token-url", "", "URL to the ERDMS token server.")
 }
 
 var (
--- a/pkg/imports/erdms.go	Mon Oct 31 17:51:54 2022 +0100
+++ b/pkg/imports/erdms.go	Mon Oct 31 19:05:28 2022 +0100
@@ -20,6 +20,7 @@
 	"fmt"
 	"strings"
 
+	"gemma.intevation.de/gemma/pkg/config"
 	"gemma.intevation.de/gemma/pkg/log"
 	"gemma.intevation.de/gemma/pkg/soap"
 	erdms "gemma.intevation.de/gemma/pkg/soap/erdms2"
@@ -72,12 +73,15 @@
 		return nil, nil, err
 	}
 
-	var auth *soap.BasicAuth
-	if username != "" {
-		auth = &soap.BasicAuth{
-			Login:    username,
-			Password: password,
+	var auth soap.Auth
+
+	if tokenURL := config.TokenURL(); tokenURL != "" && username != "" {
+		token, err := soap.FetchToken(tokenURL, username, password)
+		if err != nil {
+			return nil, nil, fmt.Errorf(
+				"error requesting token for ERDMS service: %w", err)
 		}
+		auth = token
 	}
 
 	client := erdms.NewRefService(URL, insecure, auth)
--- a/pkg/soap/erdms2/service.go	Mon Oct 31 17:51:54 2022 +0100
+++ b/pkg/soap/erdms2/service.go	Mon Oct 31 19:05:28 2022 +0100
@@ -1732,7 +1732,7 @@
 	client *soap.SOAPClient
 }
 
-func NewRefService(url string, tls bool, auth *soap.BasicAuth) RefWeb {
+func NewRefService(url string, tls bool, auth soap.Auth) RefWeb {
 	return NewRefWeb(soap.NewSOAPClient(url, tls, auth))
 }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/soap/oauth.go	Mon Oct 31 19:05:28 2022 +0100
@@ -0,0 +1,71 @@
+// This is Free Software under GNU Affero General Public License v >= 3.0
+// without warranty, see README.md and license for details.
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// License-Filename: LICENSES/AGPL-3.0.txt
+//
+// Copyright (C) 2022 by via donau
+//   – Österreichische Wasserstraßen-Gesellschaft mbH
+// Software engineering by Intevation GmbH
+//
+// Author(s):
+//  * Sascha L. Teichmann <sascha.teichmann@intevation.de>
+
+package soap
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+type Token struct {
+	AccessToken string `json:"access_token"`
+	Scope       string `json:"scope"`
+	TokenType   string `json:"token_type"`
+	ExpiresIn   int    `json:"expires_in"`
+}
+
+func (token *Token) AddAuth(request *http.Request) {
+	request.Header.Add("Authorization", "Bearer "+token.AccessToken)
+}
+
+func FetchToken(tokenURL, key, secret string) (*Token, error) {
+
+	keyPair := key + ":" + secret
+
+	encodedKeyPair := base64.URLEncoding.EncodeToString([]byte(keyPair))
+
+	req, err := http.NewRequest(
+		http.MethodPost,
+		tokenURL,
+		strings.NewReader("grant_type=client_credentials"))
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Authorization", "Basic "+encodedKeyPair)
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf(
+			"POST failed: %s (%d)",
+			http.StatusText(resp.StatusCode),
+			resp.StatusCode)
+	}
+
+	var token Token
+	defer resp.Body.Close()
+
+	if err = json.NewDecoder(resp.Body).Decode(&token); err != nil {
+		return nil, err
+	}
+	return &token, err
+}
--- a/pkg/soap/soap.go	Mon Oct 31 17:51:54 2022 +0100
+++ b/pkg/soap/soap.go	Mon Oct 31 19:05:28 2022 +0100
@@ -100,15 +100,23 @@
 	Data string `xml:",chardata"`
 }
 
+type Auth interface {
+	AddAuth(request *http.Request)
+}
+
 type BasicAuth struct {
 	Login    string
 	Password string
 }
 
+func (ba *BasicAuth) AddAuth(request *http.Request) {
+	request.SetBasicAuth(ba.Login, ba.Password)
+}
+
 type SOAPClient struct {
 	url     string
 	tlsCfg  *tls.Config
-	auth    *BasicAuth
+	auth    Auth
 	headers []interface{}
 }
 
@@ -205,14 +213,14 @@
 	return f.String
 }
 
-func NewSOAPClient(url string, insecureSkipVerify bool, auth *BasicAuth) *SOAPClient {
+func NewSOAPClient(url string, insecureSkipVerify bool, auth Auth) *SOAPClient {
 	tlsCfg := &tls.Config{
 		InsecureSkipVerify: insecureSkipVerify,
 	}
 	return NewSOAPClientWithTLSConfig(url, tlsCfg, auth)
 }
 
-func NewSOAPClientWithTLSConfig(url string, tlsCfg *tls.Config, auth *BasicAuth) *SOAPClient {
+func NewSOAPClientWithTLSConfig(url string, tlsCfg *tls.Config, auth Auth) *SOAPClient {
 	return &SOAPClient{
 		url:    url,
 		tlsCfg: tlsCfg,
@@ -256,7 +264,7 @@
 		return err
 	}
 	if s.auth != nil {
-		req.SetBasicAuth(s.auth.Login, s.auth.Password)
+		s.auth.AddAuth(req)
 	}
 
 	req.Header.Add("Content-Type", "text/xml; charset=\"utf-8\"")