Merge pull request #25 from delphi-hub/feature/authentication

Introduced JWT based authorization for registry communication

Author: bhermann

app/authorization/AuthProvider.scala

@@ -0,0 +1,35 @@
+// Copyright (C) 2018 The Delphi Team.
+// See the LICENCE file distributed with this work for additional
+// information regarding copyright ownership.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package authorization
+
+import pdi.jwt.{Jwt, JwtAlgorithm, JwtClaim}
+import utils.CommonHelper
+
+object AuthProvider {
+
+  def generateJwt(validFor: Long = 1, useGenericName: Boolean = false): String = {
+    val claim = JwtClaim()
+      .issuedNow
+      .expiresIn(validFor * 60)
+      .startsNow
+      . + ("user_id", if (useGenericName) CommonHelper.configuration.instanceName else s"${CommonHelper.configuration.assignedID.get}")
+      . + ("user_type", "Component")
+
+
+    Jwt.encode(claim, CommonHelper.configuration.jwtSecretKey, JwtAlgorithm.HS256)
+  }
+
+}

app/utils/Configuration.scala

@@ -65,6 +65,8 @@ class Configuration(val bindPort: Int = ConfigFactory.load().getInt("app.portWeb
     case None => defaultWebApiPort
   }
 
+  val jwtSecretKey: String  = sys.env.getOrElse("DELPHI_JWT_SECRET","changeme")
+
   lazy val fallbackWebApiHost : String = sys.env.get("DELPHI_WEBAPI_URI") match {
     case Some(hostString) =>
       if(hostString.count(c => c == ':') == 2){

app/utils/instancemanagement/InstanceRegistry.scala

@@ -20,9 +20,11 @@ import java.net.InetAddress
 import akka.actor.ActorSystem
 import akka.http.scaladsl.Http
 import akka.http.scaladsl.model._
+import akka.http.scaladsl.model.headers.RawHeader
 import akka.http.scaladsl.unmarshalling.Unmarshal
 import akka.stream.ActorMaterializer
 import akka.util.ByteString
+import authorization.AuthProvider
 import utils.instancemanagement.InstanceEnums.{ComponentType, InstanceState}
 import utils.{AppLogging, CommonHelper, Configuration}
 
@@ -93,7 +95,10 @@ object InstanceRegistry extends InstanceJsonSupport with AppLogging
           method = HttpMethods.POST,
           configuration.instanceRegistryUri + ReportOperationType.toOperationUriString(operationType, id))
 
-        Await.result(Http(system).singleRequest(request) map {response =>
+        val useGenericNameForToken = operationType == ReportOperationType.Start //Must use generic name for startup, no id known at that point
+
+        Await.result(Http(system).singleRequest(request.withHeaders(RawHeader("Authorization",
+          s"Bearer ${AuthProvider.generateJwt(useGenericName = useGenericNameForToken)}"))) map { response =>
           if(response.status == StatusCodes.OK){
             log.info(s"Successfully reported ${operationType.toString} to Instance Registry.")
             Success()
@@ -146,7 +151,7 @@ object InstanceRegistry extends InstanceJsonSupport with AppLogging
       val request = HttpRequest(method = HttpMethods.GET, configuration.instanceRegistryUri +
         s"/matchingInstance?Id=${configuration.assignedID.getOrElse(-1)}&ComponentType=WebApi")
 
-      Await.result(Http(system).singleRequest(request) map {response =>
+      Await.result(Http(system).singleRequest(request.withHeaders(RawHeader("Authorization",s"Bearer ${AuthProvider.generateJwt()}"))) map {response =>
         response.status match {
           case StatusCodes.OK =>
             val instanceString : String = Await.result(response.entity.dataBytes.runFold(ByteString(""))(_ ++ _).map(_.utf8String), 5 seconds)
@@ -187,7 +192,7 @@ object InstanceRegistry extends InstanceJsonSupport with AppLogging
           configuration.instanceRegistryUri +
             s"/matchingResult?CallerId=${configuration.assignedID.getOrElse(-1)}&MatchedInstanceId=$idToPost&MatchingSuccessful=$isWebApiReachable")
 
-        Await.result(Http(system).singleRequest(request) map {response =>
+        Await.result(Http(system).singleRequest(request.withHeaders(RawHeader("Authorization",s"Bearer ${AuthProvider.generateJwt()}"))) map {response =>
           if(response.status == StatusCodes.OK){
             log.info("Successfully posted matching result to Instance Registry.")
             Success()
@@ -235,7 +240,7 @@ object InstanceRegistry extends InstanceJsonSupport with AppLogging
 
       val request = HttpRequest(method = HttpMethods.POST, configuration.instanceRegistryUri + s"/deregister?Id=$id")
 
-      Await.result(Http(system).singleRequest(request) map {response =>
+      Await.result(Http(system).singleRequest(request.withHeaders(RawHeader("Authorization",s"Bearer ${AuthProvider.generateJwt()}"))) map {response =>
         if(response.status == StatusCodes.OK){
           log.info("Successfully deregistered from Instance Registry.")
           Success()
@@ -255,7 +260,8 @@ object InstanceRegistry extends InstanceJsonSupport with AppLogging
 
   def postInstance(instance : Instance, uri: String) () : Future[HttpResponse] = {
     val request = HttpRequest(method = HttpMethods.POST, uri = uri, entity = instance.toJson(instanceFormat).toString())
-    Try(Http(system).singleRequest(request)) match {
+    //use generic name for startup, no id present at this point
+    Try(Http(system).singleRequest(request.withHeaders(RawHeader("Authorization",s"Bearer ${AuthProvider.generateJwt(useGenericName = true)}")))) match {
       case Success(res) =>
         res
       case Failure(ex) =>

build.sbt

@@ -22,6 +22,8 @@ resolvers += Resolver.sonatypeRepo("snapshots")
 libraryDependencies += guice
 libraryDependencies += "org.scalatestplus.play" %% "scalatestplus-play" % "3.1.2" % Test
 
+libraryDependencies += "com.pauldijou" %% "jwt-core" % "1.0.0"
+
 // Akka dependencies
 libraryDependencies ++= Seq(
   "com.typesafe.akka" %% "akka-http-core" % "10.0.11",