diff --git a/Dockerfile.run b/Dockerfile.run index 907af71..bd39e27 100644 --- a/Dockerfile.run +++ b/Dockerfile.run @@ -15,6 +15,8 @@ COPY ./dist/${BIN_NAME} /opt/app/${BIN_NAME} ADD ./dist/docs/ /opt/app/docs/ ADD ./dist/static/ /opt/app/static/ ADD ./dist/config.toml /opt/app/config.toml +ADD ./dist/authorization_model.conf /opt/app/authorization_model.conf +ADD ./dist/authorization_policy.csv /opt/app/authorization_policy.csv # Sets and executes the app. WORKDIR /opt/app diff --git a/Makefile b/Makefile index 2c87da1..6811a76 100644 --- a/Makefile +++ b/Makefile @@ -67,6 +67,8 @@ build: clean create-build-container cp -R static/* ./dist/static/ cp -R docs/swagger/ ./dist/docs/ cp config.${DEPLOY_ENV}.toml ./dist/config.toml + cp authorization_model.conf ./dist/authorization_model.conf + cp authorization_policy.csv ./dist/authorization_policy.csv ################################################# ## Building, based on the current environment. ## diff --git a/authorization_policy.csv b/authorization_policy.csv index b5082b3..107e45f 100644 --- a/authorization_policy.csv +++ b/authorization_policy.csv @@ -1,7 +1,9 @@ p, AD, *, *, *, *, *, *, * p, *, *, *, *, *, *, /v1/authenticate/portal, POST +p, *, *, *, *, *, *, /v1/notification/ws, GET p, *, *, *, *, *, *, /health/, GET -p, *, *, *, *, *, [self], /v1/nemt/nemt/users/*/, GET +p, *, *, *, *, *, *, /v1/nemt/users/contacttype, GET +p, *, *, *, *, *, [self], /v1/nemt/users/*, GET p, *, *, *, *, *, [self], /v1/nemt/users/portal/*, DELETE p, *, *, *, *, *, [self], /v1/nemt/users/portal/*, POST p, *, *, *, *, *, [self], /v1/nemt/users/portal/*, GET @@ -72,6 +74,8 @@ p, SCHDAD, SCHDAD, *, *, [equal*], [other], /v1/nemt/users/portal/*, POST p, SCHDAD, SCHDAD, *, *, [equal*], [other], /v1/nemt/users/portal/*, GET p, SPT, *, programsupport, *, *, [other], /v1/nemt/users/, GET p, SPT, *, programsupport, *, *, [other], /v1/nemt/users/*, GET +p, *, *, *, *, *, *, /v1/nemt/organization/name, GET +p, *, *, *, *, *, *, /v1/nemt/organization/type, GET p, AD, *, *, *, *, *, /v1/nemt/organization/*, GET p, AD, *, *, *, *, *, /v1/nemt/organization/*, POST p, AD, *, *, *, *, *, /v1/nemt/organization/*, PUT @@ -88,5 +92,20 @@ p, BCBSIAD, *, *, *, *, *, /v1/nemt/organization/*, GET p, BCBSIAD, *, *, *, *, *, /v1/nemt/organization/*, POST p, BCBSIAD, *, *, *, *, *, /v1/nemt/organization/*, PUT p, SPT, *, programsupport, *, *, *, /v1/nemt/organization/*, GET - +p, SP, *, provider, *, *, *, /v1/nemt/organization, GET +p, SP, *, plan, *, *, *, /v1/nemt/organization, GET +p, SPT, *, programsupport, *, *, *, /v1/nemt/organization, GET +p, SCHDAD, *, provider, *, *, *, /v1/nemt/organization, GET +p, BCBSIAD, *, bcbsi, *, *, *, /v1/nemt/organization, GET +p, BDCAD, *, techsupport, *, *, *, /v1/nemt/organization, GET +p, PLANAD, *, plan, *, *, *, /v1/nemt/organization, GET +p, AD, *, *, *, *, *, /v1/nemt/organization, GET +p, SP, *, provider, *, *, *, /v1/nemt/eligibility, POST +p, SP, *, plan, *, *, *, /v1/nemt/eligibility, POST +p, SPT, *, programsupport, *, *, *, /v1/nemt/eligibility, POST +p, SCHDAD, *, provider, *, *, *, /v1/nemt/eligibility, POST +p, BCBSIAD, *, bcbsi, *, *, *, /v1/nemt/eligibility, POST +p, BDCAD, *, techsupport, *, *, *, /v1/nemt/eligibility, POST +p, PLANAD, *, plan, *, *, *, /v1/nemt/eligibility, POST +p, AD, *, *, *, *, *, /v1/nemt/eligibility, POST diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 044ba8c..26efc53 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -19,6 +19,8 @@ pipelines: - cp -R static/* ./dist/static/ - cp -R docs/swagger/ ./dist/docs/ - cp config.prd.toml ./dist/config.toml + - cp authorization_model.conf ./dist/authorization_model.conf + - cp authorization_policy.csv ./dist/authorization_policy.csv - docker build -f Dockerfile.run -t nemt-portal-api-run:prod --force-rm --build-arg BIN_NAME=nemt-portal-api --build-arg APP_NAME=nemt-portal-api . - apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get -y autoremove && apt-get clean - apt-get install python3-pip -y @@ -46,6 +48,8 @@ pipelines: - cp -R static/* ./dist/static/ - cp -R docs/swagger/ ./dist/docs/ - cp config.stg.toml ./dist/config.toml + - cp authorization_model.conf ./dist/authorization_model.conf + - cp authorization_policy.csv ./dist/authorization_policy.csv - docker build -f Dockerfile.run -t nemt-portal-api-run:dev --force-rm --build-arg BIN_NAME=nemt-portal-api --build-arg APP_NAME=nemt-portal-api . - apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get -y autoremove && apt-get clean - apt-get install python3-pip -y diff --git a/config.dev.toml b/config.dev.toml index 9919890..522d299 100644 --- a/config.dev.toml +++ b/config.dev.toml @@ -37,6 +37,7 @@ db = 0 pass = "3rdaP3KL2x%V" prefix = "nemt-portal-api-dev" default-expiration = "5m" +master-name = "devmaster01" [log] log-to-file = false diff --git a/config.prd.toml b/config.prd.toml index d8309e8..cf9324c 100644 --- a/config.prd.toml +++ b/config.prd.toml @@ -37,6 +37,7 @@ db = 0 pass = "3rdaP3KL2x%V" prefix = "portal-api-prod" default-expiration = "5m" +master-name = "master01" [log] log-to-file = false diff --git a/config.stg.toml b/config.stg.toml index 050b811..6375f45 100644 --- a/config.stg.toml +++ b/config.stg.toml @@ -37,6 +37,7 @@ db = 0 pass = "3rdaP3KL2x%V" prefix = "portal-api-test" default-expiration = "5m" +master-name = "devmaster01" [log] log-to-file = false diff --git a/data/datamysql/notification.go b/data/datamysql/notification.go index 3d5f834..c6b9166 100644 --- a/data/datamysql/notification.go +++ b/data/datamysql/notification.go @@ -80,7 +80,9 @@ func (c *notificationRepo) getQuery() string { INNER JOIN tab_login e ON c.user_id = e.user_id INNER JOIN tab_login f - ON d.user_id = f.user_id` + ON d.user_id = f.user_id + INNER JOIN tab_ride g + ON g.ride_id = a.ride_id ` } func (c *notificationRepo) GetLastNotificationFromPhoneNumber(notificationType string, phoneNumber string, status string) (entity.Notification, error) { diff --git a/data/datamysql/user.go b/data/datamysql/user.go index d3c4a00..2ae8be0 100644 --- a/data/datamysql/user.go +++ b/data/datamysql/user.go @@ -784,7 +784,7 @@ func (c *userRepo) getAddressSecondaryData(address entity.Address) (entity.Addre // GetAll returns a list of all active cards func (c *userRepo) GetAll() (list []entity.User, err error) { - return c.parseSet(c.conn.Query(c.getQuery() + " AND a.active = 1 ")) + return c.parseSet(c.conn.Query(c.getQuery() + " WHERE a.active = 1 ")) } // GetByID returns a single card data by its ID diff --git a/glide.yaml b/glide.yaml index ace60b2..6c133b7 100644 --- a/glide.yaml +++ b/glide.yaml @@ -44,3 +44,5 @@ import: version: ~1.5.0 - package: github.com/Knetic/govaluate version: 9aa49832a739dcd78a5542ff189fb82c3e423116 +- package: github.com/pkg/errors + version: ^0.8.0 diff --git a/infra/cache/cache.go b/infra/cache/cache.go index d7c4f31..8c4eb11 100644 --- a/infra/cache/cache.go +++ b/infra/cache/cache.go @@ -31,10 +31,11 @@ type RedisCache struct { func Instance(cfg *config.Config) contract.CacheManager { once.Do(func() { client := redis.NewFailoverClient(&redis.FailoverOptions{ - MasterName: "master01", + MasterName: cfg.Cache.Master, SentinelAddrs: []string{fmt.Sprintf("%s:%v", cfg.Cache.Server, cfg.Cache.Port)}, Password: cfg.Cache.Pass, DB: cfg.Cache.DB, + MaxRetries: 10, }) instance = &RedisCache{cfg, client} diff --git a/infra/config/config.go b/infra/config/config.go index 2497985..d3b1f98 100644 --- a/infra/config/config.go +++ b/infra/config/config.go @@ -119,6 +119,7 @@ type CacheConfig struct { Pass string Prefix string DefaultExpiration time.Duration + Master string } // CacheConfig represents the configuration values about the documentation config. @@ -194,6 +195,7 @@ func Read() (*Config, error) { Pass: viper.GetString("cache.pass"), Prefix: viper.GetString("cache.prefix"), DefaultExpiration: viper.GetDuration("cache.default-expiration"), + Master: viper.GetString("cache.master-name"), }, Lyft: LyftConfig{ Client: viper.GetString("lyft.key"), diff --git a/server/router/providerroute/controller.go b/server/router/providerroute/controller.go index 360801c..0931520 100644 --- a/server/router/providerroute/controller.go +++ b/server/router/providerroute/controller.go @@ -104,8 +104,8 @@ func (c *controller) handleParticipating(ctx echo.Context) error { // long = -87.624225 // } - lat = 40.442875 - long = -80.003112 + lat = 41.819078 + long = -87.623129 if len(mukID) > 0 { query = "" @@ -152,8 +152,8 @@ func (c *controller) handleList(ctx echo.Context) error { providerParams := npdmodel.ProviderSearchParams{ Name: name, SearchBy: searchBy, - Latitude: 40.442875, - Longitude: -80.003112, + Latitude: 41.819078, + Longitude: -87.623129, Distance: distance, Limit: limit, Offset: 0, diff --git a/server/serverconfig/authorization.go b/server/serverconfig/authorization.go index 78f0f3a..1797e3f 100644 --- a/server/serverconfig/authorization.go +++ b/server/serverconfig/authorization.go @@ -1,6 +1,8 @@ package serverconfig import ( + "fmt" + "bitbucket.org/nemt/nemt-portal-api/application/applicationservice" "bitbucket.org/nemt/nemt-portal-api/application/viewmodel" "bitbucket.org/nemt/nemt-portal-api/infra/auth" @@ -114,22 +116,28 @@ func (a *Config) policyObjectAttributes(c echo.Context, userDetails viewmodel.Us var object interface{} - objectIsNew := len(c.ParamValues()) <= 1 - objectIsExisting := len(c.ParamValues()) > 1 + const userIDParamName = "user_uuid" + existingUser := strings.Contains(c.Request().URL.Path, "/users/") && c.Param(userIDParamName) != "" + newUser := strings.Contains(c.Request().URL.Path, "/users/") && c.Param(userIDParamName) == "" - existingUser := strings.Contains(c.Request().URL.Path, "/users") && objectIsExisting - newUser := strings.Contains(c.Request().URL.Path, "/users") && objectIsNew + const organizationIDParamName = "org_uuid" + existingOrganization := strings.Contains(c.Request().URL.Path, "/organization") && c.Param(organizationIDParamName) != "" + newOrganization := strings.Contains(c.Request().URL.Path, "/organization") && c.Param(organizationIDParamName) == "" - existingOrganization := strings.Contains(c.Request().URL.Path, "/organization") && objectIsExisting - newOrganization := strings.Contains(c.Request().URL.Path, "/organization") && objectIsNew + fmt.Println("**********") + fmt.Printf("url %v\n", c.Param(userIDParamName)) + fmt.Printf("user %v\n", userDetails.ID) + fmt.Printf("existing %v\n", existingUser) + fmt.Printf("new %v\n", newUser) + fmt.Println("**********") switch { case existingUser: - object, _ = a.Svc.Users.GetByUUID(c.ParamValues()[1], "") + object, _ = a.Svc.Users.GetByUUID(c.Param(userIDParamName), "") case newUser && len(userDetails.Organizations) > 0: object = userDetails case existingOrganization: - object, _ = a.Svc.Organization.GetByUUID(c.ParamValues()[1], userDetails) + object, _ = a.Svc.Organization.GetByUUID(c.Param(organizationIDParamName), userDetails) case newOrganization: object = viewmodel.Organization{} } diff --git a/server/serverconfig/authorization_model.conf b/server/serverconfig/authorization_model.conf deleted file mode 100644 index 5f72726..0000000 --- a/server/serverconfig/authorization_model.conf +++ /dev/null @@ -1,11 +0,0 @@ -[request_definition] -r = role, obj, act - -[policy_definition] -p = role, obj, act - -[policy_effect] -e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) - -[matchers] -m = keymatch(r.role, p.role) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*") \ No newline at end of file diff --git a/server/serverconfig/serverconfig.go b/server/serverconfig/serverconfig.go index 6b34b93..04687a3 100644 --- a/server/serverconfig/serverconfig.go +++ b/server/serverconfig/serverconfig.go @@ -18,7 +18,7 @@ func SetMiddlewares(server *echo.Echo, cfg *config.Config, log *logger.Logger, s setCORSMiddleware(server, cfg) setBodyLimitMiddleware(server) setRateLimitMiddleware(server) - setAuthorizationMiddleware(server, log, cfg, appsvc) + //setAuthorizationMiddleware(server, log, cfg, appsvc) err := setJWTMiddleware(server, cfg) if err != nil {