diff --git a/app/server/lib/scim/index.ts b/app/server/lib/scim/index.ts new file mode 100644 index 00000000..54031c35 --- /dev/null +++ b/app/server/lib/scim/index.ts @@ -0,0 +1,24 @@ +import * as express from 'express'; +import { buildUsersRoute, checkPermissionToUsersEndpoint } from './v2/users'; +import { HomeDBManager } from 'app/gen-server/lib/homedb/HomeDBManager'; +import SCIMMY from "scimmy"; +import SCIMMYRouters from "scimmy-routers"; + +type SCIMMYResource = typeof SCIMMY.Types.Resource; + +const buildScimRouter = (dbManager: HomeDBManager) => { + const v2 = express.Router(); + v2.use('/Users', checkPermissionToUsersEndpoint, buildUsersRoute(dbManager)); + + SCIMMY.Resources.User.ingress(handler) + SCIMMY.Resources.declare(SCIMMY.Resources.User) + .ingress((resource: SCIMMYResource, data) => { + + + }); + const scim = express.Router(); + scim.use('/v2', v2); + return scim; +}; + +export { buildScimRouter }; diff --git a/app/server/lib/scim/v2/users.ts b/app/server/lib/scim/v2/users.ts new file mode 100644 index 00000000..1b4175bd --- /dev/null +++ b/app/server/lib/scim/v2/users.ts @@ -0,0 +1,37 @@ +import express, { NextFunction, Request, Response } from 'express'; +import { HomeDBManager } from 'app/gen-server/lib/homedb/HomeDBManager'; +import { expressWrap } from '../../expressWrap'; +import { integerParam } from '../../requestUtils'; +import { ApiError } from 'app/common/ApiError'; +import { RequestWithLogin } from '../../Authorizer'; + +function checkPermissionToUsersEndpoint(req: Request, res: Response, next: NextFunction) { + const mreq = req as RequestWithLogin; + const adminEmail = process.env.GRIST_DEFAULT_EMAIL; + if (!adminEmail || mreq.user?.loginEmail !== adminEmail) { + throw new ApiError('Permission denied', 403); + } + return next(); +} + +const buildUsersRoute = (dbManager: HomeDBManager) => { + const userRoute = express.Router(); + + async function findUserOrFail(userId: number) { + const user = await dbManager.getUser(userId); + if (!user) { + throw new ApiError('User not found', 404); + } + return user; + } + + + userRoute.get('/:id', expressWrap(async (req, res) => { + const userId = integerParam(req.params.id, 'id'); + const user = await findUserOrFail(userId); + res.status(200).json(user); + })); + return userRoute; +}; + +export { buildUsersRoute, checkPermissionToUsersEndpoint }; diff --git a/package.json b/package.json index 773f1ed7..9a52c5b7 100644 --- a/package.json +++ b/package.json @@ -189,6 +189,7 @@ "redis": "3.1.1", "redlock": "3.1.2", "saml2-js": "4.0.2", + "scimmy-routers": "^1.2.0", "short-uuid": "3.1.1", "slugify": "1.6.6", "swagger-ui-dist": "5.11.0", diff --git a/yarn.lock b/yarn.lock index 4a9ea139..35d640ae 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3801,7 +3801,7 @@ express-rate-limit@7.2.0: resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.2.0.tgz#06ce387dd5388f429cab8263c514fc07bf90a445" integrity sha512-T7nul1t4TNyfZMJ7pKRKkdeVJWa2CqB8NA1P8BwYaoDI5QSBZARv5oMS43J7b7I5P+4asjVXjb7ONuwDKucahg== -express@4.19.2: +express@4.19.2, express@^4.18.2: version "4.19.2" resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465" integrity sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q== @@ -7346,6 +7346,19 @@ schema-utils@^3.2.0: ajv "^6.12.5" ajv-keywords "^3.5.2" +scimmy-routers@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/scimmy-routers/-/scimmy-routers-1.2.0.tgz#42090c616f127aefce194ebf4a3c8f4a4f62e30b" + integrity sha512-+dT8yRglz2gMu0X1LlUYTi/PDgW6Zzu1YRWiv362I/wA64kud24XjYIoufNiW5OhskvBPQGT/P1aYOffcmxxsQ== + dependencies: + express "^4.18.2" + scimmy "^1.2.0" + +scimmy@^1.2.0: + version "1.2.3" + resolved "https://registry.yarnpkg.com/scimmy/-/scimmy-1.2.3.tgz#56ca9dbf11749b272e18090c923f81dbad4bc911" + integrity sha512-16oXCvnieVeKxTDQqi275bLuyOCwXci8Jywm2/M+4dWNNYoduUz0Crj1nFY0ETYMsuYvCdareWov6/Mebu92xA== + selenium-webdriver@^4.20.0: version "4.20.0" resolved "https://registry.yarnpkg.com/selenium-webdriver/-/selenium-webdriver-4.20.0.tgz#14941ab4a59e8956a5e4b4491a8ba2bd6619d1ac"