From 53ce55057866fd114ce403b2a5cec3a18dfcb050 Mon Sep 17 00:00:00 2001 From: Alyssa Dai Date: Wed, 24 Jul 2024 21:31:31 -0400 Subject: [PATCH 1/4] add auth vars to n-API & local query tool and disable by default --- docker-compose.yml | 8 ++++++-- docs/neurobagel_environment_variables.tsv | 2 +- template.env | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index aaab355..74a5f14 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: NB_RETURN_AGG: ${NB_RETURN_AGG:-true} NB_API_PORT: ${NB_NAPI_PORT:-8000} NB_API_ALLOWED_ORIGINS: ${NB_NAPI_ALLOWED_ORIGINS} + NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-false} + NB_QUERY_CLIENT_ID: ${NB_QUERY_CLIENT_ID} volumes: - "./scripts/api_entrypoint.sh:/usr/src/api_entrypoint.sh" entrypoint: @@ -61,7 +63,7 @@ services: environment: NB_API_PORT: ${NB_FAPI_PORT:-8000} NB_FEDERATE_REMOTE_PUBLIC_NODES: ${NB_FEDERATE_REMOTE_PUBLIC_NODES:-True} - NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-true} + NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-false} NB_QUERY_CLIENT_ID: ${NB_QUERY_CLIENT_ID} query_federation: @@ -74,7 +76,7 @@ services: environment: NB_API_QUERY_URL: ${NB_API_QUERY_URL} NB_IS_FEDERATION_API: "true" - NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-true} + NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-false} NB_QUERY_CLIENT_ID: ${NB_QUERY_CLIENT_ID} query_local: @@ -86,6 +88,8 @@ services: environment: NB_API_QUERY_URL: ${NB_API_QUERY_URL} NB_IS_FEDERATION_API: "false" + NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-false} + NB_QUERY_CLIENT_ID: ${NB_QUERY_CLIENT_ID} secrets: db_admin_password: diff --git a/docs/neurobagel_environment_variables.tsv b/docs/neurobagel_environment_variables.tsv index 4773077..6c460a7 100644 --- a/docs/neurobagel_environment_variables.tsv +++ b/docs/neurobagel_environment_variables.tsv @@ -20,5 +20,5 @@ Environment variable Set manually in .env? Description Default value if not set `NB_QUERY_TAG` No Docker image tag for the query tool `latest` Docker `NB_QUERY_PORT_HOST` No Port number used by the `query_tool` on the host machine `3000` Docker `NB_FEDERATE_REMOTE_PUBLIC_NODES` Yes If "True", include public nodes in federation `true` Docker, Python -`NB_ENABLE_AUTH` Yes **(Experimental, for dev deployments only)** Whether to enable authentication for cohort queries. One of [true, false] `true` Docker, Python +`NB_ENABLE_AUTH` Yes **(Experimental, for dev deployments only)** Whether to enable authentication for cohort queries. One of [true, false] `false` Docker, Python `NB_QUERY_CLIENT_ID` Yes **(Experimental, for dev deployments only)** OAuth client ID for the query tool. Required if NB_ENABLE_AUTH is set to true. - Docker, Python \ No newline at end of file diff --git a/template.env b/template.env index 6f2e0dc..42ce044 100644 --- a/template.env +++ b/template.env @@ -77,9 +77,9 @@ NB_API_QUERY_URL=http://XX.XX.XX.XX # -------------------------------------- # ---- SECURITY CONFIGURATION ---- -# NOTE: EXPERIMENTAL, THESE SETTINGS ARE UNDER ACTIVE DEVELOPMENT AND ARE CURRENTLY FOR DEV DEPLOYMENTS ONLY. +# NOTE: EXPERIMENTAL, THESE SETTINGS ARE UNDER ACTIVE DEVELOPMENT AND CURRENTLY SHOULD BE MODIFIED FOR DEV DEPLOYMENTS ONLY. # The below settings will be used for both the query tool and the f-API. -# NB_ENABLE_AUTH=true +# NB_ENABLE_AUTH=false # If NB_ENABLE_AUTH is set to true, you MUST provide a valid OAuth client ID for your query tool instance. # To obtain an OAuth client ID to enable login with Google, see https://developers.google.com/identity/openid-connect/openid-connect#appsetup. From ced22ca147dad6048e0a3ba570b3b61092b86ae5 Mon Sep 17 00:00:00 2001 From: rmanaem Date: Fri, 26 Jul 2024 12:54:47 -0400 Subject: [PATCH 2/4] Added `NB_QUERY_URL_PATH` --- docker-compose.yml | 2 ++ docs/neurobagel_environment_variables.tsv | 1 + template.env | 3 +++ 3 files changed, 6 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 74a5f14..fb7a8ec 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -76,6 +76,7 @@ services: environment: NB_API_QUERY_URL: ${NB_API_QUERY_URL} NB_IS_FEDERATION_API: "true" + NB_QUERY_URL_PATH: ${NB_QUERY_URL_PATH:-/} NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-false} NB_QUERY_CLIENT_ID: ${NB_QUERY_CLIENT_ID} @@ -88,6 +89,7 @@ services: environment: NB_API_QUERY_URL: ${NB_API_QUERY_URL} NB_IS_FEDERATION_API: "false" + NB_QUERY_URL_PATH: ${NB_QUERY_URL_PATH:-/} NB_ENABLE_AUTH: ${NB_ENABLE_AUTH:-false} NB_QUERY_CLIENT_ID: ${NB_QUERY_CLIENT_ID} diff --git a/docs/neurobagel_environment_variables.tsv b/docs/neurobagel_environment_variables.tsv index 6c460a7..964b268 100644 --- a/docs/neurobagel_environment_variables.tsv +++ b/docs/neurobagel_environment_variables.tsv @@ -20,5 +20,6 @@ Environment variable Set manually in .env? Description Default value if not set `NB_QUERY_TAG` No Docker image tag for the query tool `latest` Docker `NB_QUERY_PORT_HOST` No Port number used by the `query_tool` on the host machine `3000` Docker `NB_FEDERATE_REMOTE_PUBLIC_NODES` Yes If "True", include public nodes in federation `true` Docker, Python +`NB_QUERY_URL_PATH` Yes The URL path for the query tool, determines the specific URL at which the app should be rendered for users to access it `/` Docker `NB_ENABLE_AUTH` Yes **(Experimental, for dev deployments only)** Whether to enable authentication for cohort queries. One of [true, false] `false` Docker, Python `NB_QUERY_CLIENT_ID` Yes **(Experimental, for dev deployments only)** OAuth client ID for the query tool. Required if NB_ENABLE_AUTH is set to true. - Docker, Python \ No newline at end of file diff --git a/template.env b/template.env index 42ce044..0b4cbd3 100644 --- a/template.env +++ b/template.env @@ -71,6 +71,9 @@ NB_RETURN_AGG=true NB_API_QUERY_URL=http://XX.XX.XX.XX # Additional configurable parameters - uncomment to change the defaults +# Change NB_QUERY_URL_PATH if you're using a custom configuration where the query tool is accessible +# via a path other than the root (`/`) +# NB_QUERY_URL_PATH # Change NB_QUERY_PORT_HOST if port 3000 is already in use on the machine # NB_QUERY_PORT_HOST=3000 # NB_QUERY_TAG=latest From 0eb6a37d771be456a15bdad24592f4b2256e2de9 Mon Sep 17 00:00:00 2001 From: Arman Jahanpour <77515879+rmanaem@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:55:58 -0400 Subject: [PATCH 3/4] Update template.env Co-authored-by: Alyssa Dai --- template.env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/template.env b/template.env index 0b4cbd3..83a4296 100644 --- a/template.env +++ b/template.env @@ -71,9 +71,9 @@ NB_RETURN_AGG=true NB_API_QUERY_URL=http://XX.XX.XX.XX # Additional configurable parameters - uncomment to change the defaults -# Change NB_QUERY_URL_PATH if you're using a custom configuration where the query tool is accessible -# via a path other than the root (`/`) -# NB_QUERY_URL_PATH +# Change NB_QUERY_URL_PATH if you're using a proxy server (NGINX, Caddy, etc.) and have configured it so that the query tool is accessible at a path other than the root (`/`). +# e.g., if your proxy server is set up so that mynode.org/querytool points to the query tool, you would set NB_QUERY_URL_PATH=/querytool +# NB_QUERY_URL_PATH=/ # Change NB_QUERY_PORT_HOST if port 3000 is already in use on the machine # NB_QUERY_PORT_HOST=3000 # NB_QUERY_TAG=latest From 94c626c7014188bf3e712dca6d5c7dc676e544d7 Mon Sep 17 00:00:00 2001 From: Arman Jahanpour <77515879+rmanaem@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:56:09 -0400 Subject: [PATCH 4/4] Update docs/neurobagel_environment_variables.tsv Co-authored-by: Alyssa Dai --- docs/neurobagel_environment_variables.tsv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/neurobagel_environment_variables.tsv b/docs/neurobagel_environment_variables.tsv index 964b268..85c49cb 100644 --- a/docs/neurobagel_environment_variables.tsv +++ b/docs/neurobagel_environment_variables.tsv @@ -20,6 +20,6 @@ Environment variable Set manually in .env? Description Default value if not set `NB_QUERY_TAG` No Docker image tag for the query tool `latest` Docker `NB_QUERY_PORT_HOST` No Port number used by the `query_tool` on the host machine `3000` Docker `NB_FEDERATE_REMOTE_PUBLIC_NODES` Yes If "True", include public nodes in federation `true` Docker, Python -`NB_QUERY_URL_PATH` Yes The URL path for the query tool, determines the specific URL at which the app should be rendered for users to access it `/` Docker +`NB_QUERY_URL_PATH` No The URL path for the query tool, determines the specific URL at which the app should be rendered for users to access it `/` Docker `NB_ENABLE_AUTH` Yes **(Experimental, for dev deployments only)** Whether to enable authentication for cohort queries. One of [true, false] `false` Docker, Python `NB_QUERY_CLIENT_ID` Yes **(Experimental, for dev deployments only)** OAuth client ID for the query tool. Required if NB_ENABLE_AUTH is set to true. - Docker, Python \ No newline at end of file