Merge pull request #170 from koopjs/feature/168

UIpdated docker for auth
koopjs · Apr 23, 2020 · 102d09a · 102d09a
2 parents 8a36a03 + eaf4b4f
commit 102d09a
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 4 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,7 +1,7 @@
 FROM node:10.18.1-alpine AS base
 
 # the version of the marklogic koop provider
-ARG provider_version=1.1.0
+ARG provider_version=1.1.1
 
 # tools
 RUN apk --update add --no-cache --virtual .deps \
@@ -12,6 +12,7 @@ RUN curl -LsS https://github.com/koopjs/koop-provider-marklogic/archive/v${provi
 WORKDIR /koop-provider-marklogic-${provider_version}
 
 COPY provider-config.json /koop-provider-marklogic-${provider_version}/config/docker.json
+COPY user-store.json /koop-provider-marklogic-${provider_version}/auth/user-store.json
 COPY certs/ /koop-provider-marklogic-${provider_version}/certs
 
 RUN npm  --no-optional install

diff --git a/docker/README.md b/docker/README.md
@@ -4,10 +4,11 @@ Assuming you already have MarkLogic installed and configured with [Geo Data Serv
 
 ## Quick Start
 
-1. Edit `provider-config.json` and set the connection information that the provider should use to communicate with MarkLogic as well as ports and whether or not you want to enable SSL (see below for details on all of the configuration parameters)
+1. Edit `provider-config.json` and set the connection information that the provider should use to communicate with MarkLogic as well as ports Koop will run on, whether or not you want to enable SSL, and whether or not you want authentication enabled (see below for details on all of the configuration parameters)
 2. If using SSL (HTTPS), copy the cert and key that you want to use for the server into `certs/cert.pem` and `certs/key.pem`  
-3. Run `docker compose up`
-4. Koop should be listening on port 9000 (and 9443 if ssl is enabled). Test it out using a URL to one of your feature services
+3. If using authentication, edit the `user-store.json` file to add the users and credentials you want to enable
+4. Run `docker compose up`
+5. Koop should be listening on port 9000 (and 9443 if ssl is enabled). Test it out using a URL to one of your feature services
 
 ```
 http://localhost:9000/marklogic/<service name>/FeatureServer
@@ -40,6 +41,16 @@ The `provider-config.json` file contains the configuration paramters for the Mar
       "password": "<password>",
       "authType": "DIGEST"
     }
+  },
+  "auth" : {
+    "enabled" : false,
+    "plugin" : "auth-direct-file",
+    "options" : {
+      "secret" : "<secret for token generation>",
+      "identityStore" : "auth/user-store.json",
+      "tokenExpirationMinutes" : 60,
+      "useHttp" : true
+    }
   }
 }
 ```
@@ -52,6 +63,7 @@ The `provider-config.json` file contains the configuration paramters for the Mar
 
 ### ssl
 `enabled`: `true|false` - wether or not SSL/HTTPS is enabled
+
 `port`: `<number>` - the port that Koop will listen for HTTPS connections on
 
 `cert`: `"<path to the certificate file>"` - path to the SSL certificate that should be used for the server 
@@ -70,5 +82,29 @@ The `provider-config.json` file contains the configuration paramters for the Mar
 
 `authType`: `"DIGEST|BASIC"` - the username the provider should use when connecting to MarkLogic
 
+### auth
+`enabled` : `true|false`
+
+`plugin` : `auth-direct-file`
+#### options
+`secret` : `"<secret for token generation>"` - the secret to use when generating tokens
+
+`identityStore` : `"auth/user-store.json"` - the path and filename of the identity store where usernames and passwords are kept
+
+`tokenExpirationMinutes` : `60` - the expiration time of the tokens in minutes
+
+`useHttp` : `true|false` - whether or not to allow the auth protocol over http. If this is `false` trying to use auth without https will generate an error. Being able to set this to true is helpful if you have koop running behind a loadbalancer or reverse proxy that is doing SSL termination.
+
+## Authentication
+Koop supports the Esri secure feature services API and the MarkLogic Koop Provider currently supports the [koop-auth-driect](https://github.com/koopjs/koop-auth-direct-file) plugin for authentication.
+
+To enable authentication, set the `auth.enabled` property to `true` in the `provider-config.json`. 
+
+To add users, edit the `user-store.json` file.
+
+Run `docker compose build` to rebuild the container.
+
+See [https://koopjs.github.io/docs/usage/authorization](https://koopjs.github.io/docs/usage/authorization) for more details about Koop authentication.
+
 ## Container Configuration
 As configured, the "koop" container exposes ports 9000 and 9443 externally. If you would like to change those ports, edit the `docker-compose.yml` and change the port mappings before running `docker-compose up` or `docker-compose build`.
diff --git a/docker/provider-config.json b/docker/provider-config.json
@@ -17,5 +17,15 @@
       "password": "<password>",
       "authType": "DIGEST"
     }
+  },
+  "auth" : {
+    "enabled" : false,
+    "plugin" : "auth-direct-file",
+    "options" : {
+      "secret" : "<secret for token generation>",
+      "identityStore" : "auth/user-store.json",
+      "tokenExpirationMinutes" : 60,
+      "useHttp" : true
+    }
   }
 }
diff --git a/docker/user-store.json b/docker/user-store.json
@@ -0,0 +1,6 @@
+[
+  {
+    "username": "<username>",
+    "password": "<password>"
+  }
+]