@@ -5,8 +5,9 @@ const fs = require('fs');
55 By default, the solution uses user's API Manager organization to determine which
66 API-Requests they are allowed to see in the API Gateway Traffic-Monitor.
77 This behavior can be customized.
8- */
98
9+ General authorizationConfig
10+ */
1011var authorizationConfig = {
1112 // For how long should the information cached by the API-Builder process
1213 cacheTTL : parseInt ( process . env . EXT_AUTHZ_CACHE_TTL ) ? process . env . EXT_AUTHZ_CACHE_TTL : 300 ,
@@ -17,6 +18,9 @@ var authorizationConfig = {
1718 enabled : true
1819 } ,
1920 // You may use an external HTTP-Service used for the authorization
21+ // The configuration set here is passed to the methods: createRequestUri and handleResponse as a cfg object,
22+ // which can use it as needed to generate the restricted query.
23+ // Consider the following purely as an example.
2024 externalHTTP : {
2125 enabled : false ,
2226 // URI you want to use for the lookup - Implement the method: createRequestUri to replace for instance the loginName
@@ -61,22 +65,42 @@ var authorizationConfig = {
6165 }
6266}
6367
64- /*
65- This function is called, when externalHTTP is enabled and before the request is send to the external service. You may customize the URI as you need.
66- */
68+ /**
69+ * Method is called, when externalHTTP is enabled and before the request is send
70+ * to the external service. You may use it to change the Uri if needed.
71+ *
72+ * @param {object } user - The user actually using the Traffic-Monitor (ANM).
73+ * @param {object } cfg - The configuration provided above within authorizationConfig.externalHTTP
74+ * @param {object } options.pluginConfig - The service configuration for this
75+ * plugin from API Builder config.pluginConfig['api-builder-plugin-pluginName']
76+ * @param {object } options.logger - The API Builder logger which can be used
77+ * to log messages to the console.
78+ * @return {string } returns the manipulated request URI, which should be send
79+ */
6780async function createRequestUri ( user , cfg , options ) {
68- // Replace the loginName which is part of the URI
81+ // Replace for instance the loginName which is part of the URI
6982 /* Example to use some kind of regex to be performed on the given username
7083 var match = /CN=([0-9a-zA-Z]*)/.exec(username);
7184 var userId = match[1];
7285 */
7386 return cfg . uri . replace ( "__loginName__" , user . loginName ) ;
7487}
7588
76- /*
77- This function is called, when externalHTTP is enabled after the response has returned from the external HTTP service. Implement it to create
78- you restricted query.
79- */
89+ /**
90+ * Method is called, when externalHTTP is enabled after the response has returned
91+ * from the external HTTP service. Implement it to create you restricted query.
92+ *
93+ * @param {object } response - The HTTP-Response returned from the external HTTP-Service.
94+ * @param {object } elasticQuery - The Elasticsearch query that should be enhanced with custom restrictions
95+ * @param {object } cfg - The configuration provided above within authorizationConfig.externalHTTP
96+ * @param {object } options.pluginConfig - The service configuration for this
97+ * plugin from API Builder config.pluginConfig['api-builder-plugin-pluginName']
98+ * @param {object } options.logger - The API Builder logger which can be used
99+ * to log messages to the console.
100+ * @param {object } restrictionField - contains either the value from externalHTTP.restrictionField or
101+ * externalHTTP.detailedRestrictionField. Depends if the user has requested the traffic overview or traffic details.
102+ * @return {string } returns the restricted Elasticsearch query, that will limit the query result according to the user permissions
103+ */
80104async function handleResponse ( response , elasticQuery , cfg , options , restrictionField ) {
81105 var filters = elasticQuery . bool . must ;
82106 var regex = / .{ 3 } - .{ 2 } - .{ 2 } - .{ 3 } - .{ 1 } - ( .* ) - .* / ;
0 commit comments