Security Option II changes

Signed-off-by: Paul McBride <paul_mcbride@ie.ibm.com>

build/config/default.json5

@@ -2480,6 +2480,7 @@
     },
   },
   patientsPerPage: 25,
+  authEnabled: false,
   timeout: 20000,
   renderSelectedOnly: false,
   fhirViewer: {

build/config/keycloak.json

@@ -0,0 +1,8 @@
+{
+  "realm": "test",
+  "auth-server-url": "https://localhost:8443/auth",
+  "ssl-required": "external",
+  "resource": "inferno",
+  "public-client": true,
+  "confidential-port": 0
+}

package.json

@@ -54,6 +54,7 @@
     "if-env": "^1.0.0",
     "jquery": "^3.2.1",
     "json5": "^0.5.1",
+    "keycloak-js": "^17.0.0",
     "less": "^2.7.2",
     "less-loader": "^4.0.3",
     "mixin-deep": "^1.2.0",

src/index.js

@@ -8,27 +8,96 @@ import PatientList from "./components/PatientList";
 import { Router, Route, Switch } from "react-router";
 import createHistory from "history/createHashHistory";
 import jQuery from "jquery";
+import Keycloak from "keycloak-js";
+import JSON5 from "json5";
+import { parseQueryString } from "./lib";
 
 window.$ = window.jQuery = jQuery;
 
-const history = createHistory();
-
-ReactDOM.render(
-  <Provider store={STORE}>
-    <Router history={history}>
-      <Switch>
-        <App>
-          <Route path="/" component={PatientList} exact />
-          <Route path="/patient/:index" component={PatientDetail} />
-        </App>
-      </Switch>
-    </Router>
-  </Provider>,
-  document.getElementById("main")
-);
-
-$(function () {
-  $("body").tooltip({
-    selector: ".patient-detail-page [title]",
-  });
+let authEnabled = false;
+const DEFAULT_CONFIG = "default";
+let { config, ...params } = parseQueryString(window.location.search);
+
+jQuery.ajax({
+  url: `./config/${config || DEFAULT_CONFIG}.json5`,
+  dataType: "text",
+  cache: false,
+  async: false,
+  success: (json) => {
+    json = JSON5.parse(json);
+    authEnabled = json.authEnabled;
+  },
 });
+
+if (authEnabled) {
+  let keycloak = new Keycloak("config/keycloak.json");
+
+  keycloak.onTokenExpired = function () {
+    keycloak.updateToken().then((refreshed) => {
+      if (refreshed) {
+        sessionStorage.setItem("access-token", keycloak.token);
+      }
+    });
+  };
+
+  keycloak
+    .init({
+      onLoad: "login-required",
+
+      scope: "patient/*.read",
+    })
+    .then(function (authenticated) {
+      if (authenticated) {
+        sessionStorage.setItem("access-token", keycloak.token);
+
+        const history = createHistory();
+
+        ReactDOM.render(
+          <Provider store={STORE}>
+            <Router history={history}>
+              <Switch>
+                <App>
+                  <Route path="/" component={PatientList} exact />
+                  <Route path="/patient/:index" component={PatientDetail} />
+                </App>
+              </Switch>
+            </Router>
+          </Provider>,
+          document.getElementById("main")
+        );
+
+        $(function () {
+          $("body").tooltip({
+            selector: ".patient-detail-page [title]",
+          });
+        });
+      }
+    })
+    .catch(function () {
+      alert(
+        "Failed to initialize KeyCloak adapter. Check KeyCloak config file."
+      );
+    });
+} else {
+  const history = createHistory();
+
+  ReactDOM.render(
+    <Provider store={STORE}>
+      <Router history={history}>
+        <Switch>
+          <App>
+            <Route path="/" component={PatientList} exact />
+            <Route path="/patient/:index" component={PatientDetail} />
+          </App>
+        </Switch>
+      </Router>
+    </Provider>,
+    document.getElementById("main")
+  );
+
+  $(function () {
+    $("body").tooltip({
+      selector: ".patient-detail-page [title]",
+    });
+  });
+}

src/lib/PatientSearch.js

@@ -526,12 +526,12 @@ export default class PatientSearch {
           .forEach((token) => {
             if (token.indexOf("-") === 0) {
               params.push({
-                name: "_sort",
-                value: token,
+                name: "_sort:desc",
+                value: token.substring(1),
               });
             } else {
               params.push({
-                name: "_sort",
+                name: "_sort:asc",
                 value: token,
               });
             }
@@ -836,18 +836,33 @@ export default class PatientSearch {
     if (server.type == "DSTU-2") {
       data = data.replace(/\bdeceased=(true|false)\b/gi, "");
     }
-
-    // prepare the base options for the patient ajax request
-    let options = {
-      url: `${server.url}/Patient/_search`,
-      method: "POST",
-      processData: false,
-      data,
-      headers: {
-        accept: "application/fhir+json",
-        "content-type": "application/x-www-form-urlencoded",
-      },
-    };
+    // Take Access token from session storage if its available ie. if KeyCloak enabled authentication enabled.
+    // And only include authorization header if access token is available
+    let keycloakToken = sessionStorage.getItem("access-token");
+
+    let options = keycloakToken
+      ? {
+          url: `${server.url}/Patient/_search`,
+          method: "POST",
+          processData: false,
+          data,
+          headers: {
+            accept: "application/fhir+json",
+            "content-type": "application/x-www-form-urlencoded",
+
+            authorization: "Bearer " + keycloakToken,
+          },
+        }
+      : {
+          url: `${server.url}/Patient/_search`,
+          method: "POST",
+          processData: false,
+          data,
+          headers: {
+            accept: "application/fhir+json",
+            "content-type": "application/x-www-form-urlencoded",
+          },
+        };
 
     return this.getPatientIDs(server)
       .then((ids) => {