Currently the apiKeyAuth handler in the validateSecurity openApiValidatorOptions in the onf-core-model-ap/applicationPattern/commons/AppCommons matches the incoming url with one of the operation-server’s operation-name.
Further the operation-key in the incoming request will be validated against the operation-key in the matched operation-server to authenticate the request.
This logic will work fine for the incoming request without any path parameters , where we can exactly match the incoming url with the operation-server.
Since in the MWDG application , we have individual services with path parameters , the existing logic to validate the operation-key will not work.
This shall be handled in the application pattern issue https://github.com/openBackhaul/ApplicationPattern/issues/924
But until then , in the MWDG application we shall include the following logic to validate the operation key.
In the server/utils folder create a file apiKeyAuth.js
Function compares "operation-key" from request header to operation-key from load file.
The function is meant as a handler for validateSecurity option from express-openapi-validator.
@param {object} request express request
@param {string[]} scopes security scopes
@param {object} schema SecuritySchemeObject
@returns {Promise} Promise is true when operation keys are equal.
*/
// eslint-disable-next-line no-unused-vars
module.exports.validateOperationKey = async function validateOperationKey(request, scopes, schema) {
let pathDefinedInOpenApi = request.openapi.openApiRoute;
const operationUuid = await operationServerInterface.getOperationServerUuidAsync(pathDefinedInOpenApi);
const operationKeyFromLoadfile = await operationServerInterface.getOperationKeyAsync(operationUuid);
const isAuthorized = operationKeyFromLoadfile === request.headers['operation-key'];
return isAuthorized;
}
3. In the index.js , replace the appscommon apikeyAuth handler with the defined handler from apiKeyAuth.js
```js
var apiKeyAuth = require('./utils/apiKeyAuth');
appCommons.openApiValidatorOptions.validateSecurity.handlers.apiKeyAuth = apiKeyAuth.validateOperationKey;
Currently the apiKeyAuth handler in the validateSecurity openApiValidatorOptions in the onf-core-model-ap/applicationPattern/commons/AppCommons matches the incoming url with one of the operation-server’s operation-name. Further the operation-key in the incoming request will be validated against the operation-key in the matched operation-server to authenticate the request. This logic will work fine for the incoming request without any path parameters , where we can exactly match the incoming url with the operation-server.
Since in the MWDG application , we have individual services with path parameters , the existing logic to validate the operation-key will not work. This shall be handled in the application pattern issue https://github.com/openBackhaul/ApplicationPattern/issues/924
But until then , in the MWDG application we shall include the following logic to validate the operation key.
const operationServerInterface = require('onf-core-model-ap/applicationPattern/onfModel/models/layerProtocols/OperationServerInterface');
/**