Closed kieckhafer closed 4 years ago
@rosshadden This is "ready", in that once it's started up by hacking around a bit it works, but there are a couple issues needed to be discussed and fixed here:
1) We discussed this already, but there is a problem running bin/register-policies
with the current env
setup, due to the array that is used for services
. Adding a single quote around the array fixes this issue, however....
2) Then you can't start the gateway itself. We get an error from envalid
:
================================
Invalid environment variables:
SERVICES: Invalid json: "'[{ "name": "api", "url": "http://api.reaction.localhost:3000/graphql" },{ "name": "authorization", "url": "http://authorization.reaction.localhost:6000" }]'"
2020-03-06T22:33:50.948148765Z
Exiting with error code 1
================================
and if I change envalid
to expect a string, then we get to the next step, where we can't iterate over the services
because it's a string, not an array.
3) When trying to run bin/register-polices
, we need to hit the auth service at http://authorization.reaction.localhost:6001
, but the auth service needs to be hit at 6000
when running the gateway - I'm not entirely sure why this is the case at this point, (just making a note of it for now), but i'm sure digging into this will be the easiest of these three issues to fix.
To get it working, I put the '
around the services and changed the auth URL to 6001
, ran bin/setup-policies
, and then removed the '
and chagned it back to 6000
, and it all works correctly once that policy is registered.
@rosshadden my previous comment has been addressed and fixed.
The SERVICES
array is no longer in the env
. Instead, there is a new file, services.js
, which exports the array of services into index.js
. I've committed the file with a blank Array
, the user will need to add the services to this file in the same way they were adding them to the env
.
Resolves #13 Impact: minor Type: feature
Summary
Adds a Gateway level check to make sure the user trying to make a request through the gateway is allowed to use the gateway.
Currently, the policy - added at
bin/policies
- states all users are allowed to use the gateway, so this won't do anything aside from prove the check works.Since the check requires the
reaction-authorization
service to be running, this authorization check is behind aENABLE_AUTHORIZTION
flag, defaulted tofalse
, in theenv
.Testing
ENABLE_AUTHORIZTION
flag isfalse
ENABLE_AUTHORIZTION
flag istrue
index.js
, hardcodeisAuthorized
to returnfalse
api