gh-47 Integrate MONAI Deploy Security

Signed-off-by: Victor Chang <[email protected]>

Author: mocsharp

src/Client/Test/packages.lock.json

@@ -725,8 +725,8 @@
       },
       "Monai.Deploy.Security": {
         "type": "Transitive",
-        "resolved": "0.1.0",
-        "contentHash": "ZbHei1e/jZVk3pTiTSjlB5dy3VsFBEGed9Md19xfal07K1vHGgn4+LNd+izdB7wAGhVRR0VuDNuCn6teO1Ljhw==",
+        "resolved": "0.2.0-vchang-logging0008",
+        "contentHash": "YUgEwyLIe3DVk+SwVMS1sXRJUlpqleHPoNWeIl+sCFbGDzDvjn8k7nnLPgM8KuZ8vpMgVcimBarCThSyDyf8kA==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.0.1",
           "Microsoft.AspNetCore.Authentication.JwtBearer": "6.0.11",
@@ -1688,7 +1688,7 @@
           "Monai.Deploy.InformaticsGateway.Database.EntityFramework": "[1.0.0, )",
           "Monai.Deploy.InformaticsGateway.DicomWeb.Client": "[1.0.0, )",
           "Monai.Deploy.Messaging.RabbitMQ": "[0.1.18, )",
-          "Monai.Deploy.Security": "[0.1.0, )",
+          "Monai.Deploy.Security": "[0.2.0-vchang-logging0008, )",
           "Monai.Deploy.Storage": "[0.2.11, )",
           "Monai.Deploy.Storage.MinIO": "[0.2.11, )",
           "NLog": "[5.1.0, )",

src/DicomWebClient/CLI/packages.lock.json

@@ -1474,20 +1474,20 @@
       "monai.deploy.informaticsgateway.client.common": {
         "type": "Project",
         "dependencies": {
-          "Ardalis.GuardClauses": "4.0.1",
-          "System.Text.Json": "6.0.7"
+          "Ardalis.GuardClauses": "[4.0.1, )",
+          "System.Text.Json": "[6.0.7, )"
         }
       },
       "monai.deploy.informaticsgateway.dicomweb.client": {
         "type": "Project",
         "dependencies": {
-          "Ardalis.GuardClauses": "4.0.1",
-          "Microsoft.AspNet.WebApi.Client": "5.2.9",
-          "Microsoft.Extensions.Http": "6.0.0",
-          "Microsoft.Net.Http.Headers": "2.2.8",
-          "Monai.Deploy.InformaticsGateway.Client.Common": "1.0.0",
-          "System.Linq.Async": "6.0.1",
-          "fo-dicom": "5.0.3"
+          "Ardalis.GuardClauses": "[4.0.1, )",
+          "Microsoft.AspNet.WebApi.Client": "[5.2.9, )",
+          "Microsoft.Extensions.Http": "[6.0.0, )",
+          "Microsoft.Net.Http.Headers": "[2.2.8, )",
+          "Monai.Deploy.InformaticsGateway.Client.Common": "[1.0.0, )",
+          "System.Linq.Async": "[6.0.1, )",
+          "fo-dicom": "[5.0.3, )"
         }
       }
     }

src/DicomWebClient/packages.lock.json

@@ -1254,8 +1254,8 @@
       "monai.deploy.informaticsgateway.client.common": {
         "type": "Project",
         "dependencies": {
-          "Ardalis.GuardClauses": "4.0.1",
-          "System.Text.Json": "6.0.7"
+          "Ardalis.GuardClauses": "[4.0.1, )",
+          "System.Text.Json": "[6.0.7, )"
         }
       }
     }

src/InformaticsGateway/Monai.Deploy.InformaticsGateway.csproj

@@ -1,4 +1,4 @@
-<!--
+<!--
   ~ Copyright 2022 MONAI Consortium
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,6 +26,7 @@
     <LangVersion>latest</LangVersion>
     <CodeAnalysisRuleSet>..\.sonarlint\project-monai_monai-deploy-informatics-gatewaycsharp.ruleset</CodeAnalysisRuleSet>
     <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
+    <UserSecretsId>be0fffc8-bebb-4509-a2c0-3c981e5415ab</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
@@ -50,7 +51,7 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="6.0.0" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="6.0.0" />
     <PackageReference Include="Monai.Deploy.Messaging.RabbitMQ" Version="0.1.18" />
-    <PackageReference Include="Monai.Deploy.Security" Version="0.1.0" />
+    <PackageReference Include="Monai.Deploy.Security" Version="0.2.0-vchang-logging0008" />
     <PackageReference Include="Monai.Deploy.Storage" Version="0.2.11" />
     <PackageReference Include="Monai.Deploy.Storage.MinIO" Version="0.2.11" />
     <PackageReference Include="NLog.Web.AspNetCore" Version="5.2.0" />

src/InformaticsGateway/Program.cs

@@ -29,8 +29,6 @@
 using Monai.Deploy.InformaticsGateway.Common;
 using Monai.Deploy.InformaticsGateway.Configuration;
 using Monai.Deploy.InformaticsGateway.Database;
-using Monai.Deploy.InformaticsGateway.Database.Api.Repositories;
-using Monai.Deploy.InformaticsGateway.Database.EntityFramework.Repositories;
 using Monai.Deploy.InformaticsGateway.Repositories;
 using Monai.Deploy.InformaticsGateway.Services.Common;
 using Monai.Deploy.InformaticsGateway.Services.Connectors;
@@ -44,6 +42,7 @@
 using Monai.Deploy.InformaticsGateway.Services.Storage;
 using Monai.Deploy.Messaging;
 using Monai.Deploy.Messaging.Configuration;
+using Monai.Deploy.Security.Authentication.Configurations;
 using Monai.Deploy.Storage;
 using Monai.Deploy.Storage.Configuration;
 using NLog;
@@ -95,13 +94,10 @@ internal static IHostBuilder CreateHostBuilder(string[] args) =>
                 })
                 .ConfigureServices((hostContext, services) =>
                 {
-                    services.AddOptions<InformaticsGatewayConfiguration>()
-                        .Bind(hostContext.Configuration.GetSection("InformaticsGateway"));
-                    services.AddOptions<MessageBrokerServiceConfiguration>()
-                        .Bind(hostContext.Configuration.GetSection("InformaticsGateway:messaging"));
-                    services.AddOptions<StorageServiceConfiguration>()
-                        .Bind(hostContext.Configuration.GetSection("InformaticsGateway:storage"));
-
+                    services.AddOptions<InformaticsGatewayConfiguration>().Bind(hostContext.Configuration.GetSection("InformaticsGateway"));
+                    services.AddOptions<MessageBrokerServiceConfiguration>().Bind(hostContext.Configuration.GetSection("InformaticsGateway:messaging"));
+                    services.AddOptions<StorageServiceConfiguration>().Bind(hostContext.Configuration.GetSection("InformaticsGateway:storage"));
+                    services.AddOptions<AuthenticationOptions>().Bind(hostContext.Configuration.GetSection("MonaiDeployAuthentication"));
                     services.TryAddEnumerable(ServiceDescriptor.Singleton<IValidateOptions<InformaticsGatewayConfiguration>, ConfigurationValidator>());
 
                     services.ConfigureDatabase(hostContext.Configuration?.GetSection("ConnectionStrings"));

src/InformaticsGateway/Services/Http/Startup.cs

@@ -30,6 +30,7 @@
 using Microsoft.OpenApi.Models;
 using Monai.Deploy.InformaticsGateway.Database.EntityFramework;
 using Monai.Deploy.InformaticsGateway.Services.Fhir;
+using Monai.Deploy.Security.Authentication.Extensions;
 
 namespace Monai.Deploy.InformaticsGateway.Services.Http
 {
@@ -106,6 +107,8 @@ public void ConfigureServices(IServiceCollection services)
                 };
             });
 
+            services.AddMonaiAuthentication();
+
             services.AddHealthChecks()
                 .AddCheck<MonaiHealthCheck>("Informatics Gateway Services")
                 .AddDbContextCheck<InformaticsGatewayContext>("Database");
@@ -123,7 +126,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                 app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "MONAI Deploy Informatics Gateway v1"));
             }
 
-            app.UseRouting();
             app.UseHealthChecks("/health", new Microsoft.AspNetCore.Diagnostics.HealthChecks.HealthCheckOptions
             {
                 ResponseWriter = async (context, report) =>
@@ -139,13 +141,20 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                     });
 
                     context.Response.ContentType = MediaTypeNames.Application.Json;
-                    await context.Response.WriteAsync(result);
+                    await context.Response.WriteAsync(result).ConfigureAwait(false);
                 }
             });
 
+            app.UseRouting();
+            app.UseAuthentication();
+            app.UseAuthorization();
+            app.UseEndpointAuthorizationMiddleware();
+            app.UseHttpLogging();
+
             app.UseEndpoints(endpoints =>
             {
-                endpoints.MapControllers();
+                endpoints.MapHealthChecks("/health").AllowAnonymous();
+                endpoints.MapControllers().RequireAuthorization();
             });
         }
     }

src/InformaticsGateway/Test/packages.lock.json

@@ -965,8 +965,8 @@
       },
       "Monai.Deploy.Security": {
         "type": "Transitive",
-        "resolved": "0.1.0",
-        "contentHash": "ZbHei1e/jZVk3pTiTSjlB5dy3VsFBEGed9Md19xfal07K1vHGgn4+LNd+izdB7wAGhVRR0VuDNuCn6teO1Ljhw==",
+        "resolved": "0.2.0-vchang-logging0008",
+        "contentHash": "YUgEwyLIe3DVk+SwVMS1sXRJUlpqleHPoNWeIl+sCFbGDzDvjn8k7nnLPgM8KuZ8vpMgVcimBarCThSyDyf8kA==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.0.1",
           "Microsoft.AspNetCore.Authentication.JwtBearer": "6.0.11",
@@ -1917,7 +1917,7 @@
           "Monai.Deploy.InformaticsGateway.Database.EntityFramework": "[1.0.0, )",
           "Monai.Deploy.InformaticsGateway.DicomWeb.Client": "[1.0.0, )",
           "Monai.Deploy.Messaging.RabbitMQ": "[0.1.18, )",
-          "Monai.Deploy.Security": "[0.1.0, )",
+          "Monai.Deploy.Security": "[0.2.0-vchang-logging0008, )",
           "Monai.Deploy.Storage": "[0.2.11, )",
           "Monai.Deploy.Storage.MinIO": "[0.2.11, )",
           "NLog": "[5.1.0, )",

src/InformaticsGateway/appsettings.Development.json

@@ -1,4 +1,7 @@
 {
+  "MonaiDeployAuthentication": {
+    "bypassAuthentication": true
+  },
   "ConnectionStrings": {
     "InformaticsGatewayDatabase": "Data Source=migdev.db"
   },

src/InformaticsGateway/appsettings.json

@@ -1,4 +1,34 @@
 {
+  "MonaiDeployAuthentication": {
+    "bypassAuthentication": false,
+    "openId": {
+      "realm": "http://localhost:8080/realms/monai-test/",
+      "realmKey": "993kdf2YXmv3itIvVOJX6zDT9o2nLxwW",
+      "clientId": "monai-app",
+      "audiences": [ "monai-app-test" ],
+      "roleClaimType": "roles",
+      "claimMappings": {
+        "userClaims": [
+          {
+            "claimType": "roles",
+            "claimValues": [ "monai-deploy-user" ],
+            "endpoints": [ "Stow", "Fhir", "Inference" ]
+          },
+          {
+            "claimType": "roles",
+            "claimValues": [ "pacs-admin" ],
+            "endpoints": [ "MonaiAeTitle", "SourceAeTitle", "DestinationAeTitle" ]
+          }
+        ],
+        "adminClaims": [
+          {
+            "claimType": "roles",
+            "claimValues": [ "monai-role-admin" ]
+          }
+        ]
+      }
+    }
+  },
   "ConnectionStrings": {
     "Type": "Sqlite",
     "InformaticsGatewayDatabase": "Data Source=/database/mig.db"

src/InformaticsGateway/packages.lock.json

@@ -184,9 +184,9 @@
       },
       "Monai.Deploy.Security": {
         "type": "Direct",
-        "requested": "[0.1.0, )",
-        "resolved": "0.1.0",
-        "contentHash": "ZbHei1e/jZVk3pTiTSjlB5dy3VsFBEGed9Md19xfal07K1vHGgn4+LNd+izdB7wAGhVRR0VuDNuCn6teO1Ljhw==",
+        "requested": "[0.2.0-vchang-logging0008, )",
+        "resolved": "0.2.0-vchang-logging0008",
+        "contentHash": "YUgEwyLIe3DVk+SwVMS1sXRJUlpqleHPoNWeIl+sCFbGDzDvjn8k7nnLPgM8KuZ8vpMgVcimBarCThSyDyf8kA==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.0.1",
           "Microsoft.AspNetCore.Authentication.JwtBearer": "6.0.11",

tests/Integration.Test/appsettings.json

@@ -1,4 +1,7 @@
 {
+  "MonaiDeployAuthentication": {
+    "BypassAuthentication": true
+  },
   "ConnectionStrings": {
     "Type": "mongodb",
     "InformaticsGatewayDatabase": "mongodb://root:rootpassword@localhost:27017",

tests/Integration.Test/packages.lock.json

@@ -811,8 +811,8 @@
       },
       "Monai.Deploy.Security": {
         "type": "Transitive",
-        "resolved": "0.1.0",
-        "contentHash": "ZbHei1e/jZVk3pTiTSjlB5dy3VsFBEGed9Md19xfal07K1vHGgn4+LNd+izdB7wAGhVRR0VuDNuCn6teO1Ljhw==",
+        "resolved": "0.2.0-vchang-logging0008",
+        "contentHash": "YUgEwyLIe3DVk+SwVMS1sXRJUlpqleHPoNWeIl+sCFbGDzDvjn8k7nnLPgM8KuZ8vpMgVcimBarCThSyDyf8kA==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.0.1",
           "Microsoft.AspNetCore.Authentication.JwtBearer": "6.0.11",
@@ -1811,7 +1811,7 @@
           "Monai.Deploy.InformaticsGateway.Database.EntityFramework": "[1.0.0, )",
           "Monai.Deploy.InformaticsGateway.DicomWeb.Client": "[1.0.0, )",
           "Monai.Deploy.Messaging.RabbitMQ": "[0.1.18, )",
-          "Monai.Deploy.Security": "[0.1.0, )",
+          "Monai.Deploy.Security": "[0.2.0-vchang-logging0008, )",
           "Monai.Deploy.Storage": "[0.2.11, )",
           "Monai.Deploy.Storage.MinIO": "[0.2.11, )",
           "NLog": "[5.1.0, )",