Merge branch 'develop' into cda-gui/review-and-improvements

Author: krowvin

.github/workflows/build.yml

@@ -34,7 +34,7 @@ jobs:
       - name: checkout code
         uses: actions/checkout@v5.0.0
       - name: setup java
-        uses: actions/setup-java@v5.0.0
+        uses: actions/setup-java@v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{matrix.jdk}}
@@ -60,7 +60,7 @@ jobs:
       - name: checkout code
         uses: actions/checkout@v5.0.0
       - name: setup java
-        uses: actions/setup-java@v5.0.0
+        uses: actions/setup-java@v5.2.0
         with:
           distribution: 'temurin'
           java-version: 11

.github/workflows/codeql.yml

@@ -21,7 +21,7 @@ jobs:
         with:
           languages: 'java'
       - name: setup java
-        uses: actions/setup-java@v5.0.0
+        uses: actions/setup-java@v5.2.0
         with:
           java-version: '11'
           java-package: jdk

.github/workflows/release.yml

@@ -61,7 +61,7 @@ jobs:
         with:
           ref: ${{inputs.branch}}
       - name: setup java
-        uses: actions/setup-java@v5.0.0
+        uses: actions/setup-java@v5.2.0
         with:
           distribution: 'temurin'
           java-version: '11'
@@ -84,7 +84,7 @@ jobs:
         id: create_release
         # Allow testing without creating a release
         if: github.event_name != 'pull_request' && (github.event.ref == 'refs/heads/develop' || startsWith(github.event.ref, 'refs/tags'))
-        uses: softprops/action-gh-release@v2.3.2
+        uses: softprops/action-gh-release@v2.5.0
         with:
           files: cwms-data-api/build/libs/cwms-data-api-${{env.VERSION}}.war
           tag_name: ${{env.VERSION}}

Dockerfile

@@ -56,6 +56,9 @@ ENV cwms.dataapi.access.providers="KeyAccessManager,OpenID"
 ENV cwms.dataapi.access.openid.wellKnownUrl="https://<prefix>/.well-known/openid-configuration"
 ENV cwms.dataapi.access.openid.issuer="<issuer>"
 ENV cwms.dataapi.access.openid.timeout="604800"
+# Putting default values here to easy configuration
+ENV cwms.dataapi.access.openid.clientId=cwms
+ENV cwms.dataapi.access.openid.idpHint=federation-eams
 #ENV cwms.dataapi.access.openid.altAuthUrl="https://identityc-test.cwbi.us/auth/realms/cwbi"
 
 # used to simplify redeploy in certain contexts. Update to match -<marker> in image label

cda-gui/package-lock.json

@@ -29,7 +29,7 @@
     "react-dom": "^18.2.0",
     "react-icons": "^5.0.1",
     "react-router-dom": "^7.1.2",
-    "swagger-ui-dist": "^5.17.7",
+    "swagger-ui-dist": "^5.29.5",
     "use-debounce": "^10.0.5"
   },
   "devDependencies": {

cda-gui/package.json

@@ -0,0 +1,6 @@
+<!doctype html>
+<html lang="en-US">
+<body>
+<script src="oauth2-redirect.js"></script>
+</body>
+</html>

cda-gui/public/oauth2-redirect.html

@@ -0,0 +1,69 @@
+"use strict"
+function run () {
+    var oauth2 = window.opener.swaggerUIRedirectOauth2
+    var sentState = oauth2.state
+    var redirectUrl = oauth2.redirectUrl
+    var isValid, qp, arr
+
+    if (/code|token|error/.test(window.location.hash)) {
+        qp = window.location.hash.substring(1).replace("?", "&")
+    } else {
+        qp = location.search.substring(1)
+    }
+
+    arr = qp.split("&")
+    arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace("=", '":"') + '"' })
+    qp = qp ? JSON.parse("{" + arr.join() + "}",
+            function (key, value) {
+                return key === "" ? value : decodeURIComponent(value)
+            }
+    ) : {}
+
+    isValid = qp.state === sentState
+
+    if ((
+        oauth2.auth.schema.get("flow") === "accessCode" ||
+        oauth2.auth.schema.get("flow") === "authorizationCode" ||
+        oauth2.auth.schema.get("flow") === "authorization_code"
+    ) && !oauth2.auth.code) {
+        if (!isValid) {
+            oauth2.errCb({
+                authId: oauth2.auth.name,
+                source: "auth",
+                level: "warning",
+                message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
+            })
+        }
+
+        if (qp.code) {
+            delete oauth2.state
+            oauth2.auth.code = qp.code
+            oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl})
+        } else {
+            let oauthErrorMsg
+            if (qp.error) {
+                oauthErrorMsg = "["+qp.error+"]: " +
+                    (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
+                    (qp.error_uri ? "More info: "+qp.error_uri : "")
+            }
+
+            oauth2.errCb({
+                authId: oauth2.auth.name,
+                source: "auth",
+                level: "error",
+                message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
+            })
+        }
+    } else {
+        oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl})
+    }
+    window.close()
+}
+
+if( document.readyState !== "loading" ) {
+    run()
+} else {
+    document.addEventListener("DOMContentLoaded", function () {
+    run()
+    })
+}

cda-gui/public/oauth2-redirect.js

@@ -5,32 +5,63 @@ import { useEffect } from "react";
 import { getBasePath } from "../../utils/base";
 
 export default function SwaggerUI() {
-  useEffect(() => {
-    // document.querySelector("#swagger-ui").prepend(Index)
-    // TODO: Add page index to top of page
-    // Alter the page title to match the swagger page
-    document.title = "CWMS Data API for Data Retrieval - Swagger UI";
-    // Begin Swagger UI call region
-    // TODO: add endpoint that dynamic returns swagger generated doc
-    SwaggerUIBundle({
-      url: getBasePath() + "/swagger-docs",
-      dom_id: "#swagger-ui",
-      deepLinking: false,
-      presets: [SwaggerUIBundle.presets.apis],
-      plugins: [SwaggerUIBundle.plugins.DownloadUrl],
-      requestInterceptor: (req) => {
-        // Add a cache-busting query param
-        const sep = req.url.includes("?") ? "&" : "?";
-        req.url = `${req.url}${sep}_cb=${Date.now()}`;
+    useEffect(() => {
+        // document.querySelector("#swagger-ui").prepend(Index)
+        // TODO: Add page index to top of page
+        // Alter the page title to match the swagger page
+        document.title = "CWMS Data API for Data Retrieval - Swagger UI";
+        // Begin Swagger UI call region
+        // TODO: add endpoint that dynamic returns swagger generated doc
 
-        // Also ask intermediaries not to serve from cache
-        req.headers["Cache-Control"] = "no-cache, no-store, max-age=0";
-        req.headers["Pragma"] = "no-cache";
+        const ui = SwaggerUIBundle({
+            url: getBasePath() + "/swagger-docs",
+            
+            dom_id: "#swagger-ui",
+            deepLinking: false,
+            presets: [SwaggerUIBundle.presets.apis],
+            plugins: [SwaggerUIBundle.plugins.DownloadUrl],
+            requestInterceptor: (req) => {
+                // Add a cache-busting query param... but only if it's to our api. Some
+                // external systems, like keycloak, don't allow random unknown parameters.
+                const origin = window.location.origin;                
+                const re = new RegExp(`^${origin}.*`)
+                if (re.test(req.url))
+                {
+                    const sep = req.url.includes("?") ? "&" : "?";
+                    req.url = `${req.url}${sep}_cb=${Date.now()}`;
 
-        return req;
-      },
-    });
-  }, []);
+                    // Also ask intermediaries not to serve from cache
+                    req.headers["Cache-Control"] = "no-cache, no-store, max-age=0";
+                    req.headers["Pragma"] = "no-cache";
+                }
+                return req;
+            },
+            onComplete: () => {
+                const spec = JSON.parse(ui.spec().get("spec"));
+                for (const schemeName in spec.components.securitySchemes) {
+                    const scheme = spec.components.securitySchemes[schemeName];
+                    if (scheme.type === "openIdConnect") {
+                        let additionalParams = null;
+                        let hints = scheme["x-kc_idp_hint"];
+                        if (hints) {
+                            additionalParams = {
+                                // Since getting the interface to allow users to choose
+                                // is likely impossible, we will assume the first in the list
+                                // is the "primary" auth system
+                                "kc_idp_hint": hints.values[0]
+                            };
+                        }
+                        ui.initOAuth({
+                            clientId: scheme["x-oidc-client-id"],
+                            usePkceWithAuthorizationCodeGrant: true,
+                            additionalQueryStringParams: additionalParams,
+                        });
+                        break;
+                    }
+                }
+            },
+        });
+    }, []);
 
   return <div id="swagger-ui"></div>;
 }

cda-gui/src/pages/swagger-ui/index.jsx

@@ -19,11 +19,11 @@ const normalizePath = (value, fallback = "/cwms-data") => {
 
 // https://vitejs.dev/config/
 export default defineConfig(({ mode }) => {
-  const env = loadEnv(mode, ".", "");
+  const env = loadEnv(mode, process.cwd(), "");
   const BASE_PATH = env.VITE_BASE_PATH || "/cwms-data";
   const CDA_PATH = normalizePath(env.VITE_CDA_URL, BASE_PATH);
   const proxyTarget = env.VITE_CDA_PROXY_TARGET || "https://cwms-data.usace.army.mil";
-
+  
   return {
     base: BASE_PATH,
     plugins: [react()],