WIP: working on S3 Service. Implement sts assumeRoleWithWebIdentity

0ff37633 · Jacopo Gasparetto · 53ff0312 · 0ff37633 · 0ff37633 · 0ff37633
Commit 0ff37633 authored 1 year ago by Jacopo Gasparetto
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -16,6 +16,7 @@
        "@types/node": "^16.18.21",
        "@types/react": "^18.0.29",
        "@types/react-dom": "^18.0.11",
+        "aws-sdk": "^2.1359.0",
        "react": "^18.2.0",
        "react-dom": "^18.2.0",
        "react-router-dom": "^6.9.0",
@@ -4862,6 +4863,47 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/aws-sdk": {
+      "version": "2.1359.0",
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1359.0.tgz",
+      "integrity": "sha512-uGNIU4czx8P0YITV8uhuLFhmyYvLWsFYINlHJX77/fea4VuTwcCGktYy2OEnrErp3FK9NHQvwXBxZCbY0lcxBg==",
+      "dependencies": {
+        "buffer": "4.9.2",
+        "events": "1.1.1",
+        "ieee754": "1.1.13",
+        "jmespath": "0.16.0",
+        "querystring": "0.2.0",
+        "sax": "1.2.1",
+        "url": "0.10.3",
+        "util": "^0.12.4",
+        "uuid": "8.0.0",
+        "xml2js": "0.5.0"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/aws-sdk/node_modules/events": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz",
+      "integrity": "sha512-kEcvvCBByWXGnZy6JUlgAp2gBIUjfCAV6P6TgT1/aaQKcmuAEC4OZTV1I4EWQLz2gxZw76atuVyvHhTxvi0Flw==",
+      "engines": {
+        "node": ">=0.4.x"
+      }
+    },
+    "node_modules/aws-sdk/node_modules/sax": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz",
+      "integrity": "sha512-8I2a3LovHTOpm7NV5yOyO8IHqgVsfK4+UuySrXU8YXkSRX7k6hCV9b3HrkKCr3nMpgj+0bmocaJJWpvp1oc7ZA=="
+    },
+    "node_modules/aws-sdk/node_modules/uuid": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.0.0.tgz",
+      "integrity": "sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw==",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
    "node_modules/axe-core": {
      "version": "4.6.3",
      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.6.3.tgz",
@@ -5163,6 +5205,25 @@
      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
    },
+    "node_modules/base64-js": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
    "node_modules/batch": {
      "version": "0.6.1",
      "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz",
@@ -5334,11 +5395,26 @@
        "node-int64": "^0.4.0"
      }
    },
+    "node_modules/buffer": {
+      "version": "4.9.2",
+      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz",
+      "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==",
+      "dependencies": {
+        "base64-js": "^1.0.2",
+        "ieee754": "^1.1.4",
+        "isarray": "^1.0.0"
+      }
+    },
    "node_modules/buffer-from": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="
    },
+    "node_modules/buffer/node_modules/isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
+    },
    "node_modules/builtin-modules": {
      "version": "3.3.0",
      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz",
@@ -8753,6 +8829,11 @@
        "node": ">=4"
      }
    },
+    "node_modules/ieee754": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz",
+      "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg=="
+    },
    "node_modules/ignore": {
      "version": "5.2.4",
      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz",
@@ -9011,6 +9092,20 @@
        "node": ">=6"
      }
    },
+    "node_modules/is-generator-function": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz",
+      "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
    "node_modules/is-glob": {
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -11318,6 +11413,14 @@
        "url": "https://github.com/chalk/supports-color?sponsor=1"
      }
    },
+    "node_modules/jmespath": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.16.0.tgz",
+      "integrity": "sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==",
+      "engines": {
+        "node": ">= 0.6.0"
+      }
+    },
    "node_modules/js-sdsl": {
      "version": "4.4.0",
      "resolved": "https://registry.npmjs.org/js-sdsl/-/js-sdsl-4.4.0.tgz",
@@ -13870,6 +13973,15 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/querystring": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
+      "integrity": "sha512-X/xY82scca2tau62i9mDyU9K+I+djTMUsvwf7xnUX5GLvVzgJybOJf4Y6o9Zx3oJK/LSXg5tTZBjwzqVPaPO2g==",
+      "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.",
+      "engines": {
+        "node": ">=0.4.x"
+      }
+    },
    "node_modules/querystringify": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
@@ -16014,6 +16126,15 @@
        "punycode": "^2.1.0"
      }
    },
+    "node_modules/url": {
+      "version": "0.10.3",
+      "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz",
+      "integrity": "sha512-hzSUW2q06EqL1gKM/a+obYHLIO6ct2hwPuviqTTOcfFVc61UbfJ2Q32+uGL/HCPxKqrdGB5QUwIe7UqlDgwsOQ==",
+      "dependencies": {
+        "punycode": "1.3.2",
+        "querystring": "0.2.0"
+      }
+    },
    "node_modules/url-parse": {
      "version": "1.5.10",
      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
@@ -16023,6 +16144,23 @@
        "requires-port": "^1.0.0"
      }
    },
+    "node_modules/url/node_modules/punycode": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz",
+      "integrity": "sha512-RofWgt/7fL5wP1Y7fxE7/EmTLzQVnB0ycyibJ0OOHIlJqTNzglYFxVwETOcIoJqJmpDXJ9xImDv+Fq34F/d4Dw=="
+    },
+    "node_modules/util": {
+      "version": "0.12.5",
+      "resolved": "https://registry.npmjs.org/util/-/util-0.12.5.tgz",
+      "integrity": "sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==",
+      "dependencies": {
+        "inherits": "^2.0.3",
+        "is-arguments": "^1.0.4",
+        "is-generator-function": "^1.0.7",
+        "is-typed-array": "^1.1.3",
+        "which-typed-array": "^1.1.2"
+      }
+    },
    "node_modules/util-deprecate": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
@@ -16971,6 +17109,26 @@
      "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-3.0.0.tgz",
      "integrity": "sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw=="
    },
+    "node_modules/xml2js": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz",
+      "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==",
+      "dependencies": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~11.0.0"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/xmlbuilder": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz",
+      "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
    "node_modules/xmlchars": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",

--- a/frontend/package.json
+++ b/frontend/package.json
@@ -11,6 +11,7 @@
    "@types/node": "^16.18.21",
    "@types/react": "^18.0.29",
    "@types/react-dom": "^18.0.11",
+    "aws-sdk": "^2.1359.0",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "react-router-dom": "^6.9.0",

--- a/frontend/src/services/S3APIService.tsx
+++ b/frontend/src/services/S3APIService.tsx
+import { ReactNode, createContext, useContext, useState } from "react";
+import { useOAuth } from "./OAuth2";
+import STS from "aws-sdk/clients/sts";
+import S3 from "aws-sdk/clients/s3";
+import { Credentials } from "aws-sdk";
+import { useCallback } from "react";
+import { useEffect } from "react";
+import { AWSError, Endpoint } from "aws-sdk";
+
+// **** AWS Config ****
+export interface AWSConfig {
+  endpoint: string | Endpoint;
+  region: string;
+}
+
+// ***** State *****
+
+export interface IS3ServiceState {
+  awsCredentials?: Credentials;
+}
+
+
+export const initialS3ServiceState: IS3ServiceState = {
+  awsCredentials: undefined
+}
+
+// ***** Context *****
+
+export interface S3ContextProps {
+  awsConfig: AWSConfig;
+  listBuckets(): void;
+  createBucket(bucketName: string): void;
+}
+
+export const S3ServiceContext = createContext<S3ContextProps | undefined>(undefined);
+
+// ***** S3Service *****
+
+interface S3ServiceProviderProps {
+  awsConfig: AWSConfig;
+  children?: ReactNode;
+}
+
+export const S3ServiceProvider = (props: S3ServiceProviderProps): JSX.Element => {
+  const { children, awsConfig } = props;
+
+  const [s3ServiceState, setS3ServiceState] = useState<IS3ServiceState>(
+    initialS3ServiceState
+  );
+  const oAuth = useOAuth();
+
+  const isAuthenticated = () => {
+    return oAuth.isAuthenticated && !oAuth.user?.token?.expired;
+  }
+
+  const getS3Client = (): S3 => {
+    return new S3({
+      ...awsConfig,
+      credentials: s3ServiceState.awsCredentials,
+      s3ForcePathStyle: true
+    });
+  }
+
+
+  useEffect(() => {
+    if (!oAuth.isAuthenticated) {
+      return;
+    }
+
+    const user = oAuth.user!;
+    const token = user.token;
+
+    if (!token) {
+      console.log("Token missig or expired");
+      return;
+    }
+
+    const sts = new STS({
+      endpoint: awsConfig.endpoint,
+      region: awsConfig.region
+    });
+
+    sts.assumeRoleWithWebIdentity(
+      {
+        DurationSeconds: 3600,
+        RoleArn: "arn:aws:iam:::role/S3AccessIAM200",
+        RoleSessionName: "app1",
+        WebIdentityToken: token.access_token,
+      }, (err: AWSError, data) => {
+        if (err) {
+          throw new Error(err.message);
+        }
+
+        const stsCredentials = data.Credentials;
+        if (!stsCredentials) {
+          throw new Error("Cannot retrieve AWS Credentials from STS");
+        }
+
+        setS3ServiceState({
+          awsCredentials: new Credentials({
+            accessKeyId: stsCredentials.AccessKeyId,
+            secretAccessKey: stsCredentials.SecretAccessKey,
+            sessionToken: stsCredentials.SessionToken,
+          })
+        });
+      }
+    )
+  }, [oAuth.isAuthenticated]);
+
+
+  const listBuckets = useCallback(() => {
+    if (!s3ServiceState.awsCredentials) {
+      console.warn("No AWS credentials");
+      return;
+    }
+    const s3 = getS3Client();
+    s3.listBuckets((err, data) => {
+      if (err) {
+        throw new Error(err.message);
+      }
+      console.log(data);
+    })
+  }, [s3ServiceState.awsCredentials]);
+
+  const createBucket = useCallback((bucketName: string) => {
+    const s3 = getS3Client();
+    s3.createBucket({
+      Bucket: bucketName
+    }, ((err, data) => {
+      if (err) {
+        throw new Error(err.name + " " + err.message);
+      }
+      console.log(data);
+    }));
+  }, [s3ServiceState.awsCredentials])
+
+  return (
+    <S3ServiceContext.Provider value={{
+      awsConfig: awsConfig,
+      listBuckets: listBuckets,
+      createBucket: createBucket
+    }}>
+      {children}
+    </S3ServiceContext.Provider>
+  );
+}
+
+// **** useS3Service *****
+
+export const useS3Service = (): S3ContextProps => {
+  const context = useContext(S3ServiceContext);
+  if (!context) {
+    throw new Error(
+      "S3ServiceProvider context is undefined, \
+      please verify you are calling useS3Service as a child of \
+      <S3ServicePrivder> comonent."
+    );
+  }
+  return context;
+}
\ No newline at end of file