From e0e330c43a69d7ad668393481075f320ec5a29eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Thu, 30 Jan 2020 17:32:23 +0100 Subject: [PATCH 1/6] XSUAA Config 1 --- package.json | 4 ++-- packages/bookshop/.cdsrc.json | 20 +++++++++++++++++ packages/bookshop/package.json | 30 ++++++++++++++++++++++++- packages/bookshop/srv/admin-service.cds | 4 ++++ packages/bookshop/srv/cat-service.js | 8 +++++++ 5 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 packages/bookshop/.cdsrc.json diff --git a/package.json b/package.json index 499371c6..edd10d8f 100644 --- a/package.json +++ b/package.json @@ -11,13 +11,13 @@ "bookshop": "cds watch packages/bookshop", "bookshop-enhanced": "cds watch packages/bookshop-enhanced", "reviews-service": "cds watch packages/reviews-service", - "bookstore": "cds watch packages/bookstore", "media-server": "cds watch packages/media-server" }, "dependencies": { "@sap/cds": "latest", - "express": "*" + "express": "*", + "passport": "^0.4.1" }, "devDependencies": { "sqlite3": "*" diff --git a/packages/bookshop/.cdsrc.json b/packages/bookshop/.cdsrc.json new file mode 100644 index 00000000..d4a1031a --- /dev/null +++ b/packages/bookshop/.cdsrc.json @@ -0,0 +1,20 @@ +{ + "auth": { + "passport": { + "strategy": "mock", + "users": { + "alice": { + "password": "123", + "ID": "alice", + "roles": ["admin", "authenticated-user"], + "xs.user.attributes": { "currency": [ "USD" ] } + }, + "bob": { + "password": "123", + "ID": "bob", + "roles": ["authenticated-user"] + } + } + } +} +} diff --git a/packages/bookshop/package.json b/packages/bookshop/package.json index 4a9d52e9..1e34a6d9 100644 --- a/packages/bookshop/package.json +++ b/packages/bookshop/package.json @@ -5,10 +5,38 @@ "license": "SAP SAMPLE CODE LICENSE", "dependencies": { "@sap/cds": "latest", - "express": "*" + "express": "*", + "passport": "^0.4.1" }, "scripts": { "start": "cds run --in-memory?", "watch": "cds watch" + }, + "auth": { + "passport": { + "strategy": "mock", + "users": { + "alice": { + "password": "123", + "ID": "alice", + "roles": [ + "admin", + "authenticated-user" + ], + "xs.user.attributes": { + "country": [ + "US" + ] + } + }, + "bob": { + "password": "123", + "ID": "bob", + "roles": [ + "authenticated-user" + ] + } + } + } } } diff --git a/packages/bookshop/srv/admin-service.cds b/packages/bookshop/srv/admin-service.cds index a5b095dd..e88d7f0f 100644 --- a/packages/bookshop/srv/admin-service.cds +++ b/packages/bookshop/srv/admin-service.cds @@ -14,3 +14,7 @@ annotate AdminService.Orders with @odata.draft.enabled; extend service AdminService with { entity OrderItems as select from my.OrderItems; } +// Restrict access to orders to users with role "admin" + annotate AdminService.Orders with @(restrict: [ + { grant: 'READ', to: 'admin' } + ]); \ No newline at end of file diff --git a/packages/bookshop/srv/cat-service.js b/packages/bookshop/srv/cat-service.js index bd04c51e..dacdfef9 100644 --- a/packages/bookshop/srv/cat-service.js +++ b/packages/bookshop/srv/cat-service.js @@ -4,6 +4,7 @@ const { Books } = cds.entities /** Service implementation for CatalogService */ module.exports = cds.service.impl(function() { this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11)) + this.before ('CREATE', 'Orders', _checkOrderCreateAuth) this.before ('CREATE', 'Orders', _reduceStock) }) @@ -24,3 +25,10 @@ async function _reduceStock (req) { ) })) } + +/** Check authorization */ +function _checkOrderCreateAuth (req) { + req.user.country === req.data.country || req.reject(403) +} + + From a458c7bb0dc8e1e00f14b2c65be733badaf853eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Thu, 30 Jan 2020 17:48:32 +0100 Subject: [PATCH 2/6] cleanup --- packages/bookshop/.cdsrc.json | 20 ----------- packages/bookshop/package-lock.json | 27 +++++++++++++++ packages/bookshop/package.json | 47 +++++++++++--------------- packages/bookshop/srv/admin-service.js | 10 ++++++ packages/bookshop/srv/cat-service.js | 5 --- 5 files changed, 57 insertions(+), 52 deletions(-) delete mode 100644 packages/bookshop/.cdsrc.json create mode 100644 packages/bookshop/package-lock.json create mode 100644 packages/bookshop/srv/admin-service.js diff --git a/packages/bookshop/.cdsrc.json b/packages/bookshop/.cdsrc.json deleted file mode 100644 index d4a1031a..00000000 --- a/packages/bookshop/.cdsrc.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "auth": { - "passport": { - "strategy": "mock", - "users": { - "alice": { - "password": "123", - "ID": "alice", - "roles": ["admin", "authenticated-user"], - "xs.user.attributes": { "currency": [ "USD" ] } - }, - "bob": { - "password": "123", - "ID": "bob", - "roles": ["authenticated-user"] - } - } - } -} -} diff --git a/packages/bookshop/package-lock.json b/packages/bookshop/package-lock.json new file mode 100644 index 00000000..a0727585 --- /dev/null +++ b/packages/bookshop/package-lock.json @@ -0,0 +1,27 @@ +{ + "name": "@sap/capire-bookshop", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "passport": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/passport/-/passport-0.4.1.tgz", + "integrity": "sha512-IxXgZZs8d7uFSt3eqNjM9NQ3g3uQCW5avD8mRNoXV99Yig50vjuaez6dQK2qC0kVWPRTujxY0dWgGfT09adjYg==", + "requires": { + "passport-strategy": "1.x.x", + "pause": "0.0.1" + } + }, + "passport-strategy": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", + "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=" + }, + "pause": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", + "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10=" + } + } + } \ No newline at end of file diff --git a/packages/bookshop/package.json b/packages/bookshop/package.json index 1e34a6d9..60a017a2 100644 --- a/packages/bookshop/package.json +++ b/packages/bookshop/package.json @@ -8,35 +8,28 @@ "express": "*", "passport": "^0.4.1" }, + "cds": { + "auth": { + "passport": { + "strategy": "mock", + "users": { + "alice": { + "password": "123", + "ID": "alice", + "roles": ["admin", "authenticated-user"], + "xs.user.attributes": { "currency": [ "USD" ] } + }, + "bob": { + "password": "123", + "ID": "bob", + "roles": ["authenticated-user"] + } + } + } + } + }, "scripts": { "start": "cds run --in-memory?", "watch": "cds watch" - }, - "auth": { - "passport": { - "strategy": "mock", - "users": { - "alice": { - "password": "123", - "ID": "alice", - "roles": [ - "admin", - "authenticated-user" - ], - "xs.user.attributes": { - "country": [ - "US" - ] - } - }, - "bob": { - "password": "123", - "ID": "bob", - "roles": [ - "authenticated-user" - ] - } - } - } } } diff --git a/packages/bookshop/srv/admin-service.js b/packages/bookshop/srv/admin-service.js new file mode 100644 index 00000000..471b2605 --- /dev/null +++ b/packages/bookshop/srv/admin-service.js @@ -0,0 +1,10 @@ +/** Service implementation for AdminService */ +module.exports = cds.service.impl(function() { + this.before ('CREATE', 'Orders', _checkOrderCreateAuth) + }) + + + /** Check authorization */ + function _checkOrderCreateAuth (req) { + req.user.currency[0] === req.data.currency_code || req.reject(403) + } \ No newline at end of file diff --git a/packages/bookshop/srv/cat-service.js b/packages/bookshop/srv/cat-service.js index dacdfef9..bdf91080 100644 --- a/packages/bookshop/srv/cat-service.js +++ b/packages/bookshop/srv/cat-service.js @@ -4,7 +4,6 @@ const { Books } = cds.entities /** Service implementation for CatalogService */ module.exports = cds.service.impl(function() { this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11)) - this.before ('CREATE', 'Orders', _checkOrderCreateAuth) this.before ('CREATE', 'Orders', _reduceStock) }) @@ -26,9 +25,5 @@ async function _reduceStock (req) { })) } -/** Check authorization */ -function _checkOrderCreateAuth (req) { - req.user.country === req.data.country || req.reject(403) -} From 3c094c201b0ebbccd5e29f59ba102f2cef5f2bd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Fri, 31 Jan 2020 15:59:43 +0100 Subject: [PATCH 3/6] XSUAA --- db/package.json | 12 ++++++++ mta.yaml | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ package.json | 67 ++++++++++++++++++++++++------------------ 3 files changed, 128 insertions(+), 28 deletions(-) create mode 100644 db/package.json create mode 100644 mta.yaml diff --git a/db/package.json b/db/package.json new file mode 100644 index 00000000..247b99df --- /dev/null +++ b/db/package.json @@ -0,0 +1,12 @@ +{ + "name": "deploy", + "dependencies": { + "@sap/hdi-deploy": "^3.8.2" + }, + "engines": { + "node": "^8" + }, + "scripts": { + "start": "node node_modules/@sap/hdi-deploy/deploy.js" + } +} diff --git a/mta.yaml b/mta.yaml new file mode 100644 index 00000000..20934b44 --- /dev/null +++ b/mta.yaml @@ -0,0 +1,77 @@ +####### Generated mta.yaml based on template version 0.2.0 +####### appName = capire-samples +####### language=nodejs; multiTenant= +####### approuter= + +_schema-version: '3.1' +ID: sap.capire-samples +version: 1.0.0 +description: "The umbrella project for all samples to easily setup for local development and tests." + +build-parameters: + before-all: + - builder: custom + commands: + - npm install + - cds build/all + +parameters: + enable-parallel-deployments: true + +modules: + ############## SERVER MODULE ########################## + - name: capire-samples-srv + type: nodejs + path: + properties: + EXIT: 1 # required by deploy.js task to terminate + + + requires: + #### Resources extracted from CAP configuration #### + - name: capire-samples-db + - name: capire-samples-uaa + + provides: + - name: srv-binding # required by consumers of CAP services (e.g. approuter) + properties: + srv-url: ${default-url} + + ############################################################ + + ############## SIDECAR MODULE ######################### + - name: db + + type: hdb + path: gen/db + parameters: + app-name: capire-samples-db + requires: + #### Hana and xsuaa resources extracted from CAP configuration #### + - name: capire-samples-db + - name: capire-samples-uaa + ############################################################ + + +############## RESOURCES ################################## +resources: + ##### Services extracted from CAP configuration #### + ##### 'service-plan' can be configured via 'cds.requires..vcap.plan' + - name: capire-samples-db + type: com.sap.xs.hdi-container + + parameters: + properties: + hdi-service-name: ${service-name} # required for Java case + - name: capire-samples-uaa + + type: org.cloudfoundry.managed-service + parameters: + path: ./xs-security.json + service: xsuaa + service-plan: application + config: + xsappname: capire-samples-${space} # name + space dependency + tenant-mode: dedicated + ### scopes and role templates will be added below by a developer or by CAP tools +############################################################ diff --git a/package.json b/package.json index edd10d8f..43528893 100644 --- a/package.json +++ b/package.json @@ -1,30 +1,41 @@ { - "name": "@sap/capire-samples", - "description": "The umbrella project for all samples to easily setup for local development and tests.", - "repository": "https://github.com/SAP-samples/cloud-cap-samples.git", - "author": "daniel.hutzel@sap.com", - "private": true, - "scripts": { - "lerna": "npx --no-install lerna -v > /dev/null || npm i lerna --no-save", - "install": "(npm -s run lerna) && lerna bootstrap --hoist", - "cleanup": "lerna clean -y && rm -fr node_modules", - "bookshop": "cds watch packages/bookshop", - "bookshop-enhanced": "cds watch packages/bookshop-enhanced", - "reviews-service": "cds watch packages/reviews-service", - "bookstore": "cds watch packages/bookstore", - "media-server": "cds watch packages/media-server" - }, - "dependencies": { - "@sap/cds": "latest", - "express": "*", - "passport": "^0.4.1" - }, - "devDependencies": { - "sqlite3": "*" - }, - "--add-these-to-devDependencies-for-tests": { - "@types/jest": "*", - "jest": "*" - }, - "license": "SAP SAMPLE CODE LICENSE" + "name": "@sap/capire-samples", + "description": "The umbrella project for all samples to easily setup for local development and tests.", + "repository": "https://github.com/SAP-samples/cloud-cap-samples.git", + "author": "daniel.hutzel@sap.com", + "private": true, + "scripts": { + "lerna": "npx --no-install lerna -v > /dev/null || npm i lerna --no-save", + "install": "(npm -s run lerna) && lerna bootstrap --hoist", + "cleanup": "lerna clean -y && rm -fr node_modules", + "bookshop": "cds watch packages/bookshop", + "bookshop-enhanced": "cds watch packages/bookshop-enhanced", + "reviews-service": "cds watch packages/reviews-service", + "bookstore": "cds watch packages/bookstore", + "media-server": "cds watch packages/media-server" + }, + "dependencies": { + "@sap/cds": "latest", + "express": "*", + "passport": "^0.4.1", + "hdb": "^0.17.1" + }, + "devDependencies": { + "sqlite3": "*" + }, + "--add-these-to-devDependencies-for-tests": { + "@types/jest": "*", + "jest": "*" + }, + "license": "SAP SAMPLE CODE LICENSE", + "cds": { + "requires": { + "db": { + "kind": "hana" + }, + "uaa": { + "kind": "xsuaa" + } + } + } } From 73cf6557155b17fab8c60fcaf5066f3b5f4822f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Mon, 3 Feb 2020 09:26:33 +0100 Subject: [PATCH 4/6] instance based restriction in catalogservice --- packages/bookshop/srv/cat-service.cds | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/bookshop/srv/cat-service.cds b/packages/bookshop/srv/cat-service.cds index efe7b5d9..2664965d 100644 --- a/packages/bookshop/srv/cat-service.cds +++ b/packages/bookshop/srv/cat-service.cds @@ -11,3 +11,7 @@ service CatalogService { @insertonly entity Orders as projection on my.Orders; } +// Example for an instance restriction + annotate CatalogService.Orders with @(restrict: [ + { grant: 'READ', where: 'currency_code = $user.currency' } + ]); \ No newline at end of file From 05a5a6846368263a5be503b697d5fb891d3337de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Mon, 3 Feb 2020 10:30:28 +0100 Subject: [PATCH 5/6] add HANATRIAL to MTA.YAML --- mta.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/mta.yaml b/mta.yaml index 20934b44..4981c041 100644 --- a/mta.yaml +++ b/mta.yaml @@ -61,6 +61,7 @@ resources: type: com.sap.xs.hdi-container parameters: + service: hanatrial properties: hdi-service-name: ${service-name} # required for Java case - name: capire-samples-uaa From cad3a32c78620f4c4558fad34991dd48866af8d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Mon, 3 Feb 2020 12:44:13 +0100 Subject: [PATCH 6/6] Add model": "srv" in package.json --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 43528893..2df9ce58 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,8 @@ "cds": { "requires": { "db": { - "kind": "hana" + "kind": "hana", + "model": "srv" }, "uaa": { "kind": "xsuaa"