#467 initial api key removal

Author: Adam Collins

README.md

@@ -19,7 +19,6 @@ The dependent services point to other production servers by default
 
 ### Minimum configurations in external config file:
 
-        api_key: xxxxxxxxx-d184-4276-afc2-6ece17176d7c
         google:
             apikey: xxxxxxxx
 
@@ -33,8 +32,6 @@ The dependent services point to other production servers by default
     google:
         apikey: "xxxxxxxxxxxxxx"
 
-    api_key: xxxxxxxxxxxxxxxxx
-    
     layersService:
         url: "https://spatial-test.ala.org.au/ws"
 

grails-app/conf/application.yml

@@ -319,9 +319,6 @@ cache:
 phylolink:
     url: 'https://phylolink.ala.org.au'
 
-apiKeyCheckUrlTemplate: 'https://auth.ala.org.au/apikey/ws/check?apikey={0}'
-api_key: 'change me'
-
 character:
     encoding: UTF-8
 

grails-app/controllers/au/org/ala/spatial/portal/CollectionController.groovy

@@ -1,23 +1,17 @@
 package au.org.ala.spatial.portal
 
 import grails.converters.JSON
-import groovy.json.JsonSlurper
-import org.apache.http.client.methods.HttpGet
+import org.apache.http.entity.ContentType
 
 class CollectionController {
-    def hubWebService
+    def webService
 
+    // used to find the data resources for deprecated sandbox uploads
     def list() {
         String url = "${grailsApplication.config.collections.url}/ws/tempDataResource?alaId=" + params.alaId
-        def headers = [:]
-        headers.put ("apiKey",grailsApplication.config.api_key)
-        request.headerNames.each { name -> headers.put(name, request.getHeader(name)) }
-        def r = hubWebService.urlResponse(HttpGet.METHOD_NAME, url, null, headers,
-               null, true)
+        def r = webService.get(url, [:], ContentType.APPLICATION_JSON, false, true, [:])
         if (r.statusCode == 200) {
-            def parser = new JsonSlurper()
-            def json = parser.parseText(r.text)
-            render json as JSON
+            render r.resp as JSON
         } else {
             def result = [error: 'Cannot fetch list from: ' + url]
             render result as JSON

grails-app/controllers/au/org/ala/spatial/portal/LogController.groovy

@@ -4,10 +4,10 @@ import grails.converters.JSON
 import org.apache.commons.httpclient.methods.StringRequestEntity
 import org.apache.http.client.methods.HttpPost
 import org.apache.http.client.methods.HttpGet
+import org.apache.http.entity.ContentType
 
 class LogController {
-    def hubWebService
-    def authService
+    def webService
     static allowedMethods = [index:'POST', search:'GET']
 
     /**
@@ -16,21 +16,20 @@ class LogController {
      */
     def index() {
         String url = "${grailsApplication.config.layersService.url}/log/"
-        def headers = [:]
-        headers.put ("apiKey",grailsApplication.config.api_key)
-        request.headerNames.each { name -> headers.put(name, request.getHeader(name)) }
-        def r = hubWebService.urlResponse(HttpPost.METHOD_NAME, url, null, headers,
-                new StringRequestEntity(request.JSON.toString()), true)
+
+        Map map = [data: (request.JSON as Map)]
+        def r = webService.post(url, map, null, ContentType.APPLICATION_JSON, false, true)
+
         render status: r.statusCode
     }
 
     def search() {
         String url = "${grailsApplication.config.layersService.url}/log/search"
-        def headers = [:]
-        headers.put("Accept", "application/json")
-        headers.put ("apiKey",grailsApplication.config.api_key)
-        def r = hubWebService.urlResponse(HttpGet.METHOD_NAME, url, params, headers, null, true)
+
+        Map inputs = params as Map
+        def r = webService.get(url, inputs, ContentType.APPLICATION_JSON, false, true)
+
         response.status = r.statusCode
-        render JSON.parse(new String(r?.text ?: "")) as JSON
+        render r.resp as JSON
     }
 }

grails-app/controllers/au/org/ala/spatial/portal/PortalController.groovy

@@ -198,12 +198,10 @@ class PortalController {
      * null when not logged in
      */
     private def getValidUserId(params) {
-        //apiKey + userId (non-numeric) OR authenticated user
+        // find the authenticated user, or the default user
         def userId
         if (!Holders.config.security.oidc.enabled) {
             userId = portalService.DEFAULT_USER_ID
-        } else if (portalService.isValidApiKey(params.apiKey) && !StringUtils.isNumeric(params.userId)) {
-            userId = params.userId
         } else {
             userId = authService.userId
         }
@@ -290,26 +288,29 @@ class PortalController {
             notAuthorised()
         } else {
             def type = id
+
+            // write the file to disk
             MultipartFile mFile = ((MultipartHttpServletRequest) request).getFile('shapeFile')
-            def settings = [apiKey: grailsApplication.config.api_key]
 
             String ce = grailsApplication.config.character.encoding
 
-            def r = hubWebService.postUrl("${grailsApplication.config.layersService.url}/shape/upload/${type}?" +
+            String url = "${grailsApplication.config.layersService.url}/shape/upload/${type}?" +
                     "name=${URLEncoder.encode((String) params.name, ce)}&" +
-                    "description=${URLEncoder.encode((String) params.description, ce)}&" +
-                    "api_key=${grailsApplication.config.api_key}", null, settings, mFile);
+                    "description=${URLEncoder.encode((String) params.description, ce)}"
+
+            List files = [mFile]
+            def r = webService.post(url, null, null, files, ContentType.MULTIPART_FORM_DATA, false, true)
 
             if (!r) {
                 render [:] as JSON
             } else if (r.error || r.statusCode > 299) {
                 log.error("failed ${type} upload: ${r}")
-                def msg = JSON.parse(new String(r?.text ?: "{}"))
+                def msg = r.resp
                 Map error = [error: msg.error]
                 response.status = r.statusCode
                 render error as JSON
             } else {
-                def json = JSON.parse(new String(r?.text ?: "{}"))
+                def json = r.resp
                 def shapeFileId = json.id
                 def area = json.collect { key, value ->
                     if (key == 'shp_id') {
@@ -352,14 +353,8 @@ class PortalController {
         } else {
             def json = request.JSON as Map
 
-            Map params = [sessionId: params.sessionId]
-            for (def key : json.keySet()) {
-                if (key != 'sessionId') {
-                    params.put(key, String.valueOf(json[key]))
-                }
-            }
-
-            def r = webService.post("${grailsApplication.config.layersService.url}/tasks/create", null, params, ContentType.APPLICATION_JSON, false, true)
+            String url = "${grailsApplication.config.layersService.url}/tasks/create?userId=${userId}&sessionId=${params.sessionId}"
+            def r = webService.post(url, json, null, ContentType.APPLICATION_JSON, false, true)
 
             if (r == null) {
                 render [:] as JSON

grails-app/services/au/org/ala/spatial/portal/PortalService.groovy

@@ -118,26 +118,6 @@ class PortalService {
 
     def validKeys = [] as Set
 
-    def isValidApiKey(key) {
-        if (key == null) {
-            return false
-        }
-
-        Boolean result = validKeys.contains(key)
-
-        if (result == null) {
-            String url = MessageFormat.format(grailsApplication.config.apiKeyCheckUrlTemplate.toString(), key)
-
-            result = key == grailsApplication.config.serviceKey || hubWebService.getUrl(url).contains('"valid":true')
-
-            if (result) {
-                validKeys.add(key)
-            }
-        }
-
-        return result
-    }
-
     def canProxy(url) {
         def predefined = url.toString().startsWith(Holders.config.layersService.url) ||
                 url.toString().startsWith(Holders.config.phylolink.url) ||