SciCatProject · bolmsten · Jan 16, 2025 · Nov 29, 2024 · Nov 29, 2024 · Nov 29, 2024
diff --git a/.env b/.env
@@ -0,0 +1,2 @@
+SCICAT_API_BASE_PATH=
+SCICAT_API_ACCESS_TOKEN=
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -12,6 +12,7 @@
     "lint": "eslint --fix ."
   },
   "dependencies": {
+    "@scicatproject/scicat-ts-fetch-test": "^2.0.0",
     "@types/archiver": "^5.3.1",
     "@types/cookie-parser": "^1.4.3",
     "@types/cors": "^2.8.12",
@@ -27,6 +28,7 @@
     "cookie-parser": "~1.4.6",
     "cors": "^2.8.5",
     "debug": "~2.6.9",
+    "dotenv": "^16.4.5",
     "ejs": "^3.1.8",
     "express": "~4.19.2",
     "express-fileupload": "^1.4.0",

diff --git a/src/app.ts b/src/app.ts
@@ -13,6 +13,7 @@ import { router as indexRouter } from "./routes/index";
 import { router as uploadRouter } from "./routes/upload";
 import { logger } from "@user-office-software/duo-logger";
 import { configureLogger } from "./common/configureLogger";
+import 'dotenv/config'
 
 const app = express();
 app.set("views", path.join(__dirname, "views"));

diff --git a/src/auth.ts b/src/auth.ts
@@ -1,15 +1,21 @@
 import express from "express";
 import { config } from "./common/config";
-import jwtLib from "jsonwebtoken";
 import * as fs from "fs";
+import jwtLib from "jsonwebtoken";
+
 import { logger } from "@user-office-software/duo-logger";
+import { scicatDataSetAPI } from "./common/scicatAPI"
 
-export const hasFileAccess = (
+export const hasFileAccess = async (
   req: express.Request,
   directory: string,
-  fileNames: string[]
-): Global.AuthResponse => {
-  const { jwtSecret, facility } = config;
+  fileNames: string[],
+  dataset: string
+): Promise<Global.AuthResponse> => {
+
+  const { jwtSecret } = config;
+  const dataSetAPI = scicatDataSetAPI();
+
   if (!jwtSecret) {
     return {
       hasAccess: false,
@@ -41,7 +47,10 @@ export const hasFileAccess = (
     httpMethod: req.method,
     directory,
     fileNames,
+    dataset
   };
+
+
   if (!authRequest.directory) {
     return {
       hasAccess: false,
@@ -79,32 +88,28 @@ export const hasFileAccess = (
       fileNames: [],
     };
   }
-  // Evaluate access rights based on institution specific logic
-  switch (facility) {
-  case "maxiv": {
-    return authMAXIV(authRequest);
-  }
-  default:
-    return {
-      hasAccess: true,
-      statusCode: 200,
-      directory: authRequest.directory,
-      fileNames: authRequest.fileNames,
-    };
-  }
-};
 
-const authMAXIV = (authRequest: Global.AuthRequest): Global.AuthResponse => {
-  const valid =
-    authRequest.jwt.groups.filter(
-      (group) => group.trim() && authRequest.directory.indexOf(group) > -1
-    ).length > 0;
 
-  return {
-    hasAccess: valid,
-    statusCode: valid ? 200 : 403,
-    error: valid ? "" : "You do not have access to this resource",
-    directory: valid ? authRequest.directory : undefined,
-    fileNames: valid ? authRequest.fileNames : [],
-  };
-};
+
+  const valid = await dataSetAPI.datasetsControllerFindById({pid: authRequest.dataset}).then(
+    (value) => 
+      {
+        if(value.isPublished || value.accessGroups.some(item => new Set(authRequest.jwt.groups).has(item)) || authRequest.jwt.groups.indexOf(value.ownerGroup) > -1){
+          return true
+        }else{
+          false
+        }
+      }
+    ).catch((e) => {
+
+      return false
+    });
+
+    return {
+      hasAccess: valid,
+      statusCode: valid ? 200 : 403,
+      error: valid ? "" : "You do not have access to this resource",
+      directory: valid ? authRequest.directory : undefined,
+      fileNames: valid ? authRequest.fileNames : [],
+    };
+}
diff --git a/src/common/scicatAPI.ts b/src/common/scicatAPI.ts
@@ -0,0 +1,23 @@
+import { Configuration, DatasetsApi } from "@scicatproject/scicat-ts-fetch-test";
+
+let datasetsApiInstance: DatasetsApi | null = null;
+
+export function scicatDataSetAPI(): DatasetsApi {
+  if (!datasetsApiInstance) {
+    const basePath = process.env.SCICAT_API_BASE_PATH;
+    const accessToken = process.env.SCICAT_API_ACCESS_TOKEN;
+
+    if (!basePath || !accessToken) {
+      throw new Error("SciCat API configuration is missing: Check SCICAT_API_BASE_PATH and SCICAT_API_ACCESS_TOKEN.");
+    }
+
+    const apiConfig = new Configuration({
+      basePath,
+      accessToken,
+    });
+
+    datasetsApiInstance = new DatasetsApi(apiConfig);
+  }
+
+  return datasetsApiInstance;
+}
diff --git a/src/routes/index.ts b/src/routes/index.ts
@@ -6,6 +6,7 @@ router.get("/", function (req, res) {
   res.render("index", {
     jwt: config.testData.jwt || "",
     directory: config.testData.directory || "",
+    dataset: "",
     file0: config.testData?.files[0] || "",
     file1: config.testData?.files[1] || "",
     file2: config.testData?.files[2] || "",
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		SCICAT_API_BASE_PATH=
		SCICAT_API_ACCESS_TOKEN=
bolmsten marked this conversation as resolved. Show resolved Hide resolved