NextGen OBAF API is a cutting-edge framework designed to act as a facade between client applications and the satellite environment. Developed using NestJS, it ensures secure and authorized communication between the client apps and satellite subsystems exclusively via the NextGen OBAF API Socket.IO server.
This layer is responsible for validating if clients have the permissions to execute specific commands on specific satellite subsystems. It does so by intercepting every message through the WebSocket and checking for an authorization header containing a Bearer JWT Token.
This JWT Token is generated by the NextGen Image Builder before the application's deployment on the satellite. Clients are required to include this token as an “Authorization” header in every WebSocket message. Permissions are resolved by parsing the JWT payload, which contains a JSON file with all policies allowed for this client.
The Command Adapter routes commands from clients to the appropriate subsystems. Once client requests are received and authorized, the resource target is defined, and an appropriate adapter is chosen based on the target type. This adapter then communicates with internal APIs for the low-level communication with the satellite subsystems.
The NextGen OBAF API relies on a robust tech stack designed for high performance and security:
- NestJS for the core framework
- WebSocket for real-time communication
- JWT for secure and authorized connections
- Dockerode for Docker management
- Various cryptographic and data manipulation libraries for secure and efficient data handling
Refer to the package.json file for specific versions of each dependency.
To set up the NextGen OBAF API, follow these steps:
- Clone the repository and install dependencies:
git clone https://github.com/your-username/nextgen-obaf-api.git
cd nextgen-obaf-api
npm install- Implement the GroundCommandExecutor and PlatformCommandHandler interfaces:
- Modify
src/api_ground/ground.service.tsto implement the ground command logic:
private getGroundCommandExecutor(): GroundCommandExecutor {
throw new Error('Method not implemented. Use a subclass of GroundCommandExecutor instead.');
}- Modify
src/api_platform/platform.service.tsto implement the platform command logic:
getPlatformHandler(): PlatformCommandHandler {
throw new Error('Method not implemented. Use a subclass of PlatformCommandHandler instead.');
}- Secure Communication with TLS:
- Implement
getTlsCert()andgetTlsKey()methods insrc/util/utils.tsfor TLS certification.
- Environment Configuration:
- Update
.envwith your JWT_PUBLIC_KEY and the host and port of the internal APIs for platform, payload, and FPGA. - Placeholder links for the NextGen base images should be replaced with actual links.
JWT_PUBLIC_KEY=your-jwt-public-key-here
PLATFORM_API_HOST=platform-host
PLATFORM_API_PORT=platform-port
PAYLOAD_API_HOST=payload-host
PAYLOAD_API_PORT=payload-port
FPGA_API_HOST=fpga-host
FPGA_API_PORT=fpga-port- Build and Run the API:
npm run build
npm startThe NextGen OBAF API is now ready to facilitate secure communication between client applications and satellite subsystems.
This project is licensed under the MIT License - see the LICENSE file for details.