From 19c337fac0d9e74f027fc849e9680a04a0f2a5a1 Mon Sep 17 00:00:00 2001 From: amit-s19 Date: Thu, 8 Jun 2023 13:27:44 +0530 Subject: [PATCH] Modified APIs in CM and Auth service --- apps/authentication/src/auth/auth.service.ts | 32 ++++++++------------ apps/authentication/src/auth/dto/auth.dto.ts | 2 +- apps/consent-manager/src/app.controller.ts | 20 +++++++----- apps/consent-manager/src/app.service.ts | 16 ++++++++-- 4 files changed, 39 insertions(+), 31 deletions(-) diff --git a/apps/authentication/src/auth/auth.service.ts b/apps/authentication/src/auth/auth.service.ts index 5b36a2e..82fad5f 100644 --- a/apps/authentication/src/auth/auth.service.ts +++ b/apps/authentication/src/auth/auth.service.ts @@ -10,15 +10,9 @@ export class AuthService { async handleAuth(authDTO: AuthDto) { //TODO: add consent artifact processin try { - const requestOptions = { - headers: { - 'Content-Type': 'application/json', - }, - }; // const myHeaders = new Headers(); // myHeaders.append('Content-Type', 'application/json'); - const raw = authDTO.consentArtifact; // var raw = JSON.stringify({ // "id": "927d81cf-77ee-4528-94d1-2d98a2595740", // "caId": "036232e5-0ac7-4863-bad2-c70e70ef2d2f", @@ -81,14 +75,13 @@ export class AuthService { // "webhook_url": "https://sample-consumer/api/v1/consume", // "total_attempts": 0 // }); - const reqOptions = { - method: 'POST', - headers: { - 'Content-Type': 'application/json', - }, - body: raw, - redirect: 'follow', - }; + // const reqOptions = { + // method: 'POST', + // headers: { + // 'Content-Type': 'application/json', + // }, + // redirect: 'follow', + // }; // fetch('https://api.consent-manager.konnect.samagra.io/verify', reqOptions) // .then((response) => response.text()) // .then((result) => console.log(result)) @@ -105,10 +98,8 @@ export class AuthService { const caRes = await lastValueFrom( this.httpService - .post( - `${process.env.CONSENT_MANAGER_URI}/verify`, - raw, - reqOptions, + .get( + `${process.env.CONSENT_MANAGER_URI}/${authDTO.caId}/verify` ) .pipe(map((response) => response.data)), ); @@ -116,12 +107,13 @@ export class AuthService { return "An error occured while verifying Consent Artifact"; } + console.log("CA RES---->", caRes) + const responseData = await lastValueFrom( this.httpService .post( process.env.LINK_TO_AUTHORIZATION_SERVICE, - { consentArtifact: authDTO.consentArtifact, gql: authDTO.gql }, - requestOptions, + { consentArtifact: caRes, gql: authDTO.gql } ) .pipe(map((response) => response.data)), ); diff --git a/apps/authentication/src/auth/dto/auth.dto.ts b/apps/authentication/src/auth/dto/auth.dto.ts index 727c8b3..80318e6 100644 --- a/apps/authentication/src/auth/dto/auth.dto.ts +++ b/apps/authentication/src/auth/dto/auth.dto.ts @@ -1,5 +1,5 @@ export class AuthDto { - consentArtifact: JSON; + caId: string gql: string; token: string; } diff --git a/apps/consent-manager/src/app.controller.ts b/apps/consent-manager/src/app.controller.ts index 649fd22..ee75364 100644 --- a/apps/consent-manager/src/app.controller.ts +++ b/apps/consent-manager/src/app.controller.ts @@ -54,23 +54,29 @@ export class AppController { @ApiOperation({ summary: 'Verify CA' }) @ApiResponse({ type: GetCAResponse, status: 200, description: 'Get CA details' }) - @Post('verify/') - async verifyCA(@Body() caRequest: object): Promise { - const ca: CARequests = await this.appService.getCA(caRequest["caId"]); + @Get('/:caId/verify') + async verifyCA(@Param('caId') caId: string): Promise { + const ca: CARequests = await this.appService.getCA(caId); const status = await this.appService.updateFrequency(ca); if (status === 200) { return ca; + } else if (status === 401) { + throw new HttpException({ + statusCode: HttpStatus.UNAUTHORIZED, + error: 'Consent has not been provided by the user yet', + message: 'Consent has not been provided by the user yet', + }, 401); } else if (status === 403) { throw new HttpException({ statusCode: HttpStatus.FORBIDDEN, - error: 'Consent has been revoked for this artifact', - message: 'Consent has been revoked for this artifact', + error: 'Consent has been REVOKED or DECLINED for this artifact', + message: 'Consent has been REVOKED or DECLINED for this artifact', }, 403); } else if (status === 410) { throw new HttpException({ statusCode: HttpStatus.GONE, - error: 'Requested Consent Artifact has expired', - message: 'Requested Consent Artifact has expired', + error: 'Requested Consent Artifact has EXPIRED', + message: 'Requested Consent Artifact has EXPIRED', }, 410); } else if (status === 429) { throw new HttpException({ diff --git a/apps/consent-manager/src/app.service.ts b/apps/consent-manager/src/app.service.ts index 16d0370..cdcc25c 100644 --- a/apps/consent-manager/src/app.service.ts +++ b/apps/consent-manager/src/app.service.ts @@ -82,7 +82,7 @@ export class AppService { const currDate = new Date(); // If the Consent Artifact has expired - if (new Date(consentArtifact.expires) <= currDate) { + if ((new Date(consentArtifact.expires) <= currDate) || ca.state == 'EXPIRED') { return 410; } // If the Consent Artifact has been revoked. @@ -90,6 +90,16 @@ export class AppService { return 403; } + // If the Consent Artifact has been revoked. + if (ca.state == 'DECLINE') { + return 403; + } + + // If the Consent Artifact has been revoked. + if (ca.state == 'CREATED') { + return 401; + } + if (ca.total_attempts + 1 <= consentArtifact.total_queries_allowed) { const currentValue = await this.cacheManager.get(ca.caId); if (!currentValue || currentValue == null) { @@ -139,8 +149,8 @@ export class AppService { } tokenizeRequest(payload: ConsentArtifact): any { - var privateKEY = fs.readFileSync('./keys/private.key', 'utf8'); - var signOptions:any = { + var privateKEY = fs.readFileSync(process.cwd() + '/apps/consent-manager/keys/private.key', 'utf8'); + var signOptions: any = { issuer: this.configService.get('JWT_ISSUER'), subject: payload.user.id, audience: payload.consumer.id,