[Fixes #973] Improve LOCKDOWN_GEONODE (#972) (#984)

* [Fixes #9377] Improve LOCKDOWN_GEONODE * Improve LOCKDOWN_GEONODE and fix npm build * Fix PR changes * refactor api key param * restore addQueryString function Co-authored-by: allyoucanmap <stefano.bovio@geosolutionsgroup.com> Co-authored-by: allyoucanmap <stefano.bovio@geosolutionsgroup.com>
GeoNode · May 23, 2022 · f02644b · f02644b
1 parent bd61a28
commit f02644b
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 28 deletions.
diff --git a/geonode_mapstore_client/client/js/api/geonode/user/index.js b/geonode_mapstore_client/client/js/api/geonode/user/index.js
@@ -14,8 +14,12 @@ import { getConfigProp } from '@mapstore/framework/utils/ConfigUtils';
 * @name api.geonode.user
 */
 
-export const getUserInfo = () => {
+export const getUserInfo = (apikey) => {
     const { endpointV1 = '/api' } = getConfigProp('geoNodeApi') || {};
-    return axios.get(`${endpointV1}/o/v4/userinfo`)
+    return axios.get(`${endpointV1}/o/v4/userinfo`, {
+        params: {
+            ...(apikey && { apikey })
+        }
+    })
         .then(({ data }) => data);
 };
diff --git a/geonode_mapstore_client/client/js/api/geonode/v2/index.js b/geonode_mapstore_client/client/js/api/geonode/v2/index.js
@@ -8,7 +8,8 @@
 
 import axios from '@mapstore/framework/libs/ajax';
 import {
-    parseDevHostname
+    parseDevHostname,
+    getApiToken
 } from '@js/utils/APIUtils';
 import merge from 'lodash/merge';
 import mergeWith from 'lodash/mergeWith';
@@ -91,7 +92,12 @@ export const setEndpoints = (data) => {
  * get all thw endpoints available from API V2
  */
 export const getEndpoints = () => {
-    return axios.get('/api/v2/')
+    const apikey = getApiToken();
+    return axios.get('/api/v2/', {
+        params: {
+            ...(apikey && { apikey })
+        }
+    })
         .then(({ data }) => {
             setEndpoints(data);
             return data;
@@ -413,15 +419,20 @@ export const getGroups = ({
         });
 };
 
-export const getUserByPk = (pk) => {
-    return axios.get(parseDevHostname(`${endpoints[USERS]}/${pk}`))
+export const getUserByPk = (pk, apikey) => {
+    return axios.get(parseDevHostname(`${endpoints[USERS]}/${pk}`), {
+        params: {
+            ...(apikey && { apikey })
+        }
+    })
         .then(({ data }) => data.user);
 };
 
 export const getAccountInfo = () => {
-    return getUserInfo()
+    const apikey = getApiToken();
+    return getUserInfo(apikey)
         .then((info) => {
-            return getUserByPk(info.sub)
+            return getUserByPk(info.sub, apikey)
                 .then((user) => ({
                     ...user,
                     info,

diff --git a/geonode_mapstore_client/client/js/utils/APIUtils.js b/geonode_mapstore_client/client/js/utils/APIUtils.js
@@ -35,6 +35,17 @@ export const parseDevHostname = (requestUrl) => {
     return requestUrl;
 };
 
+export const getApiToken = () => {
+    /*
+    In case of LOCKDOWN_MODE in geonode, we need to check if the search page
+    contains an APIKEY. This is required because otherwise the endpoint
+    will always raise an error due the missing auth. In this way if the
+    main call provide an apikey, we can proceed with the login
+    */
+    const geoNodePageConfig = window.__GEONODE_CONFIG__ || {};
+    return geoNodePageConfig.apikey || null;
+};
+
 export default {
     parseDevHostname
 };
diff --git a/geonode_mapstore_client/client/static/mapstore/configs/localConfig.json b/geonode_mapstore_client/client/static/mapstore/configs/localConfig.json
@@ -3,24 +3,6 @@
         "url": "proxy/?url=",
         "useCORS": []
     },
-    "useAuthenticationRules": true,
-    "authenticationRules": [
-        {
-            "urlPattern": ".*geoserver.*",
-            "authkeyParamName": "access_token",
-            "method": "authkey"
-        },
-        {
-            "urlPattern": ".*gs.*",
-            "authkeyParamName": "access_token",
-            "method": "authkey"
-        },
-        {
-            "urlPattern": ".*api/v2.*",
-            "method": "bearer"
-        }
-    ],
-    "defaultLayerFormat": "image/png",
     "geoNodeApi": {
         "endpointV1": "/api",
         "endpointV2": "/api/v2"

diff --git a/geonode_mapstore_client/templates/geonode-mapstore-client/_geonode_config.html b/geonode_mapstore_client/templates/geonode-mapstore-client/_geonode_config.html
@@ -1,6 +1,7 @@
 {% load client_lib_tags %}
 {% load base_tags %}
 {% load get_menu_json %}
+{% load apikey %}
 {% comment %}
     app and map configuration need to be normalized
 {% endcomment %}
@@ -12,6 +13,8 @@
 
 {% get_menu_json 'CARDS_MENU' as CARDS_MENU %}
 {{ CARDS_MENU|json_script:"menu-CARDS_MENU" }}
+{% generate_proxyurl PROXY_URL|default:"/proxy/?url=" request as UPDATED_PROXY_URL %}
+{% retrieve_apikey request as user_apikey %}
 
 <script>
     (function(){
@@ -72,11 +75,29 @@
             isEmbed: isEmbed,
             pluginsConfigKey: pluginsConfigKey,
             pluginsConfigPatchRules: pluginsConfigPatchRules,
+            apikey: '{%if user_apikey %}{{user_apikey}}{% else %}{% endif %}',
             localConfig: {
                 proxyUrl: {
-                    url: '{{ PROXY_URL|default:"/proxy/?url=" }}',
+                    url: '{{UPDATED_PROXY_URL|safe }}',
                     useCORS: []
                 },
+                useAuthenticationRules: true,
+                authenticationRules: [
+                    {
+                        urlPattern: '.*geoserver.*',
+                        authkeyParamName: 'access_token',
+                        method: 'authkey'
+                    },
+                    {
+                        urlPattern: '.*gs.*',
+                        authkeyParamName: 'access_token',
+                        method: 'authkey'
+                    },
+                    {
+                        urlPattern: '.*api/v2.*',
+                        method: 'bearer'
+                    }
+                ],
                 extensionsFolder: extensionsFolder,
                 printUrl: geoServerPublicLocation + 'pdf/info.json',
                 bingApiKey: '{% bing_api_key %}',
@@ -100,7 +121,7 @@
                     isMobile: isMobile,
                     datasetMaxUploadSize: datasetMaxUploadSize,
                     documentMaxUploadSize: documentMaxUploadSize,
-                    maxParallelUploads: maxParallelUploads,
+                    maxParallelUploads: maxParallelUploads
                 },
                 geoNodeConfiguration: {
                     cardsMenu: {

diff --git a/geonode_mapstore_client/templatetags/apikey.py b/geonode_mapstore_client/templatetags/apikey.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#########################################################################
+#
+# Copyright 2015-2022, GeoSolutions Sas.
+# All rights reserved.
+#
+# This source code is licensed under the BSD-style license found in the
+# LICENSE file in the root directory of this source tree.
+#
+#########################################################################
+
+import logging
+from urllib.parse import urlparse
+
+from django.conf import settings
+from geonode.base.auth import extract_user_from_headers, get_auth_token
+
+from django import template
+
+logger = logging.getLogger(__name__)
+register = template.Library()
+
+
+@register.simple_tag()
+def generate_proxyurl(_url, request):
+    if request:
+        apikey = request.GET.get('apikey')
+        if apikey:
+            pproxyurl = urlparse(_url)
+            proxyurl = f'{pproxyurl.path}?apikey={apikey}&{pproxyurl.query}'
+            return proxyurl
+    return _url
+
+
+@register.simple_tag()
+def retrieve_apikey(request):
+    if settings.ENABLE_APIKEY_LOGIN:
+        return get_auth_token(request.user) or None