Add Pathdb Secure IIP Handler (#102)

camicroscope · Oct 13, 2022 · fbb4bbd · fbb4bbd
1 parent a2a6cd1
commit fbb4bbd
Show file tree

Hide file tree

Showing 7 changed files with 180 additions and 11 deletions.
diff --git a/caracal.js b/caracal.js
@@ -14,7 +14,8 @@ const fs = require('fs');
 const auth = require('./handlers/authHandlers.js');
 const monitor = require('./handlers/monitorHandlers.js');
 const userFunction = require('./handlers/userFunction.js');
-const iipHandler = require('./handlers/iipHandler.js');
+const iipHandlers = require('./handlers/iipHandler.js');
+const pdbIipHandlers = require('./handlers/pathdbIipHandler.js');
 const proxyHandler = require('./handlers/proxyHandler.js');
 const permissionHandler = require('./handlers/permssionHandler.js');
 const dataHandlers = require('./handlers/dataHandlers.js');
@@ -91,7 +92,13 @@ var HANDLERS = {
   "proxyHandler": proxyHandler,
   "writeFile": fileHandlers.writeFile,
   "iipHandler": function() {
-    return iipHandler;
+    return iipHandlers.iipHandler;
+  },
+  "preIip": function() {
+    return iipHandlers.preIip;
+  },
+  "iipCheck": function() {
+    return pdbIipHandlers.iipCheck;
   },
   "markMulti": function() {
     return dataHandlers.Mark.multi;

diff --git a/handlers/authHandlers.js b/handlers/authHandlers.js
@@ -301,6 +301,7 @@ auth.tokenTrade = tokenTrade;
 auth.filterHandler = filterHandler;
 auth.loginHandler = loginHandler;
 auth.editHandler = editHandler;
+auth.getToken = getToken;
 auth.firstSetupUserSignupExists = firstSetupUserSignupExists;
 auth.loginWithHeader = loginWithHeader;
 auth.CLIENT = CLIENT;

diff --git a/handlers/iipHandler.js b/handlers/iipHandler.js
@@ -2,7 +2,7 @@ var proxy = require('http-proxy-middleware');
 
 var IIP_PATH = process.env.IIP_PATH || 'http://ca-iip/';
 
-iipHandler = function(req, res, next) {
+preIip = function(req, res, next) {
   if (req.query) {
     if (req.query.DeepZoom) {
       if (req.query.DeepZoom.endsWith('.dzi')) {
@@ -12,13 +12,25 @@ iipHandler = function(req, res, next) {
         // just in case _files is in the filename for some reason
         req.iipFileRequested = req.query.DeepZoom.split('_files').slice(0, -1).join('/');
       }
+    } else if (req.query.IIIF) {
+      req.iipFileRequested = req.query.IIIF.split("/")[0];
     } else if (req.query.FIF) {
       req.iipFileRequested = req.query.FIF;
     } else {
       req.iipFileRequested = false;
     }
   }
+  console.log(req.iipFileRequested);
+  next();
+};
+
+function RemoveParameterFromUrl(url, parameter) {
+  return url
+    .replace(new RegExp('[?&]' + parameter + '=[^&#]*(#.*)?$'), '$1')
+    .replace(new RegExp('([?&])' + parameter + '=[^&]*&'), '$1');
+}
 
+iipHandler = function(req, res, next) {
   proxy({
     secure: false,
     onError(err, req, res) {
@@ -29,8 +41,14 @@ iipHandler = function(req, res, next) {
     changeOrigin: true,
     target: IIP_PATH,
     pathRewrite: function(path, req) {
+      if (req.newFilepath) {
+        path = path.replace(req.iipFileRequested, req.newFilepath);
+      }
+      // remove token if present
+      path = RemoveParameterFromUrl(path, "token");
       // NOTE -- this may need to change if the original url has more subdirs or so added
       var splitPath = path.split('/');
+      console.log(path);
       return '/' + splitPath.slice(2, splitPath.length).join('/');
     },
     onProxyReq: function(proxyReq, req, res) {
@@ -42,5 +60,9 @@ iipHandler = function(req, res, next) {
   })(req, res, next);
 };
 
+iipHandlers = {};
+iipHandlers.preIip = preIip;
+iipHandlers.iipHandler = iipHandler;
+
 
-module.exports = iipHandler;
+module.exports = iipHandlers;
diff --git a/handlers/pathdbIipHandler.js b/handlers/pathdbIipHandler.js
@@ -0,0 +1,60 @@
+// EXTENDS authHandlers
+const proxy = require('http-proxy-middleware');
+var jwt = require('jsonwebtoken');
+var EXPIRY = process.env.EXPIRY || '1d';
+var BYPASS_IIP_CHECK = process.env.BYPASS_IIP_CHECK == "Y";
+const auth = require('./authHandlers.js');
+const fetch = require('cross-fetch');
+
+// internal function to issue a new jwt
+function issueToken(data, signKey) {
+  return jwt.sign(data, signKey, {
+    algorithm: 'RS256',
+    expiresIn: EXPIRY,
+  });
+}
+
+iipCheck = function(req, res, next) {
+  if (!BYPASS_IIP_CHECK) {
+    if (req.iipFileRequested) {
+      // rewrite path first
+      const PDB_URL = process.env.PDB_URL || 'http://quip-pathdb';
+      let requestedNode = req.iipFileRequested.replace("pathdb*", "");
+      let lookupUrl = PDB_URL + "/node/" + requestedNode + "?_format=json";
+      console.log(lookupUrl);
+      let pdbReqHeaders = {"Authorization": "Bearer " + auth.getToken(req)};
+      console.log(pdbReqHeaders);
+      fetch(lookupUrl, {headers: pdbReqHeaders}).then((x)=>x.json()).then((x)=>{
+        console.log(x);
+        // get path
+        if (x && x['field_iip_path'] && x['field_iip_path'].length && x['field_iip_path'][0]['value']) {
+          req.newFilepath = x['field_iip_path'][0]['value'];
+          console.log(req.newFilepath);
+          next();
+        } else {
+          let err = {};
+          err.message = "unauthorized slide request";
+          err.statusCode = 401;
+          next(err);
+        }
+      }).catch((e)=>{
+        console.error(e);
+        next(e);
+      });
+    } else {
+      // do not return
+      let err = {};
+      err.message = "unauthorized slide request";
+      err.statusCode = 401;
+      next(err);
+    }
+  } else {
+    // NOTE -- this instead uses the actual value given instead
+    next();
+  }
+};
+
+let pih = {};
+pih.iipCheck = iipCheck;
+
+module.exports = pih;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -24,6 +24,7 @@
     "ajv": "^8.6.0",
     "ajv-keywords": "^5.0.0",
     "atob": "^2.1.2",
+    "cross-fetch": "^3.1.5",
     "dotenv": "^8.6.0",
     "express": "^4.17.1",
     "helmet": "^4.6.0",

diff --git a/routes.json.example b/routes.json.example
@@ -79,6 +79,10 @@
         "function": "loginHandler",
         "args": []
       },
+      {
+        "function": "preIip",
+        "args": []
+      },
       {
         "function": "iipHandler",
         "args": []