Make configurable the JWT access_token (#89)

* Make configurable the JWT access_token

* ci

* Add other files

* job name

* Update crypto.js

.github/workflows/ci.yml

@@ -11,11 +11,11 @@ on:
       - created 
 
 jobs:
-  analysis:
-    name: static analysis
+  fe-checks:
+    name: Frontend checks
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
+      - name: Checkout
         uses: actions/checkout@v1
         with:
           fetch-depth: 1
@@ -32,6 +32,26 @@ jobs:
           npm install -g @vue/cli 
           npm run build
 
+  be-checks:
+    name: Backend checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+        with:
+          fetch-depth: 1
+          path: go/src/github.com/datastax/pulsar-admin-console
+      - name: Set up node
+        uses: actions/setup-node@master
+        with:
+          node-version: '16'
+          check-latest: true
+      - name: Run unit tests
+        run: |
+          cd server
+          npm ci
+          npm test
+
   docker:
     name: docker
     runs-on: ubuntu-latest 

config/default.json

@@ -12,6 +12,12 @@
         "token_path": "",
         "admin_token": "",
         "token_secret": "",
+        "token_options": {
+            "private_key_path": "",
+            "claim": "sub",
+            "expires_in": "12h",
+            "algorithm": "HS256"
+        },
         "ssl": {
             "verify_certs": true,
             "hostname_validation": true,

server/__tests__/server.test.js

@@ -0,0 +1,119 @@
+//
+//  Copyright 2021 DataStax, Inc. 
+//  
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//  
+//      http://www.apache.org/licenses/LICENSE-2.0
+//  
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//  
+//
+
+'use strict';
+
+const fs = require('fs');
+const axios = require('axios');
+const {start, shutdown, getServer, getConfig} = require('../server');
+const defaultConfig = require("../../config/default.json");
+const globalConf = require("../../config/default.json");
+const jwt = require('jsonwebtoken');
+
+jest.mock('../config.js', () => {
+    const {createLogger, format, transports} = require('winston');
+    const globalConf = require("../../config/default.json");
+    globalConf.server_config.port = 0
+    globalConf.auth_mode = "user"
+    globalConf.server_config.user_auth.username = "username1"
+    globalConf.server_config.user_auth.password = "password1"
+
+
+    return {
+        L: createLogger({
+            level: 'debug',
+            format: format.combine(format.timestamp(), format.colorize(), format.simple()),
+            transports: [
+                new transports.Console({})
+            ]
+        }),
+        globalConf
+    }
+});
+
+let client
+
+beforeEach(() => {
+    start()
+    client = axios.create({
+        baseURL: "http://localhost:" + getServer().address().port
+    })
+})
+
+
+test('generateJWTSymmetric', async () => {
+    return client.post('/api/v1/auth/token', {
+        username: "username1",
+        password: "password1"
+    })
+        .then(function (response) {
+            expect(response.status).toBe(200)
+            expect(response.data.access_token).not.toBeUndefined()
+            return new Promise((resolve, reject) => {
+                jwt.verify(response.data.access_token, "default-secret", {
+                    algorithms: ['HS256'],
+                    sub: "username1",
+                    maxAge: "12h"
+                }, function (err, decoded) {
+                    if (err) {
+                        reject(err)
+                    } else {
+                        resolve()
+                    }
+                })
+
+            })
+
+        })
+});
+
+
+test('generateJWTAsymmetric', async () => {
+    getConfig().globalConf.server_config.token_options = {
+        algorithm: "RS256",
+        expires_in: "1d",
+        claim: "user",
+        private_key_path: "__tests__/test-private-key-rsa-pkcs8.key",
+    }
+    return client.post('/api/v1/auth/token', {
+        username: "username1",
+        password: "password1"
+    })
+        .then(function (response) {
+            expect(response.status).toBe(200)
+            expect(response.data.access_token).not.toBeUndefined()
+            return new Promise((resolve, reject) => {
+                jwt.verify(response.data.access_token, fs.readFileSync("__tests__/test-private-key-rsa-pkcs8.pem"), {
+                    algorithms: ['RS256'],
+                    user: "username1",
+                    maxAge: "1d"
+                }, function (err, decoded) {
+                    if (err) {
+                        reject(err)
+                    } else {
+                        resolve()
+                    }
+                })
+
+            })
+
+        })
+});
+
+afterEach(() => {
+    shutdown()
+})

server/__tests__/test-private-key-rsa-pkcs8.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA9pjMmY62gGa6XiWDlBDq1JVPQQ7ynchVJj0KaOCvEj19bPpn
+fvZItRGzzPMKD0S7mK/GqxT47j3AcdwtJap3LxCyvQT14KMKfhMfCzdPZhpnKm67
+1Wg9/SEInOXFLHe2PTUO7+fcfBXv5dBL/kmfpGkyX/P4p6rYazxtl9qWxh4Uo23N
+9rl7wj3SbLms/8zzQLsbxus3/ZbgzG0pKOL/hoNPHB6x2bgbu9Pj+zsOMIVumrdz
+fK41aKH67/zdN/sybee2pur+ZC01VKzklnGPjj8w1/vMnE5VnW/6Tnm3Q1I1ZcKK
+HbPhQRwx+h5FHzT9x7RazofUuQXPnsErWfG1gQIDAQABAoIBACi3YAj2xHF9BMao
+wQoApRWGtbhTRIIC4vRWXdKlTqLfXkdRLSeMeMLU8nAjrQSKX8M9Orti0htcPNtP
+9HBkrhsqUajeGc8GfKQGeji64DRGpcQe1orNFHcoLijh02WdOozuptG74e7nHF5A
+v1t0QpS9/eBUAzmD/wntx1asc/qwB9Kgy0/xrZSZqeud8NjT8VCCPv5Dd7yoiTn7
+NT6XgYlhBAn8bAXH2GYaPHF8HY4sYAZt5PLAhfZ+lDIKYoatF0Qoh8XB1fPctUC+
+vOiOiivS4P34OZUITQnJug+68XiLUpqE2LrUhsXn0+MI+T3kWeE8b4VFnVKdcAEc
+KxVhLqUCgYEA9yLbwMVYIaqE/ryD+HWb3Xsf2Pa3R4jFgTxLpvoBgeavIpCwazGH
+NVSq62d3Hgf6QC012xBFrCjM0hDz8XOctP5tb7qUdR5sfqoi/GJXPFjguhTpu3j7
+zYAsyrMybbJOzoMKAkgwppstxxOnOhG3bsRWC0NdVC0og22pNw5T8WsCgYEA/3D9
+OOskCts/QuWDjT/1dto5BbeQdux42VEk0LUxBl5a2PAzoNvo7dUtT6TnbHkHYS2b
+0qdH/WiC1pM4ym6SWVoAUr7IVi3RuIAxDpHAyX0G6T7FhW7jSqA2oJW+EWQ78Lga
+R0GTLwuxSn4RHoay0UnEKbK9/mxt1N9+e3BZs8MCgYBU6+2HeEioiOfagPz4S7Gb
+kcuHyn+AXUdA+W8lmZMbCCH2RrHYo9RKRyXUbmFIOIWNt/tho13Notd+98Rbm9al
+eygv1HVfKW0uuVf8Ue6YFhJi3vzSJuif3QOHQ7x4ZWUfIXg3AId3OKuqVN6J3byi
+m2TVyfgwDLR3NR+Ig6vksQKBgQC/nPlGnhSuVCLTQql45nZyTmYh5L3oh6BrnBPa
+v2BkH5lUTHLeArhq19Oif9fdpbgkbHsL/NHixGgJH+yk5WbAweOmLljHVJ2SIg8q
+l6kfO7tYce7nFfRIAYCY21r1XtQb0W5c71LCIqo+b+zVkkNG/We5w8wDs0B8Q550
+aCXR0wKBgQDrvvMcLzz5zwVXvUUeYAlkGYwJkOcP0FkUaCxrL5tuiSZgiC3OaZjs
+RVOzizBEKJVIaLirkpbzNEDVY5xdXIdTSscWDqRwrTRJzkdXBiOsa3s7bbuVYm8o
+zTCZ9sxlv1aKRbPhH0o6lBD/l0OCmR/8k5y09tQ/YROIgArnI7GDTQ==
+-----END RSA PRIVATE KEY-----

server/crypto.js

@@ -0,0 +1,40 @@
+//
+//  Copyright 2021 DataStax, Inc. 
+//  
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//  
+//      http://www.apache.org/licenses/LICENSE-2.0
+//  
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//  
+//
+
+'use strict';
+const crypto = require('crypto')
+const fs = require('fs')
+
+const privateKeyToPem = async (privateKeyFilePath) => {
+  const privateKey = fs.readFileSync(privateKeyFilePath)
+
+  if (privateKeyFilePath.endsWith(".pem")) {
+    return privateKey
+  }
+  return crypto.createPrivateKey({
+    key: privateKey,
+    format: 'der',
+    type: 'pkcs8'
+  }).export({
+    format: 'pem',
+    type: 'pkcs8'
+  }).toString()
+
+}
+module.exports = {
+  privateKeyToPem
+};