From 1fc4080f620a221afd8f334b25763dde62f88d2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Oct 2021 16:38:51 +0000
Subject: [PATCH 1/3] Bump axios from 0.21.1 to 0.21.4

Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.4.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.4)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 4f6c044..918501b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -284,11 +284,18 @@
       "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg=="
     },
     "axios": {
-      "version": "0.21.1",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz",
-      "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==",
+      "version": "0.21.4",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz",
+      "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==",
       "requires": {
-        "follow-redirects": "^1.10.0"
+        "follow-redirects": "^1.14.0"
+      },
+      "dependencies": {
+        "follow-redirects": {
+          "version": "1.14.4",
+          "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.4.tgz",
+          "integrity": "sha512-zwGkiSXC1MUJG/qmeIFH2HBJx9u0V46QGUe3YR1fXG8bXQxq7fLj0RjLZQ5nubr9qNJUZrH+xUcwXEoXNpfS+g=="
+        }
       }
     },
     "balanced-match": {

From 540eb0995652bef7d83bb7b706441eba40950b15 Mon Sep 17 00:00:00 2001
From: Ryan Birmingham <birm@rbirm.us>
Date: Mon, 25 Jul 2022 18:09:20 -0400
Subject: [PATCH 2/3] add header-based login handler

---
 caracal.js               |  1 +
 handlers/authHandlers.js | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/caracal.js b/caracal.js
index 4ab7d4a..6023c77 100644
--- a/caracal.js
+++ b/caracal.js
@@ -74,6 +74,7 @@ var HANDLERS = {
   "loginHandler": function() {
     return auth.loginHandler(auth.PUBKEY);
   },
+  "loginWithHeader": auth.loginWithHeader,
   "sanitizeBody": function() {
     return sanitizeBody;
   },
diff --git a/handlers/authHandlers.js b/handlers/authHandlers.js
index c5c470f..430963f 100644
--- a/handlers/authHandlers.js
+++ b/handlers/authHandlers.js
@@ -263,6 +263,35 @@ function firstSetupUserSignupExists() {
   };
 }
 
+// Use a trusted header instead of a jwt for login. Use carefully if at all.
+function loginWithHeader(header, signKey, userFunction) {
+  return function(req, res) {
+    // get the correct header, set it to use userFunction
+    let token = {"email": req.headers[header]};
+    // login using that
+    userFunction(token).then((x) => {
+      if (x === false) {
+        res.status(401).send({
+          'err': 'User Unauthorized',
+        });
+      } else {
+        data = x;
+        delete data['exp'];
+        // sign using the mounted key
+        var token = jwt.sign(data, signKey, {
+          algorithm: 'RS256',
+          expiresIn: EXPIRY,
+        });
+        res.send({
+          'token': token,
+        });
+      }
+    }).catch((e) => {
+      console.log(e);
+      res.status(401).send(e);
+    });
+  };
+}
 
 auth = {};
 auth.jwkTokenTrade = jwkTokenTrade;
@@ -271,6 +300,7 @@ auth.filterHandler = filterHandler;
 auth.loginHandler = loginHandler;
 auth.editHandler = editHandler;
 auth.firstSetupUserSignupExists = firstSetupUserSignupExists;
+auth.loginWithHeader = loginWithHeader;
 auth.CLIENT = CLIENT;
 auth.PRIKEY = PRIKEY;
 auth.PUBKEY = PUBKEY;

From df019398791b95bac779d074604f9e5b1c58815b Mon Sep 17 00:00:00 2001
From: Ryan Birmingham <birm@rbirm.us>
Date: Mon, 1 Aug 2022 17:35:54 -0400
Subject: [PATCH 3/3] not using authorization collection

---
 idx_mongo.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/idx_mongo.js b/idx_mongo.js
index 242b485..5ee21f4 100644
--- a/idx_mongo.js
+++ b/idx_mongo.js
@@ -5,7 +5,6 @@ const mongodb = require("./service/database");
 
 function indexes() {
   db = "camic";
-  mongodb.createIndex(db, "authorization", {"name": 1}, {unique: true});
   mongodb.createIndex(db, "user", {"email": 1}, {unique: true});
   mongodb.createIndex(db, "mark", {"provenance.image.slide": 1,
     "provenance.analysis.execution_id": 1, "footprint": 1, "x": 1, "y": 1});