From c3a34ef5593ba82fe006fe12c327332c9be64841 Mon Sep 17 00:00:00 2001
From: sapthasurendran <saptha.surendran@ibm.com>
Date: Tue, 27 Jul 2021 13:13:18 +0530
Subject: [PATCH] apikey auth for Org1

Signed-off-by: sapthasurendran <saptha.surendran@ibm.com>

removed auth check from live,ready apis..

code format

http file changes for apikey

comments for getting api key

readme update for apikey usage

replaced -H with --header

apikey config made mandatory

fix linting

Signed-off-by: sapthasurendran <saptha.surendran@ibm.com>
---
 README.md                                     | 12 +++---
 .../rest-api-typescript/package-lock.json     | 37 +++++++++++++++++++
 .../rest-api-typescript/package.json          |  3 ++
 .../scripts/generateEnv.sh                    |  2 +
 .../rest-api-typescript/src/auth.ts           | 24 ++++++++++++
 .../rest-api-typescript/src/config.ts         |  6 +++
 .../rest-api-typescript/src/server.ts         | 20 +++++++++-
 demo.http                                     | 12 +++++-
 8 files changed, 107 insertions(+), 9 deletions(-)
 create mode 100644 asset-transfer-basic/rest-api-typescript/src/auth.ts

diff --git a/README.md b/README.md
index aaf539be..33e8175e 100644
--- a/README.md
+++ b/README.md
@@ -65,35 +65,35 @@ curl --include --request OPTIONS http://localhost:3000/api/assets/asset7
 ### Create an asset...
 
 ```shell
-curl --include --header "Content-Type: application/json" --request POST --data '{"id":"asset7","color":"red","size":42,"owner":"Jean","appraisedValue":101}' http://localhost:3000/api/assets
+curl --include --header "Content-Type: application/json" --header "api-key:Api-Key <apikeyfororg>" --request POST --data '{"id":"asset7","color":"red","size":42,"owner":"Jean","appraisedValue":101}' http://localhost:3000/api/assets
 ```
 
 ### Read transaction status...
 
 ```shell
-curl http://localhost:3000/api/transactions/__transaction_id__
+curl --header "api-key:Api-Key <apikeyfororg>" http://localhost:3000/api/transactions/__transaction_id__
 ```
 
 ### Read an asset...
 
 ```shell
-curl http://localhost:3000/api/assets/asset7
+curl --header "api-key:Api-Key <apikeyfororg>" http://localhost:3000/api/assets/asset7
 ```
 
 ### Update an asset...
 
 ```shell
-curl --include --header "Content-Type: application/json" --request PUT --data '{"id":"asset7","color":"red","size":11,"owner":"Jean","appraisedValue":101}' http://localhost:3000/api/assets/asset7
+curl --include --header "Content-Type: application/json" --header "api-key:Api-Key <apikeyfororg>" --request PUT --data '{"id":"asset7","color":"red","size":11,"owner":"Jean","appraisedValue":101}' http://localhost:3000/api/assets/asset7
 ```
 
 ### Transfer an asset...
 
 ```shell
-curl --include --header "Content-Type: application/json" --request PATCH --data '[{"op":"replace","path":"/owner","value":"Ashleigh"}]' http://localhost:3000/api/assets/asset7
+curl --include --header "Content-Type: application/json" --header "api-key:Api-Key <apikeyfororg>" --request PATCH --data '[{"op":"replace","path":"/owner","value":"Ashleigh"}]' http://localhost:3000/api/assets/asset7
 ```
 
 ### Delete an asset...
 
 ```shell
-curl --include --request DELETE http://localhost:3000/api/assets/asset7
+curl --include --header "api-key:Api-Key <apikeyfororg>" --request DELETE http://localhost:3000/api/assets/asset7
 ```
diff --git a/asset-transfer-basic/rest-api-typescript/package-lock.json b/asset-transfer-basic/rest-api-typescript/package-lock.json
index 4c4d1114..4e25209a 100644
--- a/asset-transfer-basic/rest-api-typescript/package-lock.json
+++ b/asset-transfer-basic/rest-api-typescript/package-lock.json
@@ -268,6 +268,15 @@
       "resolved": "https://registry.npmjs.org/@types/node/-/node-15.12.4.tgz",
       "integrity": "sha512-zrNj1+yqYF4WskCMOHwN+w9iuD12+dGm0rQ35HLl9/Ouuq52cEtd0CH9qMgrdNmi5ejC1/V7vKEXYubB+65DkA=="
     },
+    "@types/passport": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.7.tgz",
+      "integrity": "sha512-JtswU8N3kxBYgo+n9of7C97YQBT+AYPP2aBfNGTzABqPAZnK/WOAaKfh3XesUYMZRrXFuoPc2Hv0/G/nQFveHw==",
+      "dev": true,
+      "requires": {
+        "@types/express": "*"
+      }
+    },
     "@types/pino": {
       "version": "6.3.8",
       "resolved": "https://registry.npmjs.org/@types/pino/-/pino-6.3.8.tgz",
@@ -1961,6 +1970,29 @@
       "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
       "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
     },
+    "passport": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/passport/-/passport-0.4.1.tgz",
+      "integrity": "sha512-IxXgZZs8d7uFSt3eqNjM9NQ3g3uQCW5avD8mRNoXV99Yig50vjuaez6dQK2qC0kVWPRTujxY0dWgGfT09adjYg==",
+      "requires": {
+        "passport-strategy": "1.x.x",
+        "pause": "0.0.1"
+      }
+    },
+    "passport-headerapikey": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/passport-headerapikey/-/passport-headerapikey-1.2.2.tgz",
+      "integrity": "sha512-4BvVJRrWsNJPrd3UoZfcnnl4zvUWYKEtfYkoDsaOKBsrWHYmzTApCjs7qUbncOLexE9ul0IRiYBFfBG0y9IVQA==",
+      "requires": {
+        "lodash": "^4.17.15",
+        "passport-strategy": "^1.0.0"
+      }
+    },
+    "passport-strategy": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
+      "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ="
+    },
     "path-is-absolute": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -1984,6 +2016,11 @@
       "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
       "dev": true
     },
+    "pause": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
+      "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10="
+    },
     "picomatch": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz",
diff --git a/asset-transfer-basic/rest-api-typescript/package.json b/asset-transfer-basic/rest-api-typescript/package.json
index cfee92bd..1b1aa0e6 100644
--- a/asset-transfer-basic/rest-api-typescript/package.json
+++ b/asset-transfer-basic/rest-api-typescript/package.json
@@ -12,6 +12,8 @@
     "helmet": "^4.6.0",
     "http-status-codes": "^2.1.4",
     "ioredis": "^4.27.6",
+    "passport": "^0.4.1",
+    "passport-headerapikey": "^1.2.2",
     "pino": "^6.11.3",
     "pino-http": "^5.5.0",
     "source-map-support": "^0.5.19"
@@ -20,6 +22,7 @@
     "@types/express": "^4.17.12",
     "@types/ioredis": "^4.26.4",
     "@types/node": "^15.12.4",
+    "@types/passport": "^1.0.7",
     "@types/pino": "^6.3.8",
     "@types/pino-http": "^5.4.1",
     "@typescript-eslint/eslint-plugin": "^4.28.0",
diff --git a/asset-transfer-basic/rest-api-typescript/scripts/generateEnv.sh b/asset-transfer-basic/rest-api-typescript/scripts/generateEnv.sh
index fa30cbdc..3d2b7030 100755
--- a/asset-transfer-basic/rest-api-typescript/scripts/generateEnv.sh
+++ b/asset-transfer-basic/rest-api-typescript/scripts/generateEnv.sh
@@ -30,6 +30,8 @@ REDIS_HOST=localhost
 
 REDIS_PORT=6379
 
+ORG1_APIKEY=$(uuidgen)
+
 #REDIS_USERNAME=
 
 #REDIS_PASSWORD=
diff --git a/asset-transfer-basic/rest-api-typescript/src/auth.ts b/asset-transfer-basic/rest-api-typescript/src/auth.ts
new file mode 100644
index 00000000..dcd3e724
--- /dev/null
+++ b/asset-transfer-basic/rest-api-typescript/src/auth.ts
@@ -0,0 +1,24 @@
+import { logger } from './logger';
+import { HeaderAPIKeyStrategy } from 'passport-headerapikey';
+import * as config from './config';
+export const fabricAPIKeyStrategy: HeaderAPIKeyStrategy =
+  new HeaderAPIKeyStrategy(
+    { header: 'api-key', prefix: 'Api-Key ' },
+    true,
+    function (apikey, done) {
+      const user: { org: string } = {
+        org: '',
+      };
+      if (apikey === config.org1ApiKey) {
+        user.org = 'Org1';
+        logger.info('Organisation set to Org1');
+        done(null, user);
+
+        //todo
+        //add org2 apikey check
+      } else {
+        logger.debug('APIKEY Mismatch');
+        return done(null, false);
+      }
+    }
+  );
diff --git a/asset-transfer-basic/rest-api-typescript/src/config.ts b/asset-transfer-basic/rest-api-typescript/src/config.ts
index cf967dcf..08c33865 100644
--- a/asset-transfer-basic/rest-api-typescript/src/config.ts
+++ b/asset-transfer-basic/rest-api-typescript/src/config.ts
@@ -97,3 +97,9 @@ export const redisUsername = env
   .asString();
 
 export const redisPassword = env.get('REDIS_PASSWORD').asString();
+
+export const org1ApiKey = env
+  .get('ORG1_APIKEY')
+  .required()
+  .example('123')
+  .asString();
diff --git a/asset-transfer-basic/rest-api-typescript/src/server.ts b/asset-transfer-basic/rest-api-typescript/src/server.ts
index c0b51a38..a57dfcda 100644
--- a/asset-transfer-basic/rest-api-typescript/src/server.ts
+++ b/asset-transfer-basic/rest-api-typescript/src/server.ts
@@ -22,6 +22,8 @@ const {
   SERVICE_UNAVAILABLE,
 } = StatusCodes;
 
+import { fabricAPIKeyStrategy } from './auth';
+import passport from 'passport';
 export const createServer = async (): Promise<Application> => {
   const app = express();
 
@@ -48,6 +50,12 @@ export const createServer = async (): Promise<Application> => {
   app.use(express.json());
   app.use(express.urlencoded({ extended: true }));
 
+  //define passport startegy
+  passport.use(fabricAPIKeyStrategy);
+
+  //initialize passport js
+  app.use(passport.initialize());
+
   if (process.env.NODE_ENV === 'development') {
     // TBC
   }
@@ -90,8 +98,16 @@ export const createServer = async (): Promise<Application> => {
     throw new Error('Example error');
   });
 
-  app.use('/api/assets', assetsRouter);
-  app.use('/api/transactions', transactionsRouter);
+  app.use(
+    '/api/assets',
+    passport.authenticate('headerapikey', { session: false }),
+    assetsRouter
+  );
+  app.use(
+    '/api/transactions',
+    passport.authenticate('headerapikey', { session: false }),
+    transactionsRouter
+  );
 
   // For everything else
   app.use((_req, res) =>
diff --git a/demo.http b/demo.http
index 7873879f..b682c53e 100644
--- a/demo.http
+++ b/demo.http
@@ -4,18 +4,23 @@
 @port = 3000
 @baseUrl = http://{{hostname}}:{{port}}/api
 
-### Get all assets
+//Get the apikey from .env file 
+@api-key= Api-Key 295069C9-ABF5-4D2A-A020-2FF9F4E8DF07
 
+### Get all assets
 GET {{baseUrl}}/assets HTTP/1.1
+api-key: {{api-key}}
 
 ### Check if asset exists
 
 OPTIONS {{baseUrl}}/assets/asset7 HTTP/1.1
+api-key: {{api-key}}
 
 ### Create asset
 
 POST {{baseUrl}}/assets HTTP/1.1
 content-type: application/json
+api-key: {{api-key}}
 
 {
     "id": "asset7",
@@ -28,15 +33,18 @@ content-type: application/json
 ### Read transaction status
 
 GET {{baseUrl}}/transactions/__transaction_id__ HTTP/1.1
+api-key: {{api-key}}
 
 ### Read asset
 
 GET {{baseUrl}}/assets/asset7 HTTP/1.1
+api-key: {{api-key}}
 
 ### Update asset
 
 PUT {{baseUrl}}/assets/asset7 HTTP/1.1
 content-type: application/json
+api-key: {{api-key}}
 
 {
     "id": "asset7",
@@ -50,6 +58,7 @@ content-type: application/json
 
 PATCH {{baseUrl}}/assets/asset7 HTTP/1.1
 content-type: application/json
+api-key: {{api-key}}
 
 [
     {
@@ -62,3 +71,4 @@ content-type: application/json
 ### Delete asset
 
 DELETE {{baseUrl}}/assets/asset7 HTTP/1.1
+api-key: {{api-key}}