-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
on-prem support #200
Comments
hello @GottZ you are right, there is a huge overlap between the on-prem installation and the cloud version, as most applications are the same or have the same APIs. If you take a look into the C# pendent you'll see, that there is a fallback for a pre-configured system-base URI and a default tenant-id: This fallback is only used if both header are absent, because of security reasons. The same behavior could be adopted here: Or you create a middleware which creates a dvelopContext like so:
So I think the SDK can already easily be used on Prem. The main issue is, that there may be incompatibilities because of older application versions, which may be found at on-premises systems. @LenKlose What do you think? Would injecting headers or a default base-uri or tenant-id like in the C# version a better approach? |
Hello @GottZ, are we only talking about the express-middleware (the contextMiddleware)? I think it would be reasonable to add a way to add custom values or supply a secondary context middleware function similar to our C# approach. |
Hi, that looks promising. The important part is, that you don't use a user-provided As you always hardcode your base-uri this approach would be fine (from a security perspective) as long as you don't include the middleware to verify the signature. The only downside I can see right now is, that we may decide to make the check for In that case you could use a self written
I'm not completely sure about this topic, the user-object is written into the requestcontext through another middleware. But I have to admit, that I'm not deep into the node-sdk to know for sure how they work together. I would expect that everythig works fine with your code as long as you also include the authenticationMiddleware |
ip pinning ftw. I don't let any other client but the http gateway make calls to the module.
would be reasonable to have a instance initialization construct then.
true.
apparently it doesn't take the CA from the system certificate store, so I have to override axum's http configuration to provide the certificate manually. that's precisely what I'm debugging and tinkering with right now. who knows.. maybe it's also client OS configuration related. I have to find the cause myself. |
ok so apparently that certification issue I noticed is actually common. nodejs on windows doesn't use the windows certificate store at all, thus tools like https://github.com/ukoloff/win-ca or similar have to be used, in order to use custom certificates in nodejs for windows. definitely something I'd recommend adding to the sdk readme down the line. well.. it works: import winCa from "win-ca";
winCa.inject("+"); just to give some context to what I had to do, in order to debug this somewhat. glad to have copilot. // ...
import { _getAuthSessionIdFromRequestDefaultFunction, _authenticationMiddlewareFactory, _redirectToLoginPageFactory } from "@dvelop-sdk/express-utils/lib/internal";
import { _validateAuthSessionIdFactory, _validateAuthSessionIdDefaultTransformFunction, _defaultHttpRequestFunctionFactory, _defaultHttpRequestFunction } from "@dvelop-sdk/identityprovider/lib/internal";
import { DvelopHttpClient, DvelopHttpRequestConfig, DvelopHttpResponse, axiosHttpClientFactory, axiosInstanceFactory } from "@dvelop-sdk/core/lib/http/http-client"
import { deepMergeObjects, generateRequestId, buildTraceparentHeader } from "@dvelop-sdk/core";
import axios from "axios";
const onPremDefaultDvelopHttpClientFactory = (): DvelopHttpClient => {
const ax = axiosInstanceFactory(axios);
ax.interceptors.request.use(
(request) => {
console.log(request);
return request;
}, (error) => {
console.log(error);
return Promise.reject(error);
}
);
ax.interceptors.response.use(
(response) => {
console.log(response);
return response;
}, (error) => {
console.log(error);
return Promise.reject(error);
}
);
return axiosHttpClientFactory(ax, generateRequestId, buildTraceparentHeader, deepMergeObjects);
}
const onPremDefaultHttpRequestFunction = async (context: DvelopContext, config: DvelopHttpRequestConfig): Promise<DvelopHttpResponse> => {
return _defaultHttpRequestFunctionFactory(onPremDefaultDvelopHttpClientFactory())(context, config);
}
const onPremValidateAuthSessionId = async (context: DvelopContext): Promise<DvelopUser> => {
return await _validateAuthSessionIdFactory(onPremDefaultHttpRequestFunction, _validateAuthSessionIdDefaultTransformFunction)(context);
}
const onPremAuthenticatorMiddleware = (req: Request, res: Response, next: NextFunction) => {
return _authenticationMiddlewareFactory(_getAuthSessionIdFromRequestDefaultFunction, onPremValidateAuthSessionId)(req, res, next);
}
app.get(`/${appName}/me`, onPremAuthenticatorMiddleware, (req: Request, res: Response) => {
console.log(req.dvelopContext);
res.status(200).send(`<h1>Hello ${req.dvelopContext.user?.displayName}</h1>`);
}); while in the end, running this actually helped me debug the certificate chain in console: import https from "node:https";
{
const { options } = https.globalAgent.options;
options.enableTrace = true;
options.requestCert = true;
// options.rejectUnauthorized = false;
}
https.request(process.env.DV_BASE_URI); |
Hey @GottZ could you take a look at #202 and see if this would solve your problem? This would enable you to initilaze your middleware like this: import { contextMiddlewareFactoryWithFixedSystemBaseUri } from "@dvelop-sdk/express-utils";
app.use(contextMiddlewareFactoryWithFixedSystemBaseUri("https://my.local.baseuri")); //could optionally supply a tenantId (default: 0)
app.use((req: Request, _: Response, next: NextFunction) => {
console.log(req.dvelopContext);
next();
}); |
that's looking great and indeed reduces code-smell! nice! I do recommend adding |
hello there.
today I've started digging a little into the source of this repository and noticed a ton of overlap with on-prem installations of D3, just requiring some header injections and slight changes inside some Adapters and Middleware, to just make it work behind the d.ecs http gateway.
due to the fact the required changes are fairly minimal core changes, I wonder if anyone thought about giving support for fully licensed on-prem current environments.
if there ain't any plans for that, and nothing is available for doing so, I'll just port this SDK myself, as the license doesn't forbid it.
The text was updated successfully, but these errors were encountered: