Merge remote-tracking branch 'origin/main' into enable-multiple-auth-methods

Author: jescalada

config.schema.json

@@ -124,6 +124,19 @@
           "description": "Configuration source"
         }
       }
+    },
+    "uiRouteAuth": {
+      "description": "UI routes that require authentication (logged in or admin)",
+      "type": "object",
+      "properties": {
+        "enabled": { "type": "boolean" },
+        "rules": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/routeAuthRule"
+          }
+        }
+      }
     }
   },
   "definitions": {
@@ -155,6 +168,14 @@
         "options": { "type": "object" }
       },
       "required": ["type", "enabled"]
+    },
+    "routeAuthRule": {
+      "type": "object",
+      "properties": {
+        "pattern": { "type": "string" },
+        "adminOnly": { "type": "boolean" },
+        "loginRequired": { "type": "boolean" }
+      }
     }
   },
   "additionalProperties": false

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@finos/git-proxy",
-  "version": "1.14.0",
+  "version": "1.15.0",
   "description": "Deploy custom push protections and policies on top of Git.",
   "scripts": {
     "cli": "node ./packages/git-proxy-cli/index.js",

package.json

@@ -150,5 +150,20 @@
     "enabled": false,
     "key": "certs/key.pem",
     "cert": "certs/cert.pem"
+  },
+  "uiRouteAuth": {
+    "enabled": false,
+    "rules": [
+      {
+        "pattern": "/dashboard/*",
+        "adminOnly": false,
+        "loginRequired": true
+      },
+      {
+        "pattern": "/admin/*",
+        "adminOnly": true,
+        "loginRequired": true
+      }
+    ]
   }
 }

proxy.config.json

@@ -38,6 +38,7 @@ let _rateLimit: RateLimitConfig = defaultSettings.rateLimit;
 let _tlsEnabled = defaultSettings.tls.enabled;
 let _tlsKeyPemPath = defaultSettings.tls.key;
 let _tlsCertPemPath = defaultSettings.tls.cert;
+let _uiRouteAuth: Record<string, unknown> = defaultSettings.uiRouteAuth;
 
 // Initialize configuration with defaults and user settings
 let _config = { ...defaultSettings, ...(_userSettings || {}) } as Configuration;
@@ -231,6 +232,13 @@ export const getDomains = () => {
   return _domains;
 };
 
+export const getUIRouteAuth = () => {
+  if (_userSettings && _userSettings.uiRouteAuth) {
+    _uiRouteAuth = _userSettings.uiRouteAuth;
+  }
+  return _uiRouteAuth;
+};
+
 export const getRateLimit = () => {
   if (_userSettings && _userSettings.rateLimit) {
     _rateLimit = _userSettings.rateLimit;

src/config/index.ts

@@ -17,7 +17,7 @@
 */
 
 import React from 'react';
-import PrivateRoute from './ui/components/PrivateRoute/PrivateRoute';
+import RouteGuard from './ui/components/RouteGuard/RouteGuard';
 import Person from '@material-ui/icons/Person';
 import OpenPushRequests from './ui/views/OpenPushRequests/OpenPushRequests';
 import PushDetails from './ui/views/PushDetails/PushDetails';
@@ -35,55 +35,83 @@ const dashboardRoutes = [
     path: '/repo',
     name: 'Repositories',
     icon: RepoIcon,
-    component: (props) => <PrivateRoute component={RepoList} />,
+    component: (props) => 
+      <RouteGuard
+        component={RepoList}
+        fullRoutePath={`/dashboard/repo`}
+      />,
     layout: '/dashboard',
     visible: true,
   },
   {
     path: '/repo/:id',
     name: 'Repo Details',
     icon: Person,
-    component: (props) => <PrivateRoute component={RepoDetails} />,
+    component: (props) => 
+      <RouteGuard
+        component={RepoDetails}
+        fullRoutePath={`/dashboard/repo/:id`}
+      />,
     layout: '/dashboard',
     visible: false,
   },
   {
     path: '/push',
     name: 'Dashboard',
     icon: Dashboard,
-    component: (props) => <PrivateRoute component={OpenPushRequests} />,
+    component: (props) =>
+      <RouteGuard
+        component={OpenPushRequests}
+        fullRoutePath={`/dashboard/push`}
+      />,
     layout: '/dashboard',
     visible: true,
   },
   {
     path: '/push/:id',
     name: 'Open Push Requests',
     icon: Person,
-    component: (props) => <PrivateRoute component={PushDetails} />,
+    component: (props) =>
+      <RouteGuard
+        component={PushDetails}
+        fullRoutePath={`/dashboard/push/:id`}
+      />,
     layout: '/dashboard',
     visible: false,
   },
   {
     path: '/profile',
     name: 'My Account',
     icon: AccountCircle,
-    component: (props) => <PrivateRoute component={User} />,
+    component: (props) =>
+      <RouteGuard
+        component={User}
+        fullRoutePath={`/dashboard/profile`}
+      />,
     layout: '/dashboard',
     visible: true,
   },
   {
     path: '/admin/user',
     name: 'Users',
     icon: Group,
-    component: (props) => <PrivateRoute adminOnly component={UserList} />,
+    component: (props) =>
+      <RouteGuard
+        component={UserList}
+        fullRoutePath={`/dashboard/admin/user`}
+      />,
     layout: '/dashboard',
     visible: true,
   },
   {
     path: '/admin/user/:id',
     name: 'User',
     icon: Person,
-    component: (props) => <PrivateRoute adminOnly component={User} />,
+    component: (props) =>
+      <RouteGuard
+        component={User}
+        fullRoutePath={`/dashboard/admin/user/:id`}
+      />,
     layout: '/dashboard',
     visible: false,
   },

src/routes.jsx

@@ -15,4 +15,8 @@ router.get('/contactEmail', function ({ res }) {
   res.send(config.getContactEmail());
 });
 
+router.get('/uiRouteAuth', function ({ res }) {
+  res.send(config.getUIRouteAuth());
+});
+
 module.exports = router;

src/service/routes/config.js

@@ -0,0 +1,61 @@
+import React, { useEffect, useState } from 'react';
+import { Navigate } from 'react-router-dom';
+import { useAuth } from '../../auth/AuthProvider';
+import { getUIRouteAuth } from '../../services/config';
+import CircularProgress from '@material-ui/core/CircularProgress';
+
+interface RouteGuardProps {
+  component: React.ComponentType<any>;
+  fullRoutePath: string;
+}
+
+interface UIRouteAuth {
+  enabled: boolean;
+  rules: {
+    pattern: string;
+    adminOnly: boolean;
+    loginRequired: boolean;
+  }[];
+}
+
+const RouteGuard = ({ component: Component, fullRoutePath }: RouteGuardProps) => {
+  const { user, isLoading } = useAuth();
+
+  const [loginRequired, setLoginRequired] = useState(false);
+  const [adminOnly, setAdminOnly] = useState(false);
+  const [authChecked, setAuthChecked] = useState(false);
+
+  useEffect(() => {
+    getUIRouteAuth((uiRouteAuth: UIRouteAuth) => {
+      if (uiRouteAuth?.enabled) {
+        for (const rule of uiRouteAuth.rules) {
+          if (new RegExp(rule.pattern).test(fullRoutePath)) {
+            // Allow multiple rules to be applied according to route precedence
+            // Ex: /dashboard/admin/* will override /dashboard/*
+            setLoginRequired(loginRequired || rule.loginRequired);
+            setAdminOnly(adminOnly || rule.adminOnly);
+          }
+        }
+      } else {
+        console.log('UI route auth is not enabled.');
+      }
+      setAuthChecked(true);
+    });
+  }, [fullRoutePath]);
+
+  if (!authChecked || isLoading) {
+    return <CircularProgress />;
+  }
+
+  if (loginRequired && !user) {
+    return <Navigate to="/login" />;
+  }
+
+  if (adminOnly && !user?.admin) {
+    return <Navigate to="/not-authorized" />;
+  }
+
+  return <Component />;
+};
+
+export default RouteGuard;

src/ui/components/PrivateRoute/PrivateRoute.tsx

@@ -25,4 +25,16 @@ const getEmailContact = async (setData) => {
   });
 };
 
-export { getAttestationConfig, getURLShortener, getEmailContact };
+const getUIRouteAuth = async (setData) => {
+  const url = new URL(`${baseUrl}/config/uiRouteAuth`);
+  await axios(url.toString()).then((response) => {
+    setData(response.data);
+  });
+};
+
+export {
+  getAttestationConfig,
+  getURLShortener,
+  getEmailContact,
+  getUIRouteAuth,
+};