From 2bc69d726bc9408bb84333406e6039f80d9293ca Mon Sep 17 00:00:00 2001 From: Rakshitha-D Date: Mon, 2 Dec 2024 13:02:17 +0530 Subject: [PATCH] #OBS-I346: updated rbac --- src/main/helpers/proxy.ts | 18 ++++++++++-------- src/main/middlewares/passportAuthenticate.ts | 2 +- web-console-v2/src/services/http.ts | 5 ++--- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/main/helpers/proxy.ts b/src/main/helpers/proxy.ts index 2bef4b66..247cb673 100644 --- a/src/main/helpers/proxy.ts +++ b/src/main/helpers/proxy.ts @@ -3,6 +3,7 @@ import { Request, Response } from "express"; import _ from 'lodash' import { incrementApiCalls, incrementFailedApiCalls, setQueryResponseTime } from "./prometheus"; import appConfig from "../../shared/resources/appConfig"; +import promEntities from '../resources/prometheusEntities'; const authenticationType = appConfig.AUTHENTICATION_TYPE; @@ -23,14 +24,15 @@ export const onProxyRes = ({ entity }: any) => (proxyReq: any, req: any, res: Re export const onProxyReq = ({ entity }: any) => (proxyReq: any, req: any, res: Response) => { const startTime = Date.now(); req.startTime = startTime; - if(authenticationType === 'keycloak'){ - const keycloakToken = JSON.parse(req?.session['keycloak-token']); - const access_token: string = keycloakToken.access_token; - proxyReq.setHeader('x-user-token', `${access_token}`); - }else if(authenticationType === 'basic'){ - const jwtToken: string = req.session?.token; - proxyReq.setHeader('x-user-token', `${jwtToken}`); - + if (entity !== promEntities.alerts) { + if(authenticationType === 'keycloak'){ + const keycloakToken = JSON.parse(req?.session['keycloak-token']); + const access_token: string = keycloakToken.access_token; + proxyReq.setHeader('Authorization', `Bearer ${access_token}`); + }else if(authenticationType === 'basic'){ + const jwtToken: string = req.session?.token; + proxyReq.setHeader('Authorization', `Bearer ${jwtToken}`); + } } incrementApiCalls({ entity, endpoint: req.url }); } \ No newline at end of file diff --git a/src/main/middlewares/passportAuthenticate.ts b/src/main/middlewares/passportAuthenticate.ts index 80e1841f..5728b2e8 100644 --- a/src/main/middlewares/passportAuthenticate.ts +++ b/src/main/middlewares/passportAuthenticate.ts @@ -11,7 +11,7 @@ const private_key: string = appConfig.USER_TOKEN_PRIVATE_KEY; const generateToken = (user: User) => { const payload = _.pick(user, ['id', 'user_name', 'email_address', 'roles']); return new Promise((resolve, reject) => { - jwt.sign(payload, private_key, { algorithm: 'RS512' }, (err, token) => { + jwt.sign(payload, private_key, { algorithm: 'RS256' }, (err, token) => { if (err) { return reject(err); } diff --git a/web-console-v2/src/services/http.ts b/web-console-v2/src/services/http.ts index 5f35d714..cf5337a8 100644 --- a/web-console-v2/src/services/http.ts +++ b/web-console-v2/src/services/http.ts @@ -1,5 +1,5 @@ import axios from 'axios'; -import { getBaseURL, getConfigValueV1 } from './configData'; +import { getBaseURL, getSystemSetting } from './configData'; axios.defaults.headers.common['Cache-Control'] = 'no-store'; axios.defaults.headers.common['Pragma'] = 'no-store'; @@ -10,10 +10,9 @@ const responseInterceptor = (response: any) => response; const checkForSessionExpiry = (config: any) => { const { navigate, status } = config; if (status === 401) { - if (getConfigValueV1("AUTHENTICATION_TYPE") !== 'basic') { + if (getSystemSetting("AUTHENTICATION_TYPE") !== 'basic') { window.location.href = '/console/logout'; } else { - // alert('Unauthorized access !!'); navigate(`/login`); } }