Google Auth draft

Open-EO · Jan 19, 2024 · 5ec8a7e · 5ec8a7e
1 parent bb7f1f9
commit 5ec8a7e
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 11 deletions.
diff --git a/config.json b/config.json
@@ -11,7 +11,7 @@
 		"certificate": null
 	},
 	"serviceAccountCredentialsFile": "privatekey.json",
-	"googleProjectId": "",
+	"googleClientId": "",
 	"id": "openeo-earthengine-driver",
 	"title": "Google Earth Engine Proxy for openEO",
 	"description": "This is the Google Earth Engine Driver for openEO.\n\nGoogle Earth Engine is a planetary-scale platform for Earth science data & analysis. It is powered by Google's cloud infrastructure and combines a multi-petabyte catalog of satellite imagery and geospatial datasets with planetary-scale analysis capabilities. Google makes it available for scientists, researchers, and developers to detect changes, map trends, and quantify differences on the Earth's surface. Google Earth Engine is free for research, education, and nonprofit use.",

diff --git a/src/api/users.js b/src/api/users.js
@@ -10,7 +10,9 @@ export default class UsersAPI {
 
 	beforeServerStart(server) {
 		server.addEndpoint('get', '/credentials/basic', this.getCredentialsBasic.bind(this));
-//	server.addEndpoint('get', '/credentials/oidc', this.getCredentialsOidc.bind(this));
+		if (this.context.googleClientId) {
+			server.addEndpoint('get', '/credentials/oidc', this.getCredentialsOidc.bind(this));
+		}
 		server.addEndpoint('get', '/me', this.getUserInfo.bind(this));
 
 		return Promise.resolve();
@@ -28,13 +30,45 @@ export default class UsersAPI {
 		try {
 			req.user = await this.storage.checkAuthToken(token);
 		} catch(err) {
-			res.send(Error.wrap(err));
+			res.send(Errors.wrap(err));
 		}
 	}
 
-//	getCredentialsOidc(req, res, next) {
-//		res.redirect('https://accounts.google.com/.well-known/openid-configuration', next);
-//	}
+	async getCredentialsOidc(req, res) {
+		if (!this.context.googleClientId) {
+			return res.send(501);
+		}
+
+		return res.send({
+			"providers": [
+				{
+					id: "google",
+					issuer: "https://accounts.google.com",
+					title: "Google",
+					description: "Login with your Google Earth Engine account.",
+					scopes: [
+						"openid",
+						"email",
+						"https://www.googleapis.com/auth/earthengine",
+						// "https://www.googleapis.com/auth/cloud-platform",
+						// "https://www.googleapis.com/auth/devstorage.full_control"
+					],
+					default_clients: [
+						{
+							id: this.context.googleClientId,
+							grant_types: [
+								"implicit"
+							],
+							redirect_urls: [
+								"https://editor.openeo.org/",
+								"http://localhost/"
+							]
+						}
+					]
+				}
+			]
+		});
+	}
 
 	async getCredentialsBasic(req, res) {
 		if (!req.authorization.scheme) {

diff --git a/src/models/catalog.js b/src/models/catalog.js
@@ -68,8 +68,7 @@ export default class DataCatalog {
 		}
 
 		const storage = new Storage({
-			keyFile: './privatekey.json',
-			projectId: this.serverContext.googleProjectId
+			keyFile: './privatekey.json'
 		});
 		const bucket = storage.bucket('earthengine-stac');
 		const prefix = 'catalog/';

diff --git a/src/models/userstore.js b/src/models/userstore.js
@@ -101,9 +101,9 @@ export default class UserStore {
 		return await this.db.insertAsync(userData);
 	}
 
-	async checkAuthToken(token) {
+	async authenticateBasic(token) {
 		const query = {
-			token: token.replace(/^basic\/\//, ''), // remove token prefix for basic
+			token,
 			validity: { $gt: Utils.getTimestamp() }
 		};
 
@@ -120,8 +120,46 @@ export default class UserStore {
 				reason: 'User account has been removed.'
 			});
 		}
-
 		return user;
 	}
 
+	async authenticateGoogle(token) {
+		const userData = this.emptyUser(false);
+		userData._id = Utils.generateHash(8);
+		userData.name = "Google User";
+		userData.password = token;
+		console.log(token);
+		// todo: ...
+		return userData;
+	}
+
+	async checkAuthToken(apiToken) {
+		const parts = apiToken.split('/', 3);
+		if (parts.length !== 3) {
+			throw new Errors.AuthenticationRequired({
+				reason: 'Token format invalid.'
+			});
+		}
+		const [type, provider, token] = parts;
+
+		if (type === 'basic') {
+			return this.authenticateBasic(token);
+		}
+		else if (type === 'oidc') {
+			if (provider === 'google') {
+				return this.authenticateGoogle(token);
+			}
+			else {
+				throw new Errors.AuthenticationRequired({
+					reason: 'Identity provider not supported.'
+				});
+			}
+		}
+		else {
+			throw new Errors.AuthenticationRequired({
+				reason: 'Authentication method not supported.'
+			});
+		}
+	}
+
 }
diff --git a/src/utils/config.js b/src/utils/config.js
@@ -25,6 +25,7 @@ export default class Config {
 		};
 
 		this.serviceAccountCredentialsFile = "privatekey.json";
+		this.googleClientId = null;
 
 		this.currency = null;
 		this.plans = {