Merge pull request #294 from bcgov/SC3828

Sc3828

Author: TimCsaky

.github/environments/values.dev.yaml

@@ -13,6 +13,7 @@ config:
   enabled: true
   configMap:
     BASICAUTH_ENABLED: "true"
+    S3ACCESSMODE_ENABLED: "true"
     DB_PORT: "5432"
     KC_ENABLED: "true"
     KC_IDENTITYKEY: idir_user_guid,bceid_user_guid,github_id

.github/environments/values.prod.yaml

@@ -13,6 +13,7 @@ config:
   enabled: true
   configMap:
     BASICAUTH_ENABLED: "true"
+    S3ACCESSMODE_ENABLED: "true"
     DB_PORT: "5432"
     KC_ENABLED: "true"
     KC_IDENTITYKEY: idir_user_guid,bceid_user_guid

.github/environments/values.test.yaml

@@ -13,6 +13,7 @@ config:
   enabled: true
   configMap:
     BASICAUTH_ENABLED: "true"
+    S3ACCESSMODE_ENABLED: "true"
     DB_PORT: "5432"
     KC_ENABLED: "true"
     KC_IDENTITYKEY: idir_user_guid,bceid_user_guid

app/README.md

@@ -145,6 +145,7 @@ docker run -it --rm -p 3000:3000 \
   -e BASICAUTH_ENABLED=true \
   -e BASICAUTH_USERNAME=<Your chosen Basic Auth Username> \
   -e BASICAUTH_PASSWORD=<Your chosen Basic Auth Password> \
+  -e S3ACCESSMODE_ENABLED=true \
   docker.io/bcgovimages/common-object-management-service:latest
 ```
 
@@ -192,6 +193,7 @@ docker run -it --rm -p 3000:3000 \
   -e BASICAUTH_USERNAME=<Your chosen Basic Auth Username> \
   -e BASICAUTH_PASSWORD=<Your chosen Basic Auth Password> \
   -e KC_ENABLED=true \
+  -e S3ACCESSMODE_ENABLED=true \
   -e KC_CLIENTID=<id> \
   -e KC_CLIENTSECRET=<secret> \
   -e KC_PUBLICKEY=<publickey> \

app/config/custom-environment-variables.json

@@ -1,6 +1,7 @@
 {
   "basicAuth": {
     "enabled": "BASICAUTH_ENABLED",
+    "s3AccessMode": "S3ACCESSMODE_ENABLED",
     "password": "BASICAUTH_PASSWORD",
     "username": "BASICAUTH_USERNAME"
   },

app/src/components/utils.js

@@ -53,10 +53,11 @@ const utils = {
   getAppAuthMode() {
     const basicAuth = utils.getConfigBoolean('basicAuth.enabled');
     const oidcAuth = utils.getConfigBoolean('keycloak.enabled');
+    const s3AccessMode = utils.getConfigBoolean('basicAuth.s3AccessMode');
 
-    if (!basicAuth && !oidcAuth) return AuthMode.NOAUTH;
-    else if (basicAuth && !oidcAuth) return AuthMode.BASICAUTH;
-    else if (!basicAuth && oidcAuth) return AuthMode.OIDCAUTH;
+    if (!basicAuth && !oidcAuth && !s3AccessMode) return AuthMode.NOAUTH;
+    else if ((basicAuth || !s3AccessMode) && !oidcAuth) return AuthMode.BASICAUTH;
+    else if (!basicAuth && oidcAuth && !s3AccessMode) return AuthMode.OIDCAUTH;
     else return AuthMode.FULLAUTH; // basicAuth && oidcAuth
   },
 

app/src/controllers/bucket.js

@@ -305,7 +305,12 @@ const controller = {
         endpoint: req.body.endpoint ? stripDelimit(req.body.endpoint) : currentBucket.endpoint
       });
 
-      const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER), SYSTEM_USER);
+      let userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER), SYSTEM_USER);
+
+      if ((userId === SYSTEM_USER || userId === undefined) && req.currentUser?.bucketSettings) {
+        userId = req.currentUser.bucketSettings.accessKeyId;
+      }
+
       const response = await bucketService.update({
         bucketId: bucketId,
         bucketName: req.body.bucketName,

app/src/controllers/object.js

@@ -1105,7 +1105,11 @@ const controller = {
    */
   async updateObject(req, res, next) {
     try {
-      const userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
+      let userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
+
+      if ((userId === SYSTEM_USER || userId === undefined) && req.currentUser?.bucketSettings) {
+        userId = req.currentUser.bucketSettings.accessKeyId;
+      }
 
       // Preflight existence check for bucketId
       const bucketId = req.currentObject?.bucketId;

app/src/controllers/version.js

@@ -28,6 +28,7 @@ const controller = {
       const versionIds = mixedQueryToArray(req.query.versionId);
       const s3VersionIds = mixedQueryToArray(req.query.s3VersionId);
       const metadata = getMetadata(req.headers);
+      const bucketId = mixedQueryToArray(req.query.bucketId);
 
       const params = {
         versionIds: versionIds ? versionIds.map(id => addDashesToUuid(id)) : versionIds,
@@ -37,6 +38,7 @@ const controller = {
       // if scoping to current user permissions on objects
       if (getConfigBoolean('server.privacyMask')) {
         params.userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
+        params.bucketId = bucketId?.length ? bucketId : undefined;
       }
       const response = await metadataService.fetchMetadataForVersion(params);
       res.status(200).json(response);
@@ -58,6 +60,7 @@ const controller = {
       const versionIds = mixedQueryToArray(req.query.versionId);
       const s3VersionIds = mixedQueryToArray(req.query.s3VersionId);
       const tagging = req.query.tagset;
+      const bucketId = mixedQueryToArray(req.query.bucketId);
 
       const params = {
         versionIds: versionIds ? versionIds.map(id => addDashesToUuid(id)) : versionIds,
@@ -67,6 +70,7 @@ const controller = {
       // if scoping to current user permissions on objects
       if (getConfigBoolean('server.privacyMask')) {
         params.userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
+        params.bucketId = bucketId?.length ? bucketId : undefined;
       }
       const response = await tagService.fetchTagsForVersion(params);
       res.status(200).json(response);

app/src/db/models/tables/objectModel.js

@@ -78,7 +78,7 @@ class ObjectModel extends Timestamps(Model) {
       filterActive(query, value) {
         if (value !== undefined) query.where('object.active', value);
       },
-      filterVersionAttributes(query, mimeType, deleteMarker, isLatest) {
+      filterVersionAttributes(query, mimeType, deleteMarker, isLatest, versionId, s3VersionId) {
         query
           .withGraphJoined('version')
           .leftJoinRelated('version')
@@ -92,6 +92,8 @@ class ObjectModel extends Timestamps(Model) {
             if (isLatest !== undefined) {
               query.where('version.isLatest', isLatest);
             }
+            filterOneOrMany(query, versionId, 'version.id');
+            filterOneOrMany(query, s3VersionId, 'version.s3VersionId');
           });
       },
       filterMetadataTag(query, value) {