Squashed commit of the following:

GufCab · GufCab · commit 0f9e78360e0d · 2022-11-10T15:11:05.000+01:00
commit 84dc0f8 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Wed Oct 5 11:21:27 2022 +0200 Updated package-lock using npm6 commit 809fa7c Author: Sławomir Rosiek <SWR@kmd.dk> Date: Tue Oct 4 12:42:33 2022 +0200 Added missing await commit bcc0af5 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Tue Oct 4 12:39:49 2022 +0200 Interface to store client secret * Added interface + plain text implmentation to store client secret for fiware data target * Removed clientSecret from response in data target controller * Updating clientSecret only if new was provided commit 3539b71 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Tue Sep 27 13:16:33 2022 +0200 Refactored lambda to be named function commit 07d3f0a Author: Sławomir Rosiek <SWR@kmd.dk> Date: Tue Sep 27 10:34:23 2022 +0200 Added comment for retries commit 8663114 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Mon Sep 26 13:15:03 2022 +0200 Removing clientSecret from cache key commit 2c4adc4 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Mon Sep 26 13:06:30 2022 +0200 Renamed variable + added some note with explanation commit c33cb6c Author: Sławomir Rosiek <SWR@kmd.dk> Date: Mon Sep 26 13:01:27 2022 +0200 Rethrowing error commit 891ff9e Author: Sławomir Rosiek <SWR@kmd.dk> Date: Mon Sep 26 12:58:51 2022 +0200 Changed scope of the type + awaiting cache manager commit c90ed06 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Mon Sep 26 12:53:35 2022 +0200 Added clearing and retrying in case token is invalid commit 1dc9c54 Author: Sławomir Rosiek <SWR@kmd.dk> Date: Thu Sep 22 11:13:32 2022 +0200 Refactored AuthenticationTokenProvider to use more common aproach for fetching access token commit 339828d Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Sep 21 14:47:23 2022 +0200 Fixed import statement commit 41f301d Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Sep 21 14:47:10 2022 +0200 Making optional properties nullable commit ba62f2d Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Sep 21 14:14:40 2022 +0200 Fixed formatting for fiware-data-target.entity.ts commit 9d04eda Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Sep 21 12:47:35 2022 +0200 Extracted AuthenticationTokenProvider to separate file commit 5432e91 Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Sep 21 12:35:57 2022 +0200 Simplified line commit 58420c0 Author: Sławomir Rosiek <swr@kmd.dk> Date: Thu Jul 21 08:18:09 2022 +0200 Improved logging commit 2636827 Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Jul 20 15:25:58 2022 +0200 Decresead clockSkew so it wont be same as default ttl of the token commit 7512f34 Author: Sławomir Rosiek <swr@kmd.dk> Date: Wed Jul 20 12:10:17 2022 +0200 Added extra logging commit e1e00b5 Author: Sławomir Rosiek <swr@kmd.dk> Date: Tue Jul 19 11:19:08 2022 +0200 Fixed logger name for AuthenticationTokenProvider commit 9647cbb Author: Sławomir Rosiek <swr@kmd.dk> Date: Fri Jul 15 12:53:54 2022 +0200 Added more diagnostic commit b61efae Author: Sławomir Rosiek <swr@kmd.dk> Date: Thu Jul 14 08:58:09 2022 +0200 Updated API to map OAuth autorization property commit 02d4f5d Author: Sławomir Rosiek <swr@kmd.dk> Date: Tue Jul 5 14:53:34 2022 +0200 Extending FiWare module to support OAuth authorization. Added new type of authentication OAuth that requires tokenUrl, clientId and clientSecret and using them to obtain a token and attaching it to request sent to FiWare
diff --git a/.gitignore b/.gitignore
@@ -157,3 +157,8 @@ coverage-e2e
 
 # secrets
 secrets/
+
+# Visual Studio
+applicationhost.config
+*.suo
+.vs/
diff --git a/package.json b/package.json
@@ -50,6 +50,7 @@
         "axios-cache-adapter": "^2.5.0",
         "bcryptjs": "^2.4.3",
         "bluebird": "^3.7.2",
+        "cache-manager": "^4.0.1",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.13.2",
         "compression": "^1.7.4",
@@ -80,6 +81,7 @@
         "@nestjs/testing": "^9.1.2",
         "@types/bcryptjs": "^2.4.2",
         "@types/bluebird": "^3.5.33",
+        "@types/cache-manager": "^4.0.1",
         "@types/compression": "^1.7.0",
         "@types/cookie-parser": "^1.4.2",
         "@types/cron": "^1.7.2",
diff --git a/src/entities/dto/create-data-target.dto.ts b/src/entities/dto/create-data-target.dto.ts
@@ -58,6 +58,15 @@ export class CreateDataTargetDto {
     @ApiProperty({ required: false, default: "", example: null })
     authorizationHeader: string;
 
+    @ApiProperty({ required: false })
+    tokenEndpoint?: string;
+
+    @ApiProperty({ required: false })
+    clientId?: string;
+
+    @ApiProperty({ required: false })
+    clientSecret?: string;
+
     @ApiPropertyOptional({ required: false })
     @IsOptional()
     @ValidateNested({ each: true })
diff --git a/src/entities/enum/authorization-type.enum.ts b/src/entities/enum/authorization-type.enum.ts
@@ -2,4 +2,5 @@ export enum AuthorizationType {
     NO_AUTHORIZATION = "NO_AUTHORIZATION",
     HTTP_BASIC_AUTHORIZATION = "HTTP_BASIC_AUTHORIZATION",
     HEADER_BASED_AUTHORIZATION = "HEADER_BASED_AUTHORIZATION",
+    OAUTH_AUTHORIZATION = "OAUTH_AUTHORIZATION"
 }
diff --git a/src/entities/fiware-data-target.entity.ts b/src/entities/fiware-data-target.entity.ts
@@ -9,7 +9,7 @@ import { FiwareDataTargetConfiguration } from "./interfaces/fiware-data-target-c
 @ChildEntity(DataTargetType.Fiware)
 export class FiwareDataTarget extends DataTarget {
     @Column()
-    url: string; 
+    url: string;
 
     @Column({ default: 30000, comment: "HTTP call timeout in milliseconds" })
     timeout: number;
@@ -23,22 +23,36 @@ export class FiwareDataTarget extends DataTarget {
     @Column({ nullable: true })
     context: string;
 
+    @Column({ nullable: true })
+    clientId?: string;
+
+    @Column({ nullable: true, select: false })
+    clientSecret?: string;
+
+    @Column({ nullable: true })
+    tokenEndpoint?: string;
+
     @BeforeInsert()
-    private beforeInsert() {       
+    private beforeInsert() {
         this.type = DataTargetType.Fiware;
     }
 
     toConfiguration(): FiwareDataTargetConfiguration {
         return {
             url: this.url,
             timeout: this.timeout,
-            authorizationType:
-                this.authorizationHeader != ""
-                    ? AuthorizationType.HEADER_BASED_AUTHORIZATION
-                    : AuthorizationType.NO_AUTHORIZATION,
+            authorizationType: this.tokenEndpoint
+                ? AuthorizationType.OAUTH_AUTHORIZATION
+                : this.authorizationHeader
+                ? AuthorizationType.HEADER_BASED_AUTHORIZATION
+                : AuthorizationType.NO_AUTHORIZATION,
             authorizationHeader: this.authorizationHeader,
             tenant: this.tenant,
-            context: this.context
+            context: this.context,
+            clientId: this.clientId,
+            clientSecret: this.clientSecret,
+            tokenEndpoint: this.tokenEndpoint,
+            updatedAt: this.updatedAt,
         };
     }
 }
diff --git a/src/entities/interfaces/fiware-data-target-configuration.interface.ts b/src/entities/interfaces/fiware-data-target-configuration.interface.ts
@@ -9,4 +9,8 @@ export interface FiwareDataTargetConfiguration {
     authorizationHeader?: string;
     tenant?: string;
     context?: string;
+    clientId?: string;
+    clientSecret?: string;
+    tokenEndpoint?: string;
+    updatedAt: Date;
 }
diff --git a/src/helpers/fiware-token.helper.ts b/src/helpers/fiware-token.helper.ts
@@ -0,0 +1,83 @@
+import { HttpService } from "@nestjs/axios";
+import { CACHE_MANAGER, Inject, Injectable, Logger } from "@nestjs/common"
+import { Cache } from 'cache-manager'
+import { Client } from "mqtt";
+import { FiwareDataTargetConfiguration } from "../entities/interfaces/fiware-data-target-configuration.interface";
+
+type TokenEndpointResponse = {
+    data: {
+        access_token: string,
+        expires_in: number,
+    }
+}
+
+export const CLIENT_SECRET_PROVIDER = 'ClientSecretProvider'
+export interface ClientSecretProvider {
+    getClientSecret(secretRef: string): Promise<string>
+    store(secret: string): Promise<string>
+}
+
+@Injectable()
+export class PlainTextClientSecretProvider implements ClientSecretProvider {
+    getClientSecret(secretRef: string): Promise<string> {
+        return Promise.resolve(secretRef)
+    }
+
+    store(secret: string): Promise<string> {
+        return Promise.resolve(secret)
+    }
+}
+
+@Injectable()
+export class AuthenticationTokenProvider {
+
+    private readonly logger = new Logger(AuthenticationTokenProvider.name);
+
+    constructor(
+        private httpService: HttpService,
+        @Inject(CLIENT_SECRET_PROVIDER) private clientSecretProvider: ClientSecretProvider,
+        @Inject(CACHE_MANAGER) private cacheManager: Cache) {
+    }
+
+    async clearConfig(config: FiwareDataTargetConfiguration): Promise<void> {
+        if (config.clientId) {
+            this.logger.debug(`AuthenticationTokenProvider clearing token for ${config.clientId}`)
+            const key = config.clientId + config.updatedAt.getTime()
+            return this.cacheManager.del(key)
+        }
+    }
+
+    async getToken(config: FiwareDataTargetConfiguration): Promise<string> {
+        const key = config.clientId + config.updatedAt.getTime();
+
+        const token = await this.cacheManager.get<string>(key)
+        if (token) {
+            return token
+        } else {
+            try {
+                const clientSecret = await this.clientSecretProvider.getClientSecret(config.clientSecret)
+                const params = new URLSearchParams([
+                    ['grant_type', 'client_credentials'],
+                    ['client_id', config.clientId],
+                    ['client_secret', clientSecret]
+                ])
+                const { data }: TokenEndpointResponse = await this.httpService.post(config.tokenEndpoint, params, {
+                    headers: {
+                        'Content-Type': 'application/x-www-form-urlencoded',
+                    },
+                }).toPromise()
+
+                // NOTE: TTL offset include some time for clock differences between authentication server and local server + network delay
+                const ttlOffset = 30
+                const ttl = data.expires_in - ttlOffset
+                this.logger.debug(`AuthenticationTokenProvider caching token for ${config.clientId} (expires in ${ttl} seconds)`)
+                await this.cacheManager.set(key, data.access_token, { ttl })
+                return data.access_token
+            }
+            catch (err) {
+                this.logger.error(`AuthenticationTokenProvider got error ${err}`)
+                throw err
+            }
+        }
+    }
+}
diff --git a/src/migration/1657016879520-fiware-oauth-authorization.ts b/src/migration/1657016879520-fiware-oauth-authorization.ts
@@ -0,0 +1,18 @@
+import {MigrationInterface, QueryRunner} from "typeorm";
+
+export class fiwareOauthAuthorization1657016879520 implements MigrationInterface {
+    name = 'fiwareOauthAuthorization1657016879520'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "data_target" ADD "clientId" character varying`);
+        await queryRunner.query(`ALTER TABLE "data_target" ADD "clientSecret" character varying`);
+        await queryRunner.query(`ALTER TABLE "data_target" ADD "tokenEndpoint" character varying`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "data_target" DROP COLUMN "tokenEndpoint"`);
+        await queryRunner.query(`ALTER TABLE "data_target" DROP COLUMN "clientSecret"`);
+        await queryRunner.query(`ALTER TABLE "data_target" DROP COLUMN "clientId"`);
+    }
+
+}
diff --git a/src/modules/data-target/data-target-fiware-sender.module.ts b/src/modules/data-target/data-target-fiware-sender.module.ts
@@ -1,10 +1,24 @@
 import { HttpModule } from "@nestjs/axios";
-import { Module } from "@nestjs/common";
+import { CacheModule, Module } from "@nestjs/common";
 import { FiwareDataTargetService } from "@services/data-targets/fiware-data-target.service";
+import { AuthenticationTokenProvider, CLIENT_SECRET_PROVIDER, PlainTextClientSecretProvider } from "../../helpers/fiware-token.helper";
 
 @Module({
-    imports: [HttpModule],
-    providers: [FiwareDataTargetService],
-    exports: [FiwareDataTargetService],
+    imports: [HttpModule, CacheModule.register()],
+    providers: [
+        FiwareDataTargetService,
+        AuthenticationTokenProvider,
+        {
+            provide: CLIENT_SECRET_PROVIDER,
+            useClass: PlainTextClientSecretProvider,
+        },
+    ],
+    exports: [
+        FiwareDataTargetService,
+        {
+            provide: CLIENT_SECRET_PROVIDER,
+            useClass: PlainTextClientSecretProvider,
+        },
+    ],
 })
 export class DataTargetFiwareSenderModule {}
diff --git a/src/modules/device-management/data-target.module.ts b/src/modules/device-management/data-target.module.ts
@@ -4,11 +4,15 @@ import { DataTargetController } from "@admin-controller/data-target.controller";
 import { ApplicationModule } from "@modules/device-management/application.module";
 import { SharedModule } from "@modules/shared.module";
 import { DataTargetService } from "@services/data-targets/data-target.service";
+import { CLIENT_SECRET_PROVIDER, PlainTextClientSecretProvider } from "../../helpers/fiware-token.helper";
 
 @Module({
     imports: [SharedModule, ApplicationModule],
     exports: [DataTargetService],
     controllers: [DataTargetController],
-    providers: [DataTargetService],
+    providers: [DataTargetService, {
+        provide: CLIENT_SECRET_PROVIDER,
+        useClass: PlainTextClientSecretProvider
+    }],
 })
 export class DataTargetModule {}
diff --git a/src/services/data-targets/data-target.service.ts b/src/services/data-targets/data-target.service.ts
@@ -11,17 +11,20 @@ import { OpenDataDkDataset } from "@entities/open-data-dk-dataset.entity";
 import { dataTargetTypeMap } from "@enum/data-target-type-mapping";
 import { DataTargetType } from "@enum/data-target-type.enum";
 import { ErrorCodes } from "@enum/error-codes.enum";
-import { BadRequestException, Injectable, Logger } from "@nestjs/common";
+import { BadRequestException, Inject, Injectable, Logger } from "@nestjs/common";
 import { InjectRepository } from "@nestjs/typeorm";
 import { ApplicationService } from "@services/device-management/application.service";
 import { DeleteResult, Repository, SelectQueryBuilder } from "typeorm";
+import { ClientSecretProvider, CLIENT_SECRET_PROVIDER } from "../../helpers/fiware-token.helper";
+import { Client } from "mqtt";
 
 @Injectable()
 export class DataTargetService {
     constructor(
         @InjectRepository(DataTarget)
         private dataTargetRepository: Repository<DataTarget>,
-        private applicationService: ApplicationService
+        private applicationService: ApplicationService,
+        @Inject(CLIENT_SECRET_PROVIDER) private clientSecretProvider: ClientSecretProvider
     ) {}
     private readonly logger = new Logger(DataTargetService.name);
 
@@ -89,6 +92,7 @@ export class DataTargetService {
     ): Promise<DataTarget[]> {
         const res = await this.dataTargetRepository
             .createQueryBuilder("dt")
+            .addSelect('dt.clientSecret')
             .innerJoin(
                 "iot_device_payload_decoder_data_target_connection",
                 "con",
@@ -147,10 +151,11 @@ export class DataTargetService {
         updateDataTargetDto: UpdateDataTargetDto,
         userId: number
     ): Promise<DataTarget> {
-        const existing = await this.dataTargetRepository.findOneOrFail({
-            where: { id },
-            relations: ["openDataDkDataset"],
-        });
+        const existing = await this.dataTargetRepository.createQueryBuilder('target')
+            .addSelect('target.clientSecret')
+            .leftJoinAndSelect('target.openDataDkDataset', 'openDataDkDataset')
+            .where('target.id = :id', { id })
+            .getOneOrFail();
 
         const mappedDataTarget = await this.mapDtoToDataTarget(
             updateDataTargetDto,
@@ -200,7 +205,7 @@ export class DataTargetService {
             throw new BadRequestException(ErrorCodes.IdMissing);
         }
 
-        this.mapDtoToTypeSpecificDataTarget(dataTargetDto, dataTarget);
+        await this.mapDtoToTypeSpecificDataTarget(dataTargetDto, dataTarget);
 
         return dataTarget;
     }
@@ -220,7 +225,7 @@ export class DataTargetService {
         return o;
     }
 
-    private mapDtoToTypeSpecificDataTarget(
+    private async mapDtoToTypeSpecificDataTarget(
         dataTargetDto: CreateDataTargetDto,
         dataTarget: DataTarget
     ) {
@@ -234,6 +239,13 @@ export class DataTargetService {
             fiwareDataTarget.url = dataTargetDto.url;
             fiwareDataTarget.timeout = dataTargetDto.timeout;
             fiwareDataTarget.authorizationHeader = dataTargetDto.authorizationHeader;
+            fiwareDataTarget.tokenEndpoint = dataTargetDto.tokenEndpoint;
+            fiwareDataTarget.clientId = dataTargetDto.clientId;
+
+            // NOTE: If there is no client secret we keep it as it was
+            if (dataTargetDto.clientSecret) {
+                fiwareDataTarget.clientSecret = await this.clientSecretProvider.store(dataTargetDto.clientSecret);
+            }
             fiwareDataTarget.tenant = dataTargetDto.tenant;
             fiwareDataTarget.context = dataTargetDto.context;
         } else if (dataTargetDto.type === DataTargetType.MQTT) {
diff --git a/src/services/data-targets/fiware-data-target.service.ts b/src/services/data-targets/fiware-data-target.service.ts

Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,5 @@ export enum AuthorizationType {`
`2`	`2`	`NO_AUTHORIZATION = "NO_AUTHORIZATION",`
`3`	`3`	`HTTP_BASIC_AUTHORIZATION = "HTTP_BASIC_AUTHORIZATION",`
`4`	`4`	`HEADER_BASED_AUTHORIZATION = "HEADER_BASED_AUTHORIZATION",`
	`5`	`+ OAUTH_AUTHORIZATION = "OAUTH_AUTHORIZATION"`
`5`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,8 @@ export interface FiwareDataTargetConfiguration {`
`9`	`9`	`authorizationHeader?: string;`
`10`	`10`	`tenant?: string;`
`11`	`11`	`context?: string;`
	`12`	`+ clientId?: string;`
	`13`	`+ clientSecret?: string;`
	`14`	`+ tokenEndpoint?: string;`
	`15`	`+ updatedAt: Date;`
`12`	`16`	`}`