Posted by @rmj1405:
Hi!
I have a project with a microservices architecture and RMF is one of the microservices involved. Instead of using the RMF Dashboard, I have my own frontend and server that I would like to use to communicate to RMF using the rmf API server and client. Essentially, I would like to swap out the dashboard with my own UI to control and receive real-time updates on the robot.
I have looked through the repository and I understand there is socket.io being used as well as the main openapi but I’m unsure of how they are working together. The dashboard accesses the api through rmf-ingress.ts file to set the app context but sometimes I see components importing directly from ‘api-client’ as well.
I’m quite confused about how the different modules(server, client and dashboard) link together and how I can begin on this task of integrating rmf with my own system through rmf-web(which packages do I truly need?). Any guidance or an outline/steps would be much appreciated! Thank you!
Currently:
- Working with ROS2 Humble, Ubuntu 22.04
- I have created the fleet adapter and can move my robot with CLI and rmf dashboard
Edited by @rmj1405 at 2024-04-19T09:07:53Z
Posted by @aaronchongth:
Hey there @rmj1405! Thanks for the background information,
Let me give a quick summary of the packages and how they work together,
api-server is the main server working with a database, and communicates directly with the fleet adapters, infrastructure adapters and RMF core libraries, through a combination of ROS 2 and websockets. The server sets up REST routes for any frontend to useapi-client is the typescript library generated using openapi on the routes that are provided by api-server. This library is used by dashboard to actively work with the api-serverdashboard is the frontend appplication which is built with the api-client and react-components
For your use-case, I would say you would just require an api-server instance, you can see all the routes at localhost:8000/docs, and integrate with your application accordingly
Posted by @Oussama-Dallali99:
Hi everyone,
I’ve finished building my React frontend and now need to integrate it with RMF for production use. Can someone provide a concise overview of the next steps? Specifically
- Which backend components should I deploy (e.g., api-server) and how do I connect my frontend to them?
- What configurations are needed to ensure my REST endpoints (and websockets, if applicable) are production-ready?
Thanks in advance for your guidance!
Edited by @Oussama-Dallali99 at 2025-03-05T23:44:15Z
Posted by @rmj1405:
Thank you for breaking it down @aaronchongth! I also have some further questions on rmf-web/packages/api-server at main · open-rmf/rmf-web · GitHub. I understand that in a custom integration used in production, it is critical to secure access to the api server to prevent misuse and information leakage, thus I would like to implement it. My questions:
- how do I get started with setting up the authentication and create my JWT public key? (unfortunately it’s not very clear from the readme)
- From the readme it says:
rmf-server does not manage user identities and access levels by itself, it uses an OpenID Connect compatible identity provider to perform authentication. Authorization however, is performed in-app by rmf-server.
and
rmf-server maintains its own database of users, roles and permissions.
Do you mind elaborating on the flow of information between OpenID Connect and the rmf-server’s internal database and how they interact together to authenticate and authorize the users? I’m unable to visualize it at this moment.
- As rmf is using a default in-memory sqlite instance as its database, are there any mechanisms in place to authorize the use of this data source as an additional layer of safety or is recommended we switch to our own database if we are concerned abt this?
Hope my questions are clear and thank you so much for taking the time to do this!!
Edited by @rmj1405 at 2024-04-25T10:11:35Z
Posted by @aaronchongth:
auth related questions
GitHub - open-rmf/rmf_deployment_template: This repo provides a template to deploy RMF is a good place to start for auth related questions. We’ve currently been using Keycloak extensively, so I can’t say much about integration with other auth providers. But just in case I butcher the answers, I’m gonna tag @koonpeng to make sure I am on track.
For setting up authentication, we have mostly been using Keycloak, and the cloud_infra branch of the deployment template, https://github.com/open-rmf/rmf_deployment_template/tree/cloud_infra, has some steps on how everything works together
As rmf is using a default in-memory sqlite instance as its database, are there any mechanisms in place to authorize the use of this data source as an additional layer of safety or is recommended we switch to our own database if we are concerned abt this?
Yup, that default database is mostly for quick testing with simulation and demos in mind. Since we are using Tortoise ORM, https://tortoise.github.io/, users can technically support all the databases that it supports upstream, Tortoise ORM - Tortoise ORM v0.25.1 Documentation.
As for authorized use of the database, we have so far kept it simple and give the API server full access to the DB, and use the API layer to handle authorization where needed. We have not fleshed all that out fully, but will intend to do so once we reach a stable release.
Posted by @koonpeng:
Authentication is done through oidc, the dashboard uses keycloak client to get an access token, currently it only supports keycloak.
However, for your use case, the api-server can work with any auth provider that uses jwt access tokens. It is pretty barebones at the moment, it doesn’t support oidc discovery and jwks but you can configure it with the public key of the auth provider directly rmf-web/packages/api-server/api_server/default_config.py at e3d2b1c460af72eda810c90e20ddfd44d04d636f · open-rmf/rmf-web · GitHub
Posted by @rmj1405:
I understand now! Thank you so much for the detailed responses!