From 6742ad2c5e316f9ed4e901783fa7e402f356a60b Mon Sep 17 00:00:00 2001
From: kevinpricethesecond <kevinpricethesecond@gmail.com>
Date: Fri, 12 Apr 2024 15:16:36 -0500
Subject: [PATCH 1/4] logging

---
 service/api.py             | 12 ++++++++++++
 service/controllers/ops.py |  1 +
 service/utils.py           | 28 +++++++++++++++++++---------
 3 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/service/api.py b/service/api.py
index 524916a..7d0a31a 100644
--- a/service/api.py
+++ b/service/api.py
@@ -45,3 +45,15 @@ def __init__(self, url_map, *items):
 api.add_resource(ReadyResource, '/v3/globus-proxy/ready')
 api.add_resource(HealthcheckResource, '/v3/globus-proxy/healthcheck')
 api.add_resource(HelloResource, '/v3/globus-proxy/hello')
+
+@app.before_request
+def log_before():
+    logger.debug(f'Beginning new request:: {request}')
+    if request.json:
+        logger.debug(f'json:: {request.json}')
+
+@app.after_request
+def log_after(response):
+    # logger.debug(f'request complete with status:: {response.data['status']}')
+    logger.debug(f'request complete with status:: {response.status}\n')
+    return response
diff --git a/service/controllers/ops.py b/service/controllers/ops.py
index e606b9f..05a5710 100644
--- a/service/controllers/ops.py
+++ b/service/controllers/ops.py
@@ -151,6 +151,7 @@ def get(self, client_id, endpoint_id, path):
 
     # mkdir
     def do_mkdir(self, transfer_client, endpoint_id, path):
+        logger.debug(f'In do_mkdir with {endpoint_id}:{path}')
         result = transfer_client.operation_mkdir(
                 endpoint_id=endpoint_id,
                 path=path
diff --git a/service/utils.py b/service/utils.py
index d5712ee..da83668 100644
--- a/service/utils.py
+++ b/service/utils.py
@@ -127,6 +127,15 @@ def check_tokens(client_id, refresh_token, access_token):
 
     return access_token, refresh_token
 
+def format_path(path, default_dir=None):
+        '''
+        Force absoulte paths for now, due to Globus not ahndling /~/ the same way on all systems
+        if a user provides a relative path, it will instead be returned as an INCORRECT abs path.
+        '''
+        logger.info(f'building path with path {path} and default {default_dir} ')
+        
+        return f"/{path.rstrip('/').lstrip('/')}"
+
 def get_transfer_client(client_id, refresh_token, access_token):
     client = globus_sdk.NativeAppAuthClient(client_id)
     # check_token(client_id, refresh_token, access_token)
@@ -138,9 +147,19 @@ def get_transfer_client(client_id, refresh_token, access_token):
         access_token=access_token, 
         expires_at=expires_at
     )
+    get_token_introspect(client_id, refresh_token)
     transfer_client = globus_sdk.TransferClient(authorizer=authorizer)
     return transfer_client
 
+def get_token_introspect(client_id, refresh_token):
+    logger.debug(f'authed {client_id} with ')
+    CLIENT_ID = '0ffd2a38-27e0-48c5-a870-bcb964237439'
+    CLIENT_SECRET = '+P3dXBG0BE26dLui8HiLQEj8VH+kcbQ/7GyVJzxsOco='
+    ac = globus_sdk.ConfidentialAppAuthClient(CLIENT_ID, CLIENT_SECRET)
+    data = ac.oauth2_token_introspect(refresh_token, include="identity_set")
+    for identity in data["identity_set"]:
+        logger.debug(f'token authenticates for "{identity}"')
+
 def get_valid_token(client_id, refresh_token):
     '''
     Utility function that takes a client id and refresh token
@@ -155,15 +174,6 @@ def get_valid_token(client_id, refresh_token):
     response = client.oauth2_refresh_token(refresh_token)
     return response['transfer.api.globus.org']['access_token']
 
-def format_path(path, default_dir=None):
-        '''
-        Force absoulte paths for now, due to Globus not ahndling /~/ the same way on all systems
-        if a user provides a relative path, it will instead be returned as an INCORRECT abs path.
-        '''
-        logger.info(f'building path with path {path} and default {default_dir} ')
-        
-        return f"/{path.rstrip('/').lstrip('/')}"
-
 def handle_transfer_error(exception, endpoint_id=None, msg=None):
         '''Tanslates transfer api errors into the configured basetapiserrors in ./errors.py'''
         logger.critical(f'\nhandling transfer API error:: {exception.code}:: with message {exception.message}\n')

From b12b482c85d0d674a23789b64514a0195340265f Mon Sep 17 00:00:00 2001
From: kevinpricethesecond <kevinpricethesecond@gmail.com>
Date: Fri, 19 Apr 2024 11:32:20 -0500
Subject: [PATCH 2/4] testing

---
 Dockerfile         |  2 +-
 docker-compose.yml | 14 +++++++-------
 service/api.py     |  2 ++
 service/auth.py    |  6 +++++-
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4bc2768..2526526 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM tapis/flaskbase:1.5.0
+FROM tapis/flaskbase:1.6.3
 
 ADD requirements.txt /home/tapis/requirements.txt
 RUN pip install -r /home/tapis/requirements.txt
diff --git a/docker-compose.yml b/docker-compose.yml
index ed816f6..38259a0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,13 +4,13 @@ version: "3.5"
 
 services:
     globus-proxy:
-        # image: tapis/globus-proxy
-        build: .
-        volumes:
-            - ./configschema.json:/home/tapis/configschema.json
-            - ./config-local.json:/home/tapis/config.json
-            - ./service.log:/home/tapis/service.log
-            - ../gpsettings.json:/home/tapis/gpsettings.json
+        image: tapis/globus-proxy:1.4.0
+        # build: .
+        # volumes:
+        #     - ./configschema.json:/home/tapis/configschema.json
+        #     - ./config-local.json:/home/tapis/config.json
+        #     - ./service.log:/home/tapis/service.log
+        #     - ../gpsettings.json:/home/tapis/gpsettings.json
         container_name: globus-proxy
         networks: 
             - tapis
diff --git a/service/api.py b/service/api.py
index 7d0a31a..f404cdc 100644
--- a/service/api.py
+++ b/service/api.py
@@ -56,4 +56,6 @@ def log_before():
 def log_after(response):
     # logger.debug(f'request complete with status:: {response.data['status']}')
     logger.debug(f'request complete with status:: {response.status}\n')
+    if response.status == '500 INTERNAL SERVER ERROR':
+        print(f'its all messed up')
     return response
diff --git a/service/auth.py b/service/auth.py
index eff02a6..3bf4d0e 100644
--- a/service/auth.py
+++ b/service/auth.py
@@ -16,6 +16,7 @@ def authn_and_authz():
     :return:
     """
    # skip_sk = False
+    logger.debug(f'in authn and authz for tapis')
     authentication()
     #authorization(skip_sk)
 
@@ -28,7 +29,7 @@ def authentication():
     # authorization.
     # we always try to call the primary tapis authentication function to add authentication information to the
     # thread-local. If it fails due to a missing token, we then check if there is a public endpoint
-    logger.debug(request.headers)
+    logger.debug(f'in tapis authentication with {request.headers}')
     try:
         tapisflask.auth.authentication()
         logger.debug(f"Threadlocal tenant id: "+str(conf.tenant[g.tenant_id]))
@@ -46,6 +47,9 @@ def authentication():
                 g.tenant_id = request.args.get('tenant')
                 logger.debug(f"Threadlocal tenant id: "+str(g.tenant_id))
                 return True
+    except Exception as e:
+         logger.error(e)
+         print(e)
 
 # this is the Tapis client that tenants will use for interacting with other services, such as the security kernel.
 Tenants = TenantCache()

From 2066710c3192d291667704b5ba0bd93b9fa44e72 Mon Sep 17 00:00:00 2001
From: Mike Packard <mpackard@tacc.utexas.edu>
Date: Fri, 14 Jun 2024 15:42:23 -0500
Subject: [PATCH 3/4] Update docker-compose.yml

---
 docker-compose.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 38259a0..3c34827 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,7 @@ version: "3.5"
 
 services:
     globus-proxy:
-        image: tapis/globus-proxy:1.4.0
-        # build: .
+        image: tapis/globus-proxy:1.6.2
         # volumes:
         #     - ./configschema.json:/home/tapis/configschema.json
         #     - ./config-local.json:/home/tapis/config.json
@@ -25,4 +24,4 @@ services:
 
 networks:
     tapis:
-        external: true
\ No newline at end of file
+        external: true

From 32338b98d310e9f507c254941723499229a4a9a7 Mon Sep 17 00:00:00 2001
From: Mike Packard <mpackard@tacc.utexas.edu>
Date: Fri, 14 Jun 2024 15:43:00 -0500
Subject: [PATCH 4/4] Update docker-compose.yml

---
 docker-compose.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3c34827..b45aa14 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,11 +5,11 @@ version: "3.5"
 services:
     globus-proxy:
         image: tapis/globus-proxy:1.6.2
-        # volumes:
-        #     - ./configschema.json:/home/tapis/configschema.json
-        #     - ./config-local.json:/home/tapis/config.json
-        #     - ./service.log:/home/tapis/service.log
-        #     - ../gpsettings.json:/home/tapis/gpsettings.json
+        volumes:
+            - ./configschema.json:/home/tapis/configschema.json
+            - ./config-local.json:/home/tapis/config.json
+            - ./service.log:/home/tapis/service.log
+            - ../gpsettings.json:/home/tapis/gpsettings.json
         container_name: globus-proxy
         networks: 
             - tapis