Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Authentication to API #12

Merged
merged 76 commits into from
Jun 23, 2021
Merged

Adding Authentication to API #12

Show file tree
Hide file tree
Changes from 39 commits
Commits
Show all changes
76 commits
Select commit Hold shift + click to select a range
0393f2e
- Added starting points for user authentication and authorization
MikeDrewitt Jun 6, 2021
8e9a5ea
- SAML working w/ client
MikeDrewitt Jun 8, 2021
ca79be3
Provider default json created
MikeDrewitt Jun 8, 2021
4325775
- Auth working
MikeDrewitt Jun 9, 2021
3defe76
- Moving shared modueles out
MikeDrewitt Jun 9, 2021
1394545
Moved json back to env (couldn't change branches)
MikeDrewitt Jun 9, 2021
68d4d87
Update json configs
MikeDrewitt Jun 10, 2021
699e34a
[WIP] Implement additional JWT controls
daviddob Jun 10, 2021
acfc209
Updated login controller to support developer login correctly
MikeDrewitt Jun 10, 2021
b3f1ce0
Merged things together
MikeDrewitt Jun 10, 2021
ed78f81
First round cleanup
MikeDrewitt Jun 10, 2021
e14a896
Working through PR
MikeDrewitt Jun 11, 2021
32d1264
Fisrt draft PR
MikeDrewitt Jun 11, 2021
f1487d9
Updated ts settings
MikeDrewitt Jun 11, 2021
2d0f1dd
Nearly there
MikeDrewitt Jun 11, 2021
749691e
Rename user columns
MikeDrewitt Jun 11, 2021
b29ea7f
Broke out controllers and routers
MikeDrewitt Jun 11, 2021
440f3c7
No need 4 middleware
MikeDrewitt Jun 11, 2021
87ddda5
Implement SAML Metadata endpoint
daviddob Jun 11, 2021
68af998
[WIP] Add base config generator script
daviddob Jun 12, 2021
c531446
Initial genConfig dockerfile
daviddob Jun 12, 2021
dade184
Update image to alpine and add generate-config npm command
daviddob Jun 12, 2021
dcd37e3
- Added starting points for user authentication and authorization
MikeDrewitt Jun 6, 2021
05f5f7a
- SAML working w/ client
MikeDrewitt Jun 8, 2021
1fa712f
Provider default json created
MikeDrewitt Jun 8, 2021
9812125
- Auth working
MikeDrewitt Jun 9, 2021
f95d1d6
- Moving shared modueles out
MikeDrewitt Jun 9, 2021
8f10b46
Moved json back to env (couldn't change branches)
MikeDrewitt Jun 9, 2021
8279f47
Update json configs
MikeDrewitt Jun 10, 2021
f2916ce
[WIP] Implement additional JWT controls
daviddob Jun 10, 2021
a699087
Updated login controller to support developer login correctly
MikeDrewitt Jun 10, 2021
c48fa2f
Merged things together
MikeDrewitt Jun 10, 2021
cf24e0f
First round cleanup
MikeDrewitt Jun 10, 2021
eaf1dd3
Working through PR
MikeDrewitt Jun 11, 2021
21aac0d
Fisrt draft PR
MikeDrewitt Jun 11, 2021
efeea26
Updated ts settings
MikeDrewitt Jun 11, 2021
4c975e0
Nearly there
MikeDrewitt Jun 11, 2021
9fe5ab9
Rename user columns
MikeDrewitt Jun 11, 2021
f170da3
Broke out controllers and routers
MikeDrewitt Jun 11, 2021
406be7b
No need 4 middleware
MikeDrewitt Jun 11, 2021
17202a5
Implement SAML Metadata endpoint
daviddob Jun 11, 2021
4e8866c
[WIP] Add base config generator script
daviddob Jun 12, 2021
956d096
Initial genConfig dockerfile
daviddob Jun 12, 2021
c59dea7
Update image to alpine and add generate-config npm command
daviddob Jun 12, 2021
0d04680
Tested and fixed SAML auth after config refactor
daviddob Jun 12, 2021
6a67afa
Updaetd tests
MikeDrewitt Jun 12, 2021
ba4d32c
Generalized token verification
MikeDrewitt Jun 12, 2021
77e912f
Login controller tested
MikeDrewitt Jun 13, 2021
8af6aba
Including test stubbed config
MikeDrewitt Jun 13, 2021
104c75f
Login developer controller tests
MikeDrewitt Jun 13, 2021
926f7b8
Saml controller tests
MikeDrewitt Jun 13, 2021
7f08064
Authmiddleware tests
MikeDrewitt Jun 13, 2021
e79afac
Updated Readme
MikeDrewitt Jun 13, 2021
c01c041
Update gitignore
MikeDrewitt Jun 13, 2021
ad29543
Rename constraint names in migrations
MikeDrewitt Jun 13, 2021
a9d3dcc
Removed unused env vars
MikeDrewitt Jun 13, 2021
78c46cb
Use logging db from yaml
MikeDrewitt Jun 13, 2021
c8ef9b8
Force login user if their refresh token is within a buffer of it's ex…
MikeDrewitt Jun 13, 2021
179e7d8
Added tests for expiration buffer
MikeDrewitt Jun 13, 2021
be83a1d
Update some docs
MikeDrewitt Jun 13, 2021
4f7b14a
Updated package-lock.json
MikeDrewitt Jun 15, 2021
7c4cf47
Typo cleanups
jpobzy Jun 17, 2021
1c4081b
Merge remote-tracking branch 'origin/auth' into auth
jpobzy Jun 17, 2021
74b2279
Typo cleanups
jpobzy Jun 17, 2021
5738581
Fix in PR
MikeDrewitt Jun 21, 2021
b99938e
Apply suggestions from code review
MikeDrewitt Jun 21, 2021
7a0d3fa
Updated PR stuffs
MikeDrewitt Jun 21, 2021
5a7a31a
Working
MikeDrewitt Jun 22, 2021
e5dc747
Removed default.yml
MikeDrewitt Jun 22, 2021
48826b3
removed refresh token
MikeDrewitt Jun 22, 2021
5aaebdd
Add styleguide to readme
MikeDrewitt Jun 22, 2021
af6357a
PR mostly done
MikeDrewitt Jun 22, 2021
1835081
Remove dev auth
MikeDrewitt Jun 22, 2021
7ce6127
Add validation to passport provider callbacks
MikeDrewitt Jun 22, 2021
74cb0ed
Updated docs fixed saml bug
MikeDrewitt Jun 23, 2021
60672a1
Changed auth shared to master
MikeDrewitt Jun 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added .DS_Store
View file
Open in desktop
Binary file not shown.
6 changes: 6 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,8 @@
node_modules/
build/
env/

config/*.yml
!config/test.yml
MikeDrewitt marked this conversation as resolved.
Show resolved Hide resolved

.DS_Store
6 changes: 6 additions & 0 deletions .vscode/launch.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
"runtimeArgs": ["--nolazy", "-r", "ts-node/register/transpile-only"],

"args": ["src/index.ts"],
"env": {},

"resolveSourceMapLocations": [
"${workspaceFolder}/**",
"!**/node_modules/**"
],

"cwd": "${workspaceRoot}",
"internalConsoleOptions": "openOnSessionStart",
Expand Down
8 changes: 4 additions & 4 deletions @types/express/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import User from '../../src/model/users.model'

import { AccessToken, RefreshToken } from 'devu-shared-modules'
declare global {
namespace Express {
interface Request {
user?: User
users?: User[]
// Auth Data
currentUser?: AccessToken // Deserialized access token
refreshUser?: RefreshToken // Deserialized refresh token
}
}
}
14 changes: 10 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ Run the initial migrations to setup our DB schema
npm run typeorm -- migration:run
```

Run the setup script to create local development auth keys. These are used in local development for signing and authenticating JWTs.

```
npm run generate-config
```

MikeDrewitt marked this conversation as resolved.
Show resolved Hide resolved
Once you've got all the dependencies installed you can run the project via

```
Expand Down Expand Up @@ -82,7 +88,7 @@ For those unfamiliar with Express, I'll attempt to give a brief rundown before t
Express is a REST framework for node. Devs new to express will likely find one of the most perplexing parts of Express to be how it handles middleware. For those unfamiliar with what middleware is, it's largely a catch all term for code that connects together pieces of code in the api. In Express's context, middleware is basically everything that runs within each router; here's an example:

```typescript
Router.get('/:id', idAsInt, UserController.detail, serializer)
Router.get('/:id', idAsInt, UserController.detail)
```

In express, all of the functions added after the route's path are considered middleware and each route can have as many middleware as is needed. In this project we separate out `controllers` into their own directory though they are still considered middleware.
Expand Down Expand Up @@ -113,11 +119,11 @@ Let's take this from the top
- `index.ts`: where the application is bootstrapped from, controls all global server controls and middlewares
- `routers/index.ts`: largely a rollup for all the other routers. Can be used to add router specific middleware to routes/ subroutes
- `routers/route.ts`: Individual routes for each resource, where the list of middleware can be found. _All routers call unique middleware_
- Middleware: The above diagram is a bit of a misnomer. Not every endpoint will have validators, controllers, and serializers. Some will have all of those, some may have none. Each route will have at least one middleware, and the last middleware will deal with returning the requested data
- Middleware: The above diagram is a bit of a misnomer. Not every endpoint will have auth, validators, and controllers. Some will have all of those, some may have none. Each route will have at least one middleware, and the last middleware will deal with returning the requested data
- Auth: checks the access/ refresh tokens
- Validators: validates the bodies of requests
- Controllers: deals with setting status codes, and directing to services
- Controllers: deals with setting status codes, and directing to services. For the most part, controllers should be the last piece of middleware in the chain.
- Services: Workhorse of the application. Deals with all major application logic and database calls
- Serializers: Formats the data to be a sane, reusable response.

The database models live outside of this control flow as they don't deal with any buisness logic. However services will use them to access the database. You can largely think of the the models as a 1:1 map to database tables.

Expand Down
296 changes: 296 additions & 0 deletions config/default.yml
View file
Open in desktop

Large diffs are not rendered by default.

77 changes: 77 additions & 0 deletions config/default.yml.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
api:
clientUrl: http://localhost:9000
scheme: http
host: localhost
port: 3001

database:
host: 'localhost'
username: 'typescript_user'
password: 'password'
database: 'typescript_api'

logging:
db: false

auth:
jwt:
activeKeyId: sk07112021
accessTokenValiditySeconds: 600 # 10 minutes (seconds)
refreshTokenValiditySeconds: 864000 # 10 days (seconds)
refreshTokenExpirationBufferSeconds: 86400 # 1 days (seconds))
MikeDrewitt marked this conversation as resolved.
Show resolved Hide resolved
keys:
sk07112021:
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
publicKey: |
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

providers:
devAuth:
enabled: true

saml:
name: MyUB
enabled: false
entryPoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
attributeMap:
urn:oid:0.9.2342.19200300.100.1.3: email
urn:oid:0.9.2342.19200300.100.1.1: externalId
urn:oasis:names:tc:SAML:attribute:subject-id: identifier
urn:oid:2.5.4.4: sn
urn:oid:2.16.840.1.113730.3.1.241: displayName
urn:oid:2.5.4.20: telephoneNumber
urn:oid:2.5.4.42: givenName
https://samltest.id/attributes/role: role
urn:oid:1.3.6.1.4.1.5923.1.1.1.7: eduPersonEntitlement
idpCerts:
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
encryption:
privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
signing:
privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
77 changes: 77 additions & 0 deletions config/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
api:
MikeDrewitt marked this conversation as resolved.
Show resolved Hide resolved
clientUrl: http://localhost:9000
scheme: http
host: localhost
port: 3001

database:
host: 'localhost'
username: 'typescript_user'
password: 'password'
database: 'typescript_api'

logging:
db: false

auth:
jwt:
activeKeyId: sk07112021
accessTokenValiditySeconds: 600 # 10 minutes (seconds)
refreshTokenValiditySeconds: 864000 # 10 days (seconds)
refreshTokenExpirationBufferSeconds: 86400 # 1 days (seconds)
keys:
sk07112021:
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
publicKey: |
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

providers:
devAuth:
enabled: true

saml:
name: MyUB
enabled: false
entryPoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
attributeMap:
urn:oid:0.9.2342.19200300.100.1.3: email
urn:oid:0.9.2342.19200300.100.1.1: externalId
urn:oasis:names:tc:SAML:attribute:subject-id: identifier
urn:oid:2.5.4.4: sn
urn:oid:2.16.840.1.113730.3.1.241: displayName
urn:oid:2.5.4.20: telephoneNumber
urn:oid:2.5.4.42: givenName
https://samltest.id/attributes/role: role
urn:oid:1.3.6.1.4.1.5923.1.1.1.7: eduPersonEntitlement
idpCerts:
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
encryption:
privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
signing:
privateKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Binary file modified docs/controlFlow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading