Merge branch 'master' into did-integration

ging · Sep 19, 2023 · 8ce1d15 · 8ce1d15
2 parents d9d6e3e + 4e3c786
commit 8ce1d15
Show file tree

Hide file tree

Showing 19 changed files with 14,970 additions and 9,819 deletions.
diff --git a/.github/fiware/image-clone.sh b/.github/fiware/image-clone.sh
@@ -0,0 +1,42 @@
+set -e
+
+SOURCE="ging/fiware-idm"
+DOCKER_TARGET="fiware/idm"
+QUAY_TARGET="quay.io/fiware/idm"
+
+# DOCKER_TARGET="fiware/$(basename $(git rev-parse --show-toplevel))"
+# QUAY_TARGET="quay.io/fiware/$(basename $(git rev-parse --show-toplevel))"
+
+VERSION=$(git describe --exclude 'FIWARE*' --tags $(git rev-list --tags --max-count=1))
+
+function clone {
+   echo 'cloning from '"$1 $2"' to '"$3"
+   docker pull -q "$1":"$2"
+   docker tag "$1":"$2" "$3":"$2"
+   docker push -q "$3":"$2"
+
+   if ! [ -z "$4" ]; then
+        echo 'pushing '"$1 $2"' to latest'
+        docker tag "$1":"$2" "$3":latest
+        docker push -q "$3":latest
+   fi
+}
+
+for i in "$@" ; do
+    if [[ $i == "docker" ]]; then
+
+        clone "$SOURCE" "$VERSION" "$DOCKER_TARGET" true
+        clone "$SOURCE" "$VERSION"-distroless "$DOCKER_TARGET"
+    fi
+    if [[ $i == "quay" ]]; then
+        clone "$SOURCE" "$VERSION" "$QUAY_TARGET" true
+        clone "$SOURCE" "$VERSION"-distroless "$QUAY_TARGET"
+    fi
+    echo ""
+done
+
+for i in "$@" ; do
+    if [[ $i == "clean" ]]; then
+        docker rmi -f $(docker images -a -q) | true
+    fi
+done
diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -0,0 +1,13 @@
+version: 2
+
+mkdocs:
+  configuration: mkdocs.yml
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.8"
+
+python:
+  install:
+    - requirements: doc/requirements.txt
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [![FIWARE Security](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](https://www.fiware.org/developers/catalogue/)
 [![License: MIT](https://img.shields.io/github/license/ging/fiware-idm.svg)](https://opensource.org/licenses/MIT)
-[![Docker badge](https://img.shields.io/docker/pulls/fiware/idm.svg)](https://hub.docker.com/r/fiware/idm/)
+[![Docker badge](https://img.shields.io/badge/quay.io-fiware%2Fidm-grey?logo=red%20hat&labelColor=EE0000)](https://quay.io/repository/fiware/idm)
 [![Support badge](https://img.shields.io/badge/tag-fiware-orange.svg?logo=stackoverflow)](https://stackoverflow.com/questions/tagged/fiware-keyrock)
 <br>
 [![Documentation](https://img.shields.io/readthedocs/fiware-idm.svg)](https://fiware-idm.readthedocs.io/en/latest/)
@@ -23,8 +23,8 @@ This project is part of [FIWARE](https://www.fiware.org/). For more information
 check the FIWARE Catalogue entry for
 [Security](https://github.com/Fiware/catalogue/tree/master/security).
 
-| :books: [Documentation](https://fiware-idm.readthedocs.io/en/latest/) | :page_facing_up: [Site](https://keyrock-fiware.github.io/) | :mortar_board: [Academy](https://fiware-academy.readthedocs.io/en/latest/security/keyrock.html) | :whale: [Docker Hub](https://hub.docker.com/r/fiware/idm/) | :dart: [Roadmap](https://github.com/ging/fiware-idm/blob/master/roadmap.md) |
-| --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | --------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
+| :books: [Documentation](https://fiware-idm.readthedocs.io/en/latest/) | :page_facing_up: [Site](https://keyrock-fiware.github.io/) | :mortar_board: [Academy](https://fiware-academy.readthedocs.io/en/latest/security/keyrock.html) | <img style="height:1em" src="https://quay.io/static/img/quay_favicon.png"/> [quay.io](https://quay.io/repository/fiware/idm) | :dart: [Roadmap](https://github.com/ging/fiware-idm/blob/master/roadmap.md) |
+| --------------------------------------------------------------------- | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
 
 
 ## Content
@@ -239,4 +239,4 @@ follows:
 
 Keyrock is licensed under the [MIT](LICENSE) License.
 
-© 2018 Universidad Politécnica de Madrid.
+© 2018-2023 Universidad Politécnica de Madrid.
diff --git a/app.js b/app.js
@@ -16,6 +16,7 @@ const sass_middleware = require('./lib/node-sass-middleware');
 const session = require('cookie-session');
 const package_info = require('./package.json');
 const fs = require('fs');
+const extparticipant = require('./controllers/extparticipant/extparticipant');
 
 const version = require('./version.json');
 version.keyrock.version = package_info.version;
@@ -54,37 +55,35 @@ if (config.debug) {
 // Disabled header
 app.disable('x-powered-by');
 // Set security headers
-const csp_default =  {
-    directives: {
-      defaultSrc: ["'self'", 'data:'], // eslint-disable-line snakecase/snakecase
-      fontSrc: ["'self'", 'data:', 'https://fonts.gstatic.com'], // eslint-disable-line snakecase/snakecase
-      imgSrc: ["'self'", 'data'], // eslint-disable-line snakecase/snakecase
-      scriptSrc: ["'self'", "'unsafe-inline'"], // eslint-disable-line snakecase/snakecase
-      styleSrc: ["'self'", 'https:', "'unsafe-inline'", 'https://fonts.googleapis.com'] // eslint-disable-line snakecase/snakecase
-    },
-    reportOnly: false // eslint-disable-line snakecase/snakecase
-  };
-const csp_disabled =  {
-    directives: {
-      defaultSrc: ['*'], // eslint-disable-line snakecase/snakecase
-      fontSrc: ['*'], // eslint-disable-line snakecase/snakecase
-      imgSrc: ['*'], // eslint-disable-line snakecase/snakecase
-      scriptSrc: ['*'], // eslint-disable-line snakecase/snakecase
-      styleSrc: ['*'] // eslint-disable-line snakecase/snakecase
-    },
-    reportOnly: true // eslint-disable-line snakecase/snakecase
-  };
-
-const csp_options =  config.https.enabled ? csp_default : csp_disabled;
+const csp_default = {
+  directives: {
+    defaultSrc: ["'self'", 'data:'], // eslint-disable-line snakecase/snakecase
+    fontSrc: ["'self'", 'data:', 'https://fonts.gstatic.com'], // eslint-disable-line snakecase/snakecase
+    imgSrc: ["'self'", 'data'], // eslint-disable-line snakecase/snakecase
+    scriptSrc: ["'self'", "'unsafe-inline'"], // eslint-disable-line snakecase/snakecase
+    styleSrc: ["'self'", 'https:', "'unsafe-inline'", 'https://fonts.googleapis.com'] // eslint-disable-line snakecase/snakecase
+  },
+  reportOnly: false // eslint-disable-line snakecase/snakecase
+};
+const csp_disabled = {
+  directives: {
+    defaultSrc: ['*'], // eslint-disable-line snakecase/snakecase
+    fontSrc: ['*'], // eslint-disable-line snakecase/snakecase
+    imgSrc: ['*'], // eslint-disable-line snakecase/snakecase
+    scriptSrc: ['*'], // eslint-disable-line snakecase/snakecase
+    styleSrc: ['*'] // eslint-disable-line snakecase/snakecase
+  },
+  reportOnly: true // eslint-disable-line snakecase/snakecase
+};
+
+const csp_options = config.https.enabled ? csp_default : csp_disabled;
 if (config.csp.form_action) {
-    csp_options.directives.formAction = config.csp.form_action;
+  csp_options.directives.formAction = config.csp.form_action;
 }
 if (config.csp.script_src) {
-    csp_options.directives.scriptSrc = config.csp.script_src;
+  csp_options.directives.scriptSrc = config.csp.script_src;
 }
-app.use(
-  helmet.contentSecurityPolicy(csp_options)
-);
+app.use(helmet.contentSecurityPolicy(csp_options));
 app.use(
   helmet.dnsPrefetchControl({
     allow: process.env.IDM_DNS_PREFETCH_ALLOW === 'true'
@@ -224,6 +223,9 @@ if (config.https.enabled) {
   app.use('/oauth2', force_ssl, oauth2);
   app.get('/user', force_ssl, oauth2_controller.authenticate_token);
 
+  // Set route for capabilities endpoint
+  app.use('/capabilities', force_ssl, extparticipant.capabilities);
+
   if (config.authorization.level === 'payload') {
     app.post('/pdp/open_policy_agent', force_ssl, oauth2_controller.auth_opa_policy);
     app.post('/pdp/xacml', force_ssl, oauth2_controller.auth_xacml_policy);
@@ -256,6 +258,9 @@ if (config.https.enabled) {
   app.use('/oauth2', oauth2);
   app.get('/user', oauth2_controller.authenticate_token);
 
+  // Set route for capabilities endpoint
+  app.use('/capabilities', extparticipant.capabilities);
+
   if (config.authorization.level === 'payload') {
     app.post('/pdp/open_policy_agent', oauth2_controller.auth_opa_policy);
     app.post('/pdp/xacml', oauth2_controller.auth_xacml_policy);

diff --git a/config.js b/config.js
@@ -109,7 +109,7 @@ config.usage_control = {
 config.database = {
   host: 'localhost',
   password: 'keyrock2020',
-  username: 'root',
+  username: 'idm',
   database: 'idm',
   dialect: 'mysql',
   port: undefined