-
Notifications
You must be signed in to change notification settings - Fork 10
/
main.rb
220 lines (200 loc) · 7.34 KB
/
main.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
##
## Copyright (c) 2015 SONATA-NFV
## ALL RIGHTS RESERVED.
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
## Neither the name of the SONATA-NFV
## nor the names of its contributors may be used to endorse or promote
## products derived from this software without specific prior written
## permission.
##
## This work has been performed in the framework of the SONATA project,
## funded by the European Commission under Grant number 671517 through
## the Horizon 2020 and 5G-PPP programmes. The authors would like to
## acknowledge the contributions of their colleagues of the SONATA
## partner consortium (www.sonata-nfv.eu).
# Set environment
ENV['RACK_ENV'] ||= 'production'
require 'sinatra'
require 'sinatra/config_file'
require 'yaml'
require 'json-schema'
require 'open-uri'
# Require the bundler gem and then call Bundler.require to load in all gems
# listed in Gemfile.
require 'bundler'
Bundler.require :default, ENV['RACK_ENV'].to_sym
require_relative 'models/init'
require_relative 'routes/init'
require_relative 'helpers/init'
configure do
# Configuration for logging
enable :logging
Dir.mkdir("#{settings.root}/log") unless File.exist?("#{settings.root}/log")
log_file = File.new("#{settings.root}/log/#{settings.environment}.log", 'a+')
log_file.sync = true
use Rack::CommonLogger, log_file
logger = Logger.new(log_file)
logger.level = Logger::DEBUG
set :logger, logger
# Configuration for Authentication and Authorization layer
conf = YAML::load_file("#{settings.root}/config/adapter.yml")
set :auth_address, conf['address']
set :auth_port, conf['port']
set :api_ver, conf['api_ver']
set :pub_key_path, conf['public_key_path']
set :reg_path, conf['registration_path']
set :login_path, conf['login_path']
# set :authz_path, conf['authorization_path']
set :access_token, nil
# log_file = File.new("#{settings.root}/log/#{settings.environment}.log", 'a+')
# STDOUT.reopen(log_file)
# STDOUT.sync = true
retries = 0
code = 503
while retries <= 6 do
# turn keycloak realm pub key into an actual openssl compat pub key
logger.debug "RETRY=#{retries}"
code, keycloak_key = get_public_key(settings.auth_address,
settings.auth_port,
settings.api_ver,
settings.pub_key_path)
logger.debug "PUBLIC_KEY_CODE=#{code}"
logger.debug "PUBLIC_KEY_MSG=#{keycloak_key}"
if code.to_i == 200
keycloak_key, errors = parse_json(keycloak_key)
logger.debug "PUBLIC_KEY=#{keycloak_key['items']['public-key']}"
break unless keycloak_key['items']['public-key'].empty?
end
retries += 1
sleep(10)
end
if code.to_i == 200
# keycloak_key, errors = parse_json(keycloak_key)
# logger.debug "PUBLIC_KEY=#{keycloak_key['items']['public-key']}"
@s = "-----BEGIN PUBLIC KEY-----\n"
@s += keycloak_key['items']['public-key'].scan(/.{1,64}/).join("\n")
@s += "\n-----END PUBLIC KEY-----\n"
begin
@key = OpenSSL::PKey::RSA.new @s
set :keycloak_pub_key, @key
rescue
set :keycloak_pub_key, nil
end
else
set :keycloak_pub_key, nil
end
unless settings.keycloak_pub_key.nil?
response = false
while retries <= 6 do
response, r_code = register_service(settings.auth_address, settings.auth_port, settings.api_ver, settings.reg_path)
logger.debug "REG_RESPONSE=#{response} - #{r_code}"
break if response
retries += 1
sleep(5)
end
if response
access_token = login_service(settings.auth_address, settings.auth_port, settings.api_ver, settings.login_path)
logger.debug "ACCESS_TOKEN=#{access_token}"
set :access_token, access_token unless access_token.nil?
end
end
# STDOUT.sync = false
end
before do
logger.level = Logger::DEBUG
log_file = File.new("#{settings.root}/log/#{settings.environment}.log", 'a+')
STDOUT.reopen(log_file)
STDOUT.sync = true
# SECURITY CHECKS
unless settings.keycloak_pub_key.nil? || settings.access_token.nil?
settings.logger.debug "TOKEN_TO_CHECK=#{settings.access_token}"
status = decode_token(settings.access_token, settings.keycloak_pub_key)
settings.logger.debug "TOKEN_STATUS=#{status}"
unless status
access_token = login_service(settings.auth_address, settings.auth_port, settings.api_ver, settings.login_path)
settings.access_token = access_token unless access_token.nil?
end
end
STDOUT.sync = false
# ALTERNATIVE SECURITY FUNCTIONS CAN BE TEMPORARY DISABLED!
# Get authorization token
# if request.env["HTTP_AUTHORIZATION"] != nil
# puts "AUTH HEADER", request.env["HTTP_AUTHORIZATION"]
# provided_token = request.env["HTTP_AUTHORIZATION"].split(' ').last
# unless provided_token
# error = {"ERROR" => "Access token is not provided"}
# halt 400, error.to_json
# else
# puts "CHECK provided_token IN GATEKEEPER??"
# end
# else
# error = {"ERROR" => "Unauthorized"}
# halt 401, error.to_json
# end
end
# set MongoDB mongoid configuration file from variables
# write variables to mongoid config file unless empty?
unless ENV['MAIN_DB'].nil?
p "MAIN_DB = #{ENV['MAIN_DB']}"
config = YAML.load_file('config/mongoid.yml')
config[ENV['RACK_ENV'].to_s]['sessions']['default']['database'] = ENV['MAIN_DB']
config[ENV['RACK_ENV'].to_s]['sessions']['default']['hosts'][0] = ENV['MAIN_DB_HOST']
File.open('config/mongoid.yml','w') do |conf|
conf.write config.to_yaml
end
end
unless ENV['SECOND_DB'].nil?
p "SECOND_DB = #{ENV['SECOND_DB']}"
config = YAML.load_file('config/mongoid.yml')
config['production_secondary'] = {'sessions' =>
{'default' =>
{'database' => ENV['SECOND_DB'],
'hosts' => [ENV['SECOND_DB_HOST']]}}}
File.open('config/mongoid.yml','w') do |conf|
conf.write config.to_yaml
end
end
# Configurations for Services Repository
class SonataNsRepository < Sinatra::Application
register Sinatra::ConfigFile
# Load configurations
config_file 'config/config.yml'
if ENV['SECOND_DB'].nil?
Mongoid.load!('config/mongoid.yml')
else
Mongoid.load!('config/mongoid.yml', :production_secondary)
end
end
# Configurations for Functions Repository
class SonataVnfRepository < Sinatra::Application
register Sinatra::ConfigFile
# Load configurations
config_file 'config/config.yml'
if ENV['SECOND_DB'].nil?
Mongoid.load!('config/mongoid.yml')
else
Mongoid.load!('config/mongoid.yml', :production_secondary)
end
end
# Configurations for Catalogues
class SonataCatalogue < Sinatra::Application
register Sinatra::ConfigFile
# Load configurations
config_file 'config/config.yml'
Mongoid.load!('config/mongoid.yml')
before {
env['rack.logger'] = Logger.new "#{settings.root}/log/#{settings.environment}.log"
}
end