From c3912050879701013168d74671309b03784031a1 Mon Sep 17 00:00:00 2001
From: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Date: Thu, 19 May 2022 18:14:37 +0200
Subject: [PATCH] [Fixes #973] Improve LOCKDOWN_GEONODE (#972)

* [Fixes #9377] Improve LOCKDOWN_GEONODE

* Improve LOCKDOWN_GEONODE and fix npm build

* Fix PR changes

* refactor api key param

* restore addQueryString function

Co-authored-by: allyoucanmap <stefano.bovio@geosolutionsgroup.com>
---
 .../client/js/api/geonode/user/index.js       |  8 +++-
 .../client/js/api/geonode/v2/index.js         | 23 ++++++++---
 .../client/js/utils/APIUtils.js               | 11 ++++++
 .../static/mapstore/configs/localConfig.json  | 18 ---------
 .../_geonode_config.html                      | 25 +++++++++++-
 .../templatetags/apikey.py                    | 38 +++++++++++++++++++
 6 files changed, 95 insertions(+), 28 deletions(-)
 create mode 100644 geonode_mapstore_client/templatetags/apikey.py

diff --git a/geonode_mapstore_client/client/js/api/geonode/user/index.js b/geonode_mapstore_client/client/js/api/geonode/user/index.js
index 41847526c3..602692ec88 100644
--- a/geonode_mapstore_client/client/js/api/geonode/user/index.js
+++ b/geonode_mapstore_client/client/js/api/geonode/user/index.js
@@ -14,8 +14,12 @@ import { getConfigProp } from '@mapstore/framework/utils/ConfigUtils';
 * @name api.geonode.user
 */
 
-export const getUserInfo = () => {
+export const getUserInfo = (apikey) => {
     const { endpointV1 = '/api' } = getConfigProp('geoNodeApi') || {};
-    return axios.get(`${endpointV1}/o/v4/userinfo`)
+    return axios.get(`${endpointV1}/o/v4/userinfo`, {
+        params: {
+            ...(apikey && { apikey })
+        }
+    })
         .then(({ data }) => data);
 };
diff --git a/geonode_mapstore_client/client/js/api/geonode/v2/index.js b/geonode_mapstore_client/client/js/api/geonode/v2/index.js
index a08e27dd1f..4837b40428 100644
--- a/geonode_mapstore_client/client/js/api/geonode/v2/index.js
+++ b/geonode_mapstore_client/client/js/api/geonode/v2/index.js
@@ -8,7 +8,8 @@
 
 import axios from '@mapstore/framework/libs/ajax';
 import {
-    parseDevHostname
+    parseDevHostname,
+    getApiToken
 } from '@js/utils/APIUtils';
 import merge from 'lodash/merge';
 import mergeWith from 'lodash/mergeWith';
@@ -91,7 +92,12 @@ export const setEndpoints = (data) => {
  * get all thw endpoints available from API V2
  */
 export const getEndpoints = () => {
-    return axios.get('/api/v2/')
+    const apikey = getApiToken();
+    return axios.get('/api/v2/', {
+        params: {
+            ...(apikey && { apikey })
+        }
+    })
         .then(({ data }) => {
             setEndpoints(data);
             return data;
@@ -413,15 +419,20 @@ export const getGroups = ({
         });
 };
 
-export const getUserByPk = (pk) => {
-    return axios.get(parseDevHostname(`${endpoints[USERS]}/${pk}`))
+export const getUserByPk = (pk, apikey) => {
+    return axios.get(parseDevHostname(`${endpoints[USERS]}/${pk}`), {
+        params: {
+            ...(apikey && { apikey })
+        }
+    })
         .then(({ data }) => data.user);
 };
 
 export const getAccountInfo = () => {
-    return getUserInfo()
+    const apikey = getApiToken();
+    return getUserInfo(apikey)
         .then((info) => {
-            return getUserByPk(info.sub)
+            return getUserByPk(info.sub, apikey)
                 .then((user) => ({
                     ...user,
                     info,
diff --git a/geonode_mapstore_client/client/js/utils/APIUtils.js b/geonode_mapstore_client/client/js/utils/APIUtils.js
index 96e4600c1f..568b3991fd 100644
--- a/geonode_mapstore_client/client/js/utils/APIUtils.js
+++ b/geonode_mapstore_client/client/js/utils/APIUtils.js
@@ -35,6 +35,17 @@ export const parseDevHostname = (requestUrl) => {
     return requestUrl;
 };
 
+export const getApiToken = () => {
+    /*
+    In case of LOCKDOWN_MODE in geonode, we need to check if the search page
+    contains an APIKEY. This is required because otherwise the endpoint
+    will always raise an error due the missing auth. In this way if the
+    main call provide an apikey, we can proceed with the login
+    */
+    const geoNodePageConfig = window.__GEONODE_CONFIG__ || {};
+    return geoNodePageConfig.apikey || null;
+};
+
 export default {
     parseDevHostname
 };
diff --git a/geonode_mapstore_client/client/static/mapstore/configs/localConfig.json b/geonode_mapstore_client/client/static/mapstore/configs/localConfig.json
index fde4deb2b7..3eb9cf2542 100644
--- a/geonode_mapstore_client/client/static/mapstore/configs/localConfig.json
+++ b/geonode_mapstore_client/client/static/mapstore/configs/localConfig.json
@@ -3,24 +3,6 @@
         "url": "proxy/?url=",
         "useCORS": []
     },
-    "useAuthenticationRules": true,
-    "authenticationRules": [
-        {
-            "urlPattern": ".*geoserver.*",
-            "authkeyParamName": "access_token",
-            "method": "authkey"
-        },
-        {
-            "urlPattern": ".*gs.*",
-            "authkeyParamName": "access_token",
-            "method": "authkey"
-        },
-        {
-            "urlPattern": ".*api/v2.*",
-            "method": "bearer"
-        }
-    ],
-    "defaultLayerFormat": "image/png",
     "geoNodeApi": {
         "endpointV1": "/api",
         "endpointV2": "/api/v2"
diff --git a/geonode_mapstore_client/templates/geonode-mapstore-client/_geonode_config.html b/geonode_mapstore_client/templates/geonode-mapstore-client/_geonode_config.html
index 1d1af27f81..8f14b87aaa 100644
--- a/geonode_mapstore_client/templates/geonode-mapstore-client/_geonode_config.html
+++ b/geonode_mapstore_client/templates/geonode-mapstore-client/_geonode_config.html
@@ -1,6 +1,7 @@
 {% load client_lib_tags %}
 {% load base_tags %}
 {% load get_menu_json %}
+{% load apikey %}
 {% comment %}
     app and map configuration need to be normalized
 {% endcomment %}
@@ -12,6 +13,8 @@
 
 {% get_menu_json 'CARDS_MENU' as CARDS_MENU %}
 {{ CARDS_MENU|json_script:"menu-CARDS_MENU" }}
+{% generate_proxyurl PROXY_URL|default:"/proxy/?url=" request as UPDATED_PROXY_URL %}
+{% retrieve_apikey request as user_apikey %}
 
 <script>
     (function(){
@@ -72,11 +75,29 @@
             isEmbed: isEmbed,
             pluginsConfigKey: pluginsConfigKey,
             pluginsConfigPatchRules: pluginsConfigPatchRules,
+            apikey: '{%if user_apikey %}{{user_apikey}}{% else %}{% endif %}',
             localConfig: {
                 proxyUrl: {
-                    url: '{{ PROXY_URL|default:"/proxy/?url=" }}',
+                    url: '{{UPDATED_PROXY_URL|safe }}',
                     useCORS: []
                 },
+                useAuthenticationRules: true,
+                authenticationRules: [
+                    {
+                        urlPattern: '.*geoserver.*',
+                        authkeyParamName: 'access_token',
+                        method: 'authkey'
+                    },
+                    {
+                        urlPattern: '.*gs.*',
+                        authkeyParamName: 'access_token',
+                        method: 'authkey'
+                    },
+                    {
+                        urlPattern: '.*api/v2.*',
+                        method: 'bearer'
+                    }
+                ],
                 extensionsFolder: extensionsFolder,
                 printUrl: geoServerPublicLocation + 'pdf/info.json',
                 bingApiKey: '{% bing_api_key %}',
@@ -100,7 +121,7 @@
                     isMobile: isMobile,
                     datasetMaxUploadSize: datasetMaxUploadSize,
                     documentMaxUploadSize: documentMaxUploadSize,
-                    maxParallelUploads: maxParallelUploads,
+                    maxParallelUploads: maxParallelUploads
                 },
                 geoNodeConfiguration: {
                     cardsMenu: {
diff --git a/geonode_mapstore_client/templatetags/apikey.py b/geonode_mapstore_client/templatetags/apikey.py
new file mode 100644
index 0000000000..634bc9de24
--- /dev/null
+++ b/geonode_mapstore_client/templatetags/apikey.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#########################################################################
+#
+# Copyright 2015-2022, GeoSolutions Sas.
+# All rights reserved.
+#
+# This source code is licensed under the BSD-style license found in the
+# LICENSE file in the root directory of this source tree.
+#
+#########################################################################
+
+import logging
+from urllib.parse import urlparse
+
+from django.conf import settings
+from geonode.base.auth import extract_user_from_headers, get_auth_token
+
+from django import template
+
+logger = logging.getLogger(__name__)
+register = template.Library()
+
+
+@register.simple_tag()
+def generate_proxyurl(_url, request):
+    if request:
+        apikey = request.GET.get('apikey')
+        if apikey:
+            pproxyurl = urlparse(_url)
+            proxyurl = f'{pproxyurl.path}?apikey={apikey}&{pproxyurl.query}'
+            return proxyurl
+    return _url
+
+
+@register.simple_tag()
+def retrieve_apikey(request):
+    if settings.ENABLE_APIKEY_LOGIN:
+        return get_auth_token(request.user) or None