This blog series is just a simple demo of how to create any Nodejs app and run it on both local and SAP BTP platform.
Part – 1: Create nodejs application.
Part – 2: Create Authentication instance.
Create Authentication
To do that we will need BTP authorization and Trust management service (XSUAA)
Which we will create using MTA.yaml file.
resources:
- name: basicnodejs-xsuaa
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
config:
xsappname: basicnodejs-${org}-${space}
tenant-mode: dedicated
build and deploy the mta.yaml file.
But who will going to use these services?
We have to specify that two modules are going to access this service. Bind those modules with xsuaa instance service.
ID: basicnodejs
_schema-version: '3.1'
version: 0.0.1
parameters:
enable-parallel-deployments: true
modules:
- name: basicnodejs-service
type: nodejs
path: srv
build-parameters:
ignore:
- 'default-*.json'
- .env
- '*node_modules*'
- package-lock.json
provides:
- name: srv-api
properties:
srv-url: ${default-url}
requires:
- name: basicnodejs-xsuaa
- name: basicnodejs-approuter
type: approuter.nodejs
path: app
build-parameters:
ignore:
- 'default-*.json'
- .env
- '*node_modules*'
- package-lock.json
parameters:
memory: 256M
disk-quota: 512M
keep-existing-routes: true
requires:
- name: srv-api
group: destinations
properties:
name: srv-api # must be used in xs-app.json as well
url: ~{srv-url}
forwardAuthToken: true
- name: basicnodejs-xsuaa
resources:
- name: basicnodejs-xsuaa
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
config:
xsappname: basicnodejs-${org}-${space}
tenant-mode: dedicated
Please notice we have added one more property inside approuter module.
forwardAuthToken: true
It will not use the authentication mechanism in BTP until we mention the parameter route in xs-app.json.
{
"authenticationMethod": "route",
"routes": [{
"source": "^/(.*)$",
"target": "$1",
"destination": "srv-api"
}]
}
This will redirect us to the BTP login page if you are not logged in.
Even if we provide the BTP credentials we can not access our desired application.
One more parameter in the XSUAA service tells where to redirect after the authentication.
resources:
- name: basicnodejs-xsuaa
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
config:
xsappname: basicnodejs-${org}-${space}
tenant-mode: dedicated
oauth2-configuration:
redirect-uris:
- "https://*.hana.ondemand.com/**"
Deploy and execute the approuter. It will ask you to login and then landed you on the Service.
Wait….. Even though we have done the authentication mechanism, we are able to access the direct basicnodejs-service url in BTP.
Because we have not provided any condition in the service, whether the user is authenticated by the XSUAA. In CAPM it is handled by the framework.
But our case we have to do it manually.
Let’s add some npm packages and modify server.js file.
npm install @sap/xsenv @sap/xssec passportIn srv -> server.js file –
const express = require("express");
const passport = require("passport");
const xsenv = require("@sap/xsenv");
const JWTStrategy = require("@sap/xssec").JWTStrategy;
const services = xsenv.getServices({ uaa:"basicnodejs-xsuaa" }); // XSUAA service
const app = express();
passport.use(new JWTStrategy(services.uaa));
app.use(passport.initialize());
app.use(passport.authenticate("JWT", { session: false }));
app.get("/", function (req, res, next) {
res.send("Welcome User: " + req.user.name.givenName);
});
const port = process.env.PORT || 5000;
app.listen(port, function () {
console.log("Basic NodeJs listening on port " + port);
});
Build and deploy mta.yaml
Now try to execute the basicnodejs-service url from BTP.
Execute Approuter –
In this part, created the xsuaa instance and run the app from approuter only.
Next, we will run the same app from BAS itself.
