uc-cdis
diff --git a/‎.storybook/main.ts‎
Lines changed: 4 additions & 0 deletions b/‎.storybook/main.ts‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎config/vpodcprod/navigation.json‎
Lines changed: 4 additions & 2 deletions b/‎config/vpodcprod/navigation.json‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎package-lock.json‎
Lines changed: 1497 additions & 5477 deletions b/‎package-lock.json‎
Lines changed: 1497 additions & 5477 deletions
diff --git a/‎package.json‎
Lines changed: 17 additions & 6 deletions b/‎package.json‎
Lines changed: 17 additions & 6 deletions
diff --git a/‎public/images/createdby.png‎
19.5 KB b/‎public/images/createdby.png‎
19.5 KB
diff --git a/‎public/mockServiceWorker.js‎
Lines changed: 1 addition & 1 deletion b/‎public/mockServiceWorker.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/lib/CohortBuilder/CustomCellRenderers.tsx‎
Lines changed: 58 additions & 1 deletion b/‎src/lib/CohortBuilder/CustomCellRenderers.tsx‎
Lines changed: 58 additions & 1 deletion
diff --git a/‎src/lib/auth/fetchAuthz.ts‎
Lines changed: 6 additions & 9 deletions b/‎src/lib/auth/fetchAuthz.ts‎
Lines changed: 6 additions & 9 deletions
diff --git a/‎src/middleware-impl.ts‎
Lines changed: 81 additions & 0 deletions b/‎src/middleware-impl.ts‎
Lines changed: 81 additions & 0 deletions
@@ -33,5 +33,9 @@ const config: StorybookConfig = {
 
     return config;
   },
+  env: (config) => ({
+    ...config,
+    NEXT_PUBLIC_GEN3_COMMONS_NAME: 'vpodcprod',
+  }),
 };
 export default config;
@@ -1,9 +1,11 @@
 {
   "navigation": {
+    "hideUnauthorizedLinks": false,
     "classNames": {
-      "root": "pl-1 mr-6 bg-base-max text-primary opacity-100 hover:opacity-100",
+      "root": "pl-1 mr-6 bg-base-max text-primary opacity-100 hover:opacity-100 data-disabled:opacity-35 data-disabled:hover:text-primary data-disabled:hover:opacity-35",
       "item": "py-2 px-4 hover:bg-base-lightest hover:text-base-contrast",
-      "navigationPanel": "bg-base-max text-primary"
+      "navigationPanel": "bg-base-max text-primary",
+      "icon": "data-disabled:opacity-50"
     },
     "logo": {
       "src": "/images/vpodc-logo.png",
 
@@ -1,6 +1,6 @@
 {
   "name": "@gen3/vpodc-data-commons",
-  "version": "0.12.2",
+  "version": "0.12.10",
   "private": "true",
   "engines": {
     "npm": ">=10.9.2",
@@ -9,12 +9,15 @@
   "scripts": {
     "lint": "next lint",
     "lint-fix": "next lint --fix",
+    "predev": " NODE_ENV=development npm run build:middlewarePaths",
     "dev": "next dev",
+    "prebuild": "NODE_ENV=production npm run build:middlewarePaths",
     "build": "next build",
     "start": "next start",
-    "setupCommons": "npm run buildColors && npm run getSchema && npm run getDRSToHostname",
+    "setupCommons": "npm run buildColors && npm run getSchema && npm run getDRSToHostname && npm run buildIcons && npm run build:middlewarePaths",
     "build:colors": "node ./node_modules/@gen3/toolsff/dist/buildColors.esm.js --themeFile=config/$npm_config_commons/colors.json --out=config/$npm_config_commons",
     "build:icons": "node ./node_modules/@gen3/toolsff/dist/bundleIcons.esm.js --inpath=config/icons --outpath=config/icons",
+    "build:middlewarePaths": "node ./node_modules/@gen3/toolsff/dist/scanSitePaths.esm.js",
     "getSchema": "node ./node_modules/@gen3/toolsff/dist/getSchema.esm.js --out=config/",
     "getDRSToHostname": "node ./node_modules/@gen3/toolsff/dist/getDRSToHostname.esm.js --out=config/",
     "storybook": "storybook dev -p 6006",
@@ -26,8 +29,8 @@
     "@fontsource/montserrat": "^5.2.8",
     "@fontsource/poppins": "^5.2.7",
     "@fontsource/source-sans-pro": "^5.2.5",
-    "@gen3/core": "0.12.2",
-    "@gen3/frontend": "0.12.2",
+    "@gen3/core": "0.12.10",
+    "@gen3/frontend": "0.12.10",
     "@grafana/faro-react": "^1.9.1",
     "@grafana/faro-web-sdk": "^1.9.1",
     "@grafana/faro-web-tracing": "^1.9.1",
@@ -47,12 +50,20 @@
     "jsonpath-plus": "^10.3.0",
     "mantine-react-table": "^2.0.0-beta.9",
     "react": "^18.3.1",
-    "react-dom": "18.3.1"
+    "react-dom": "18.3.1",
+    "react-icons": "^5.5.0",
+    "use-deep-compare": "^1.3.0",
+    "lodash": "^4.14.202",
+    "tailwind-styled-components": "^2.2.0",
+    "remark-gfm": "^4.0.1",
+    "react-markdown": "^10.1.0",
+    "validator": "13.15.23",
+    "victory": "^37.3.6"
   },
   "devDependencies": {
     "@axe-core/react": "^4.10.2",
     "@chromatic-com/storybook": "^4.1.1",
-    "@gen3/toolsff": "0.12.2",
+    "@gen3/toolsff": "0.12.10",
     "@jest/globals": "^29.7.0",
     "@next/eslint-plugin-next": "^15.5.9",
     "@storybook/addon-a11y": "^9.1.10",
 
@@ -7,7 +7,7 @@
  * - Please do NOT modify this file.
  */
 
-const PACKAGE_VERSION = '2.12.4'
+const PACKAGE_VERSION = '2.12.7'
 const INTEGRITY_CHECKSUM = '4db4a41e972cec1b64cc569c66952d82'
 const IS_MOCKED_RESPONSE = Symbol('isMockedResponse')
 const activeClientIds = new Set()
 
@@ -3,7 +3,7 @@ import {
   ExplorerTableCellRendererFactory,
   type CellRendererFunctionProps,
 } from '@gen3/frontend';
-import { ActionIcon, Text } from '@mantine/core';
+import { ActionIcon, Text, Tooltip } from '@mantine/core';
 import { FaExternalLinkAlt } from 'react-icons/fa';
 
 const RenderDicomLink = ({ cell }: CellRendererFunctionProps) => {
@@ -51,6 +51,58 @@ const RenderLinkCell = ({ cell }: CellRendererFunctionProps) => {
   );
 };
 
+interface LinkCellOptions {
+  icon: string;
+  color: string;
+  variant: string;
+  size: string;
+  tooltip: boolean;
+}
+
+const RenderLinkIconDefaultParameters : LinkCellOptions = {
+  icon: 'gen3:external-link', // TODO
+  color: 'accent.5',
+  variant: 'filled',
+  size: 'md',
+  tooltip: false,
+}
+
+/**
+ * RenderLinkWithIcon is a functional component that renders a hyperlink with an associated icon inside a tooltip.
+ *
+ * This component primarily checks if a value exists in the `cell` object provided as a property. If there is no
+ * value or the value is an empty string, it returns an empty span. Otherwise, a link is rendered with customizable
+ * icon appearance and tooltip functionality.
+ *
+ * Parameters for styling and behavior can be passed through `params`, which override the default configurations.
+ *
+ * @param {Object} props - The component props.
+ * @param {CellRendererFunctionProps} props.cell - Contains the value for the hyperlink.
+ * @param {...Array<Record<string, unknown>>} params - Additional configuration parameters for the rendered link and its icon. Defaults are defined in `RenderLinkIconDefaultParameters`.
+ * @returns {React.ReactNode} A React element representing a tooltip-wrapped link with an icon, or an empty span if no value is present in `cell`.
+ */
+const RenderLinkWithIcon = ({ cell }: CellRendererFunctionProps,
+                            ...params: Array<Record<string, unknown>>) => {
+  if (!cell?.getValue() || cell?.getValue() === '') {
+    return <span></span>;
+  } else {
+    const mergedParams = { ...RenderLinkIconDefaultParameters,  ...(params ? params[0] : {}) };
+    const { variant, color, size, tooltip } = mergedParams;
+    return (
+      <Tooltip label={cell.getValue() as string} disabled={tooltip ? !tooltip :  true} >
+      <a href={`${cell.getValue()}`} target="_blank" rel="noreferrer">
+
+        <ActionIcon size={size} variant={variant} color={color}>
+          <FaExternalLinkAlt />
+        </ActionIcon>
+
+      </a>
+      </Tooltip>
+    );
+  }
+};
+
+
 export const registerCohortTableCustomCellRenderers = () => {
   ExplorerTableCellRendererFactory().registerRenderer(
     'link',
@@ -67,4 +119,9 @@ export const registerCohortTableCustomCellRenderers = () => {
     'linkURL',
     RenderLinkCell,
   );
+  ExplorerTableCellRendererFactory().registerRenderer(
+    'link',
+    'linkWithIconAndTooltip',
+    RenderLinkWithIcon,
+  );
 };
@@ -12,21 +12,19 @@ const DEFAULT_TTL_SECONDS = 360;
  * to a simple string[] of resource paths.
  */
 export async function fetchArboristResources(
-  cookies?: string,
+  accessToken: string | null,
   useService: boolean = false,
   revalidate: number = DEFAULT_TTL_SECONDS,
 ): Promise<string[]> {
-  const headers: Record<string, string> = {};
-
-  if (cookies) {
-    headers.Cookie = cookies;
-  }
+  const headers: Record<string, string> = {
+    ...(accessToken ? { Authorization: `Bearer ${accessToken}` } : {}),
+    credentials: 'include',
+  };
 
   const url = useService
-    ? `${GEN3_AUTHZ_SERVICE}/resource`
+    ? `${GEN3_AUTHZ_SERVICE}/auth/resources`
     : `${GEN3_AUTHZ_API}/resources`;
   const res = await fetch(url, { headers, next: { revalidate: revalidate } });
-
   if (!res.ok) {
     console.error(
       'commons:fetchArboristResources Arborist /resource failed:',
@@ -35,7 +33,6 @@ export async function fetchArboristResources(
     );
     return [];
   }
-
   const data = (await res.json()) as AuthzResourceResponse;
   return data.resources ?? [];
 }
@@ -0,0 +1,81 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getRouteConfig } from './lib/auth/arboristConfig';
+import {
+  getAccessToken,
+  getLoginStatus,
+  type LoginStatus,
+} from './lib/auth/getLoginStatus';
+import { fetchArboristResources } from './lib/auth/fetchAuthz';
+import { RouteConfig } from '@gen3/frontend/server';
+
+const WILDCARD_ROUTE_KEY = '*';
+
+function getRouteRuleForPath(pathname: string, routeConfig: RouteConfig) {
+  return routeConfig?.[pathname] ?? routeConfig?.[WILDCARD_ROUTE_KEY];
+}
+
+function isLoggedIn(loginStatus: LoginStatus) {
+  return loginStatus.status === 'issued';
+}
+
+export async function middleware(req: NextRequest) {
+  const pathname = req.nextUrl.pathname;
+  const { routes: routeConfig } = await getRouteConfig();
+  let rule = getRouteRuleForPath(pathname, routeConfig);
+
+  // check if there is a wildcard route
+  if (!rule) {
+    rule = getRouteRuleForPath('*', routeConfig);
+  }
+
+  // Public route: not listed in Arborist config
+  if (!rule) {
+    return NextResponse.next();
+  }
+
+  const loginRequired = rule.loginRequired ?? true;
+  const needsAuthz = Array.isArray(rule?.authz) && rule?.authz.length > 0;
+
+  // Gen3 login check
+  const loginStatus = await getLoginStatus(req.headers.get('Cookie') || '');
+  const loggedIn = await isLoggedIn(loginStatus);
+
+  // Enforce login if required
+  if (loginRequired && !loggedIn) {
+    const loginUrl = new URL('/Login', req.url);
+    loginUrl.searchParams.set('referer', pathname);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  // If no authz resources configured, login is enough
+  if (!needsAuthz) {
+    return NextResponse.next();
+  }
+
+  // if authz is required but we somehow aren't logged in,
+  // send to login (even though in practice loginRequired will almost
+  // always be true when authz is configured).
+  if (!loggedIn) {
+    const loginUrl = new URL('/Login', req.url);
+    loginUrl.searchParams.set('referer', pathname);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  // Authz is enabled AND route has authzResources → check Arborist resources
+  const tokenFromCookie =
+    getAccessToken(req.headers.get('Cookie') || '') ?? null;
+
+  // Let the server-side helper resolve resources using the active Gen3 session.
+  const resources = await fetchArboristResources(
+    tokenFromCookie,
+    process.env.NODE_ENV === 'production',
+  );
+
+  const allowed = rule?.authz!.some((needed) => resources.includes(needed));
+  if (!allowed) {
+    // Already logged in if required; they just lack authz for this resource
+    return NextResponse.redirect(new URL('/403', req.url));
+  }
+
+  return NextResponse.next();
+}