JWT Auth feature (#400)

* add id as fallback in dropdown * adding JWT optional headers in STAC calls * replace box with stack to fix render bug * update package lock json * remove testing console.log * handle if aggregations are set as not supported * render result count when numberMatched not found * add login page * add auth service * update collections service to handle bad auth token * add authToken var to redux state * add user logout * separating app Auth vs. STAC Auth * render error on top of loading screen * set logout on alerts of type error * rename token in local storage * update changelog * update example config * combine the AUTH config into a single parameter * update readme * update readme * update linter script * remove reverted feature from changelog * move alert to render on login page * add login logo & handle button state
Element84 · Aug 2, 2024 · 3bf3908 · 3bf3908
1 parent fc6b5ba
commit 3bf3908
Show file tree

Hide file tree

Showing 31 changed files with 1,870 additions and 1,340 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,9 +7,21 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## Unreleased
 
+### Added
+
+- Added optional login feature
+- Added optional config for ignoring aggregations feature if not supported by the STAC API
+
 ### Fixed
 
 - Resolve high vulnerabilities in npm packages
+- Fix bug with not showing search result count when Matched is not returned from a STAC API
+- Changes from MUI Box to use a Stack component to fix build/rendering bug
+
+### Changed
+
+- Alerts of type `error` now force logout when encountered
+- Alerts of type `warning` are used for non logout warnings shown to users
 
 ## 5.5.0 - 2024-05-28
 

diff --git a/README.md b/README.md
@@ -107,7 +107,10 @@ The file `config_helper/config.example.json` is included in this repository as r
 | LAYER_LIST_SERVICES | Defines the services used as reference layers for the map. **Limitations:** Currently only WMS services are supported and only `EPSG:4326` or `EPSG:3857` are supported values for defining crs options. If not set or not formatted correctly, reference layer list widget will either be empty or will not render. Formatting should match example in `config.example.json`. | Optional |
 | STAC_LINK_ENABLED | If set to `true`, STAC Item link will render in Item Details. | Optional |
 | SHOW_ITEM_AUTO_ZOOM | If set to `true`, switch will render in `Filters` list to let the user toggle if the map automatically centers on item footprint when selected item is changed. Default when initialized is auto-zoom not enabled, user must opt-in by turning on (choice will persist for app session). | Optional |
-| FETCH_CREDENTIALS | Defines if API calls made from the app should include the authentication used to access the app. Can be set to `same-origin` (default), `include`, or `omit`. | Optional |
+| FETCH_CREDENTIALS | Defines if API calls made from the app should include the basic authentication used to access the app. Can be set to `same-origin` (default), `include`, or `omit`. | Optional |
+| APP_TOKEN_AUTH_ENABLED | If set to `true` login page renders initially and app only fully loads if a non expired token exists. STAC API calls made from the app will also send JWT as Bearer Token. **Note:** This approach provides a form of limited client-side authentication for the frontend, which is not fully secure. The STAC API endpoint must also require the JWT to ensure application data securtiy. | Optional |
+| AUTH_URL | Endpoint used to pass a username and password that returns as JWT that is used for STAC API calls. `APP_TOKEN_AUTH_ENABLED` config value must also be set to `true`. | Optional |
+| SUPPORTS_AGGREGATIONS | If included and set to `true` aggregation features are disabled and API calls are not made to load the optional aggregations from the STAC API. | Optional |
 
 ### Links
 

diff --git a/config_helper/config.example.json b/config_helper/config.example.json
@@ -192,5 +192,8 @@
  ]
  }
  ],
- "COLLECTIONS": ["naip", "cop-dem-glo-30", "sentinel-2-l2a"]
+ "COLLECTIONS": ["naip", "cop-dem-glo-30", "sentinel-2-l2a"],
+ "APP_TOKEN_AUTH_ENABLED": true,
+ "AUTH_URL": "https://sample-auth-service/login",
+ "SUPPORTS_AGGREGATIONS": false
 }
diff --git a/config_helper/lint_config.py b/config_helper/lint_config.py
@@ -58,6 +58,10 @@ def lint_config(file_path):
  "LAYER_LIST_SERVICES": list,
  "STAC_LINK_ENABLED": bool,
  "SHOW_ITEM_AUTO_ZOOM": bool,
+ "FETCH_CREDENTIALS": str,
+ "APP_TOKEN_AUTH_ENABLED": bool,
+ "AUTH_URL": str,
+ "SUPPORTS_AGGREGATIONS": bool
  }
 
  print("*********************************************************************")