BE v3 LDAP config

SciCatProject · May 29, 2024 · 3d307b8 · 3d307b8
1 parent 5d99939
commit 3d307b8
Show file tree

Hide file tree

Showing 6 changed files with 81 additions and 1 deletion.
diff --git a/services/backend/services/v3/compose.base.yaml b/services/backend/services/v3/compose.base.yaml
@@ -8,7 +8,13 @@ services:
     volumes:
       - ./config/config.local.js:/home/node/app/server/config.local.js
       - ./config/datasources.json:/home/node/app/server/datasources.json
-      - ./config/providers.json:/home/node/app/server/providers.json
+      - ./config/providers.json:/config/providers.base.json
+      - ./config/init.sh:/init.sh
+      - ./config/mergeJson.js:/config/mergeJson.js
+    command:
+      - sh
+      - -c
+      - /init.sh && node .
     healthcheck:
       test: wget --spider 'http://127.0.0.1:3000/'
       start_period: 5s

diff --git a/services/backend/services/v3/compose.ldap.yaml b/services/backend/services/v3/compose.ldap.yaml
@@ -0,0 +1,12 @@
+include:
+  - ../ldap/compose.yaml
+
+services:
+  backend:
+    depends_on:
+      ldap:
+        condition: service_healthy
+    volumes:
+      - ./config/providers.ldap.json:/config/providers.ldap.json
+    environment:
+      LDAP_ENABLED: true
diff --git a/services/backend/services/v3/compose.yaml b/services/backend/services/v3/compose.yaml
@@ -2,3 +2,4 @@ include:
   - path:
       - ./compose.base.yaml
       - ./services/rabbitmq/.${JOBS_ENABLED:+./../}compose${JOBS_ENABLED:+.jobs}.yaml
+      - ../ldap/.${LDAP_ENABLED:+./v3/}compose${LDAP_ENABLED:+.ldap}.yaml
diff --git a/services/backend/services/v3/config/init.sh b/services/backend/services/v3/config/init.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+INCLUDE="base"
+[ -n "$LDAP_ENABLED" ] && INCLUDE="${INCLUDE} ldap"
+
+# shellcheck disable=SC2046
+node /config/mergeJson.js $(for c in $INCLUDE; do echo "/config/providers.${c}.json"; done) /home/node/app/server/providers.json
diff --git a/services/backend/services/v3/config/mergeJson.js b/services/backend/services/v3/config/mergeJson.js
@@ -0,0 +1,30 @@
+const fs = require("fs");
+
+const readJsonFile = (filePath) => {
+  return JSON.parse(fs.readFileSync(filePath, "utf8"));
+};
+
+const writeJsonFile = (filePath, data) => {
+  fs.writeFileSync(filePath, JSON.stringify(data, null, 2), "utf8");
+};
+
+const mergeJsonFiles = (inputPaths, outputPath) => {
+  let mergedJson = {};
+
+  inputPaths.forEach(filePath => {
+    const jsonData = readJsonFile(filePath);
+    mergedJson = { ...mergedJson, ...jsonData };
+  });
+
+  writeJsonFile(outputPath, mergedJson);
+  console.log(`Merged JSON has been written to ${outputPath}`);
+};
+
+const args = process.argv.slice(2);
+if (args.length < 2) {
+  console.error("Please provide at least one input file and one output file.");
+  process.exit(1);
+}
+const outputPath = args.pop();
+
+mergeJsonFiles(args, outputPath);
diff --git a/services/backend/services/v3/config/providers.ldap.json b/services/backend/services/v3/config/providers.ldap.json
@@ -0,0 +1,24 @@
+{
+  "ldap": {
+    "provider": "ldap",
+    "authScheme": "ldap",
+    "module": "passport-ldapauth",
+    "authPath": "/auth/msad",
+    "successRedirect": "/auth/account",
+    "failureRedirect": "/msad",
+    "session": true,
+    "json": true,
+    "failureFlash": true,
+    "profileAttributesFromLDAP": {
+      "displayName": "displayName",
+      "email": "mail"
+    },
+    "server": {
+      "url": "ldap://ldap:389",
+      "bindDn": "cn=admin,dc=facility",
+      "bindCredentials": "admin",
+      "searchBase": "ou=users,dc=facility",
+      "searchFilter": "(uid={{username}})"
+    }
+  }
+}