Merge branch 'develop' into release-2.0.0

README.md

@@ -5,35 +5,30 @@ Following environmental variables are needed
 
 - VERSION : version number
 - DATE : build date
+- IDP : default identification provider, enabled if IDP is not provided from the client side e.g., "google" 
 - COOKIE_SECRET : secret used to sign cookies
 - SESSION_TIMEOUT : session timeout in seconds, default is 30 minutes
-- AUTHORIZATION_ENABLED : If not set to "true", then the authorization components will be disabled
-- EMAILS_ENABLED : If not set to "true", then the email notifications will be disabled
+
 # Neo4j configuration
 - NEO4J_URI: Bolt URI of the Neo4j database
 - NEO4J_USER: Neo4j username
 - NEO4J_PASSWORD: Neo4j password
-# Test-data loading configuration
-- DATA_LOADING_MODE : (for testing only) set to "overwrite" to wipe the database before loading
-- DATA_FILE : (for testing only) file containing data to load into the database for testing
+
 # Testing
 - TEST_EMAIL : The email to be logged in if "test-idp" is specified as the IDP
+
 # MYSQL configuration
 - MYSQL_HOST : The host URL of the MYSQL database
 - MYSQL_PORT : The port of the MYSQL database
 - MYSQL_USER : The service user of the MYSQL database
 - MYSQL_PASSWORD : The password for the service user of the MYSQL database
 - MYSQL_DATABASE : The MYSQL database name
-# Email notification configuration
-- EMAIL_SMTP_HOST: email server hostname
-- EMAIL_SMTP_PORT: email server port number
-# Additional configuration for email server
-- EMAIL_USER: email server's username as an additional parameter
-- EMAIL_PASSWORD: email server's password as an additional parameter
+
 # Google login configuration
 - GOOGLE_CLIENT_ID: Google cloud client id
 - GOOGLE_CLIENT_SECRET: Google cloud client secret
 - GOOGLE_REDIRECT_URL: redirecting url after successful authentication
+
 # NIH login configuration
 - NIH_CLIENT_ID: NIH login server client id
 - NIH_CLIENT_SECRET: NIH login client secret
@@ -44,4 +39,8 @@ Following environmental variables are needed
 - NIH_TOKEN_URL: NIH API address to create token for login
 - NIH_LOGOUT_URL: NIH API address to invalidate token for logout
 - NIH_SCOPE: space-separated lists of identifiers to specify access privileges
-- NIH_PRO
+- NIH_PROMPT: to force re-authorization event when a current session is still active
+
+# Local development configuration
+- NODE_ENV: If set to "development", a test html page will be activated in the route "/"
+- NO_AUTO_LOGIN: If set to "true", local test page will only display authorization codes, instead of calling /login automatically

app.js

@@ -1,5 +1,4 @@
 const newrelic = require('newrelic');
-const graphql = require("./data-management/init-graphql");
 var createError = require('http-errors');
 var express = require('express');
 var path = require('path');
@@ -27,12 +26,26 @@ app.use(cors());
 app.use(logger('combined', { stream: accessLogStream }))
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
-app.use(createSession({ session_timeout: config.session_timeout }));
+app.use(createSession({ sessionSecret: config.cookie_secret, session_timeout: config.session_timeout }));
 
-app.use(express.static(path.join(__dirname, 'public')));
 
 app.use('/api/auth', authRouter);
-app.use('/api/auth/graphql', graphql);
+
+if (process.env.NODE_ENV === 'development') {
+ console.log("Running in development mode, local test page enabled");
+ app.set('view engine', 'ejs');
+
+ app.get('/', (req, res) => {
+ res.render('index', {
+ googleClientID: config.google.CLIENT_ID,
+ nihClientID: config.nih.CLIENT_ID,
+ nihRedirectURL: config.nih.REDIRECT_URL,
+ noAutoLogin: config.noAutoLogin
+ });
+ });
+}
+
+
 // catch 404 and forward to error handler
 app.use(function(req, res, next) {
  next(createError(404));

config.env.example

@@ -7,17 +7,19 @@ NEO4J_URI=bolt://localhost:XXXX
 NEO4J_USER=neo4j
 NEO4J_PASSWORD=xxxxx
 # MySQL Configuration
-MY_SQL_HOST=127.0.0.1
-MY_SQL_PORT=3306
-MY_SQL_PASSWORD=XXXX
-MY_SQL_USER=root
-MY_SQL_DATABASE=session
+MYSQL_HOST=127.0.0.1
+MYSQL_PORT=3306
+MYSQL_PASSWORD=XXXX
+MYSQL_USER=root
+MYSQL_DATABASE=session
 # Email Notification Config
 EMAIL_SMTP_HOST=XXXX@XXXX
 EMAIL_SMTP_PORT=25
 # Additional Email Server Configuration
 #EMAIL_USER=XXXX
 #EMAIL_PASSWORD=XXXX
+# Used this IDP if IDP is not present in the body
+IDP=NIH
 # GOOGLE LOGIN Config
 GOOGLE_CLIENT_ID=XXXX
 GOOGLE_CLIENT_SECRET=XXXX
@@ -32,4 +34,5 @@ NIH_AUTHORIZE_URL=https://stsstg.nih.gov/auth/oauth/v2/authorize
 NIH_TOKEN_URL=https://stsstg.nih.gov/auth/oauth/v2/token
 NIH_LOGOUT_URL=https://stsstg.nih.gov/connect/session/logout
 NIH_SCOPE=openid email profile
-NIH_PROMPT=login
+NIH_PROMPT=login
+NODE_ENV=development

config.js

@@ -1,35 +1,59 @@
 const dotenv = require('dotenv')
+const {isCaseInsensitiveEqual} = require("./util/string-util");
 dotenv.config();
 
+const GOOGLE = 'GOOGLE';
+
 const config = {
  version: process.env.VERSION,
  date: process.env.DATE,
- idp: process.env.IDP ? process.env.IDP.toLowerCase() : 'google',
- client_id: process.env.CLIENT_ID,
- client_secret: process.env.CLIENT_SECRET,
- redirect_url: process.env.REDIRECT_URL,
+ idp: process.env.IDP ? process.env.IDP.toLowerCase() : GOOGLE.toLowerCase(),
  cookie_secret: process.env.COOKIE_SECRET,
- session_timeout: process.env.SESSION_TIMEOUT ? parseInt(process.env.SESSION_TIMEOUT) : 30 * 60, // 30 minutes
- authorization_enabled: process.env.AUTHORIZATION_ENABLED ? process.env.AUTHORIZATION_ENABLED.toLowerCase() === 'true' : true,
- emails_enabled: process.env.EMAILS_ENABLED ? process.env.EMAILS_ENABLED.toLowerCase() === 'true' : true,
-
- //Neo4j connection
- NEO4J_URI: process.env.NEO4J_URI,
- NEO4J_USER: process.env.NEO4J_USER,
- NEO4J_PASSWORD: process.env.NEO4J_PASSWORD,
- //Initial database loading
- DATA_LOADING_MODE: process.env.DATA_LOADING_MODE,
- DATA_FILE: process.env.DATA_FILE,
- //Testing
+ session_timeout: process.env.SESSION_TIMEOUT ? parseInt(process.env.SESSION_TIMEOUT) * 1000 : 1000 * 30 * 60, // 30 minutes
+
+ // Testing
  TEST_EMAIL: process.env.TEST_EMAIL,
+
+ // Google login settings
+ google: {
+ CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
+ CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET,
+ REDIRECT_URL: process.env.GOOGLE_REDIRECT_URL,
+ },
+
+ // NIH login settings
+ nih: {
+ CLIENT_ID: process.env.NIH_CLIENT_ID,
+ CLIENT_SECRET: process.env.NIH_CLIENT_SECRET,
+ BASE_URL: process.env.NIH_BASE_URL,
+ REDIRECT_URL: process.env.NIH_REDIRECT_URL,
+ USERINFO_URL: process.env.NIH_USERINFO_URL,
+ AUTHORIZE_URL: process.env.NIH_AUTHORIZE_URL,
+ TOKEN_URL: process.env.NIH_TOKEN_URL,
+ LOGOUT_URL: process.env.NIH_LOGOUT_URL,
+ SCOPE: process.env.NIH_SCOPE,
+ PROMPT: process.env.NIH_PROMPT
+ },
+
  // MySQL Session
  mysql_host: process.env.MYSQL_HOST,
  mysql_port: process.env.MYSQL_PORT,
  mysql_user: process.env.MYSQL_USER,
  mysql_password: process.env.MYSQL_PASSWORD,
  mysql_database: process.env.MYSQL_DATABASE,
- // Email settings
- email_transport: getTransportConfig()
+
+ // Disable local test page automatically sends /login request, so Postman can use the auth code
+ noAutoLogin: process.env.NO_AUTO_LOGIN ? process.env.NO_AUTO_LOGIN.toLowerCase() === "true" : false,
+
+ getIdpOrDefault: (idp) => {
+ return (idp) ? idp : config.idp;
+ },
+ getUrlOrDefault: (idp, url) => {
+ // if (url) return url;
+ if (!url && isCaseInsensitiveEqual(idp,'GOOGLE')) return process.env.GOOGLE_REDIRECT_URL;
+ if (!url && isCaseInsensitiveEqual(idp,'NIH')) return process.env.NIH_REDIRECT_URL;
+ return url;
+ }
 };
 
 function getTransportConfig() {
@@ -48,6 +72,7 @@ function getTransportConfig() {
  };
 }
 
+
 if (!config.version) {
  config.version = 'Version not set'
 }

constants/idp-constants.js

@@ -0,0 +1,6 @@
+module.exports = Object.freeze({
+ // user status
+ GOOGLE: 'google',
+ LOGIN_GOV: 'login.gov',
+ NIH: 'nih',
+});

controllers/auth-api.js

@@ -0,0 +1,13 @@
+exports.logout = (req, res) => {
+ if (req.session) {
+ req.session.destroy( (err) => {
+ if (err) {
+ console.log(err);
+ return res.status(500).send({errors: err});
+ }
+ res.status(200).send({status: 'success'});
+ });
+ } else {
+ return res.status(200).send({status: 'success'});
+ }
+}