Merge remote-tracking branch 'upstream/develop' into develop

2026-02-06 10:47:04 +00:00 · 2024-12-18 11:49:15 +01:00 · 2024-12-18 11:49:15 +01:00 · 697ee2688d
commit 697ee2688d
parent 38884de649 9cc299a80c
6 changed files with 46 additions and 4 deletions
--- a/.env.example
+++ b/.env.example
@ -36,3 +36,6 @@ VITE_CHATBOT_URL=http://localhost:5000
 # https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production
 # The value could be: development, staging, production
 # NODE_ENV=development
+
+# If you have a problem with session storage (which will cause problems with login) you can enable this. See README for further info.
+#DEBUG=express-session
--- a/Dockerfiles/prestart.go
+++ b/Dockerfiles/prestart.go
@ -10,6 +10,7 @@ import (
 )

 func main() {
+	// Define the host env variables to be replaced at build time
 	config := []string{"VITE_OBP_API_HOST", "VITE_OBP_API_MANAGER_HOST", "VITE_OBP_API_PORTAL_HOST"}
 	configMap := make(map[string]string)

--- a/README.md
+++ b/README.md
@ -112,6 +112,37 @@ server {
 }
 ```

+Note: if you have issues with session stickyness / login issues, enable #DEBUG=express-session in your .env
+and if you see messages like these in the log,
+
+```
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session no SID sent, generating session
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session saving 5JIW_dx9CG8qs0OK4iv7Pn2Kg2huZuvQ
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session not secured
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session split response
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session saving -yf0uzAZf5mP9JVYov9oMR7CxQLnO4wm
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session not secured
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session no SID sent, generating session
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session saving nballQYMYZRn_HG0enM2RIPdv7GAdzJc
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session not secured
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session no SID sent, generating session
+Dec 10 12:26:18 obp-sandbox node[1060160]: Tue, 10 Dec 2024 12:26:18 GMT express-session no SID sent, generating session
+
+```
+
+then make sure your NGINX config includes the $scheme: 
+
+```
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+```
+
+so that Node knows that the cookies have been sent securely over https.
+
+
 # LICENSE

 This project is licensed under the AGPL V3 (see NOTICE) and a commercial license from TESOBE.
--- a/server/controllers/CallbackController.ts
+++ b/server/controllers/CallbackController.ts
@ -33,6 +33,7 @@ import OauthAccessTokenMiddleware from '../middlewares/OauthAccessTokenMiddlewar
@Service()
@Controller()
@UseBefore(OauthAccessTokenMiddleware)
+// This controller seems to not do anything at all
 export default class CallbackController {
  @Get('/callback')
  callback(@Req() request: Request, @Res() response: Response): Response {
--- a/server/controllers/StatusController.ts
+++ b/server/controllers/StatusController.ts
@ -56,15 +56,16 @@ export class StatusController {
  ): Response {
    const oauthConfig = session['clientConfig']
    const version = this.obpClientService.getOBPVersion()
+    const currentUser = await this.obpClientService.get(`/obp/${version}/users/current`, oauthConfig)
    const apiVersions = await this.checkApiVersions(oauthConfig, version)
    const messageDocs = await this.checkMessagDocs(oauthConfig, version)
    const resourceDocs = await this.checkResourceDocs(oauthConfig, version)
    return response.json({
      status: apiVersions && messageDocs && resourceDocs,
-      api_version: apiVersions,
-      message_docs: messageDocs,
-      resource_docs: resourceDocs,
-      commit_id: commitId
+      apiVersions,
+      messageDocs,
+      resourceDocs,
+      currentUser
    })
  }

--- a/server/middlewares/OauthAccessTokenMiddleware.ts
+++ b/server/middlewares/OauthAccessTokenMiddleware.ts
@ -61,12 +61,17 @@ export default class OauthAccessTokenMiddleware implements ExpressMiddlewareInte
            key: oauthTokenKey,
            secret: oauthTokenSecret
          }
+          console.log(`OauthAccessTokenMiddleware.ts use says: clientConfig: ${JSON.stringify(clientConfig)}`)
          session['clientConfig'] = clientConfig
          console.log('OauthAccessTokenMiddleware.ts use says: Seems OK, redirecting..')
          const obpExplorerHome = process.env.VITE_OBP_API_EXPLORER_HOST
          if(!obpExplorerHome) {
            console.error(`VITE_OBP_API_EXPLORER_HOST: ${obpExplorerHome}`)
          }
+          console.log(`OauthAccessTokenMiddleware.ts use says: Will redirect to: ${obpExplorerHome}`)
+          console.log('OauthAccessTokenMiddleware.ts use says: Here comes the session:')
+          console.log(session)
+          
          response.redirect(`${obpExplorerHome}`)
        }
      }