Skip to content

Commit

Permalink
Merge branch 'main' into bump-dashboard-version
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbarrosop
dbarrosop authored Nov 19, 2024
2 parents 5e5c9f5 + 70db61c commit a3960f8
Show file tree
Hide file tree
Showing 31 changed files with 5,059 additions and 1,425 deletions.
16 changes: 16 additions & 0 deletions cmd/config/example.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,11 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
Anonymous: &model.ConfigAuthMethodAnonymous{
Enabled: ptr(false),
},
Otp: &model.ConfigAuthMethodOtp{
Email: &model.ConfigAuthMethodOtpEmail{
Enabled: ptr(true),
},
},
EmailPasswordless: &model.ConfigAuthMethodEmailPasswordless{
Enabled: ptr(true),
},
Expand All @@ -241,6 +246,7 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
TeamId: ptr("teamid"),
Scope: []string{"scope"},
PrivateKey: ptr("privatekey"),
Audience: ptr("audience"),
},
Azuread: &model.ConfigAuthMethodOauthAzuread{
Tenant: ptr("tenant"),
Expand All @@ -258,54 +264,63 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Facebook: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Github: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Gitlab: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Google: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Linkedin: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Spotify: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Strava: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Twitch: &model.ConfigStandardOauthProviderWithScope{
Enabled: ptr(true),
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Twitter: &model.ConfigAuthMethodOauthTwitter{
Enabled: ptr(true),
Expand All @@ -317,6 +332,7 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
ClientId: ptr("clientid"),
Scope: []string{"scope"},
ClientSecret: ptr("clientsecret"),
Audience: ptr("audience"),
},
Workos: &model.ConfigAuthMethodOauthWorkos{
Connection: ptr("connection"),
Expand Down
5 changes: 5 additions & 0 deletions cmd/config/validate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,11 @@ func expectedConfig() *model.ConfigConfig {
Anonymous: &model.ConfigAuthMethodAnonymous{
Enabled: ptr(false),
},
Otp: &model.ConfigAuthMethodOtp{
Email: &model.ConfigAuthMethodOtpEmail{
Enabled: ptr(false),
},
},
EmailPasswordless: &model.ConfigAuthMethodEmailPasswordless{
Enabled: ptr(false),
},
Expand Down
9 changes: 9 additions & 0 deletions dockercompose/auth_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,11 @@ func expectedAuth() *Service {
"AUTH_LOCALE_DEFAULT": "en",
"AUTH_MFA_ENABLED": "true",
"AUTH_MFA_TOTP_ISSUER": "totpIssuer",
"AUTH_OTP_EMAIL_ENABLED": "true",
"AUTH_PASSWORD_HIBP_ENABLED": "true",
"AUTH_PASSWORD_MIN_LENGTH": "12",
"AUTH_PORT": "4000",
"AUTH_PROVIDER_APPLE_AUDIENCE": "audience",
"AUTH_PROVIDER_APPLE_CLIENT_ID": "appleClientId",
"AUTH_PROVIDER_APPLE_ENABLED": "true",
"AUTH_PROVIDER_APPLE_KEY_ID": "appleKeyId",
Expand All @@ -57,10 +59,12 @@ func expectedAuth() *Service {
"AUTH_PROVIDER_BITBUCKET_CLIENT_ID": "bitbucketClientId",
"AUTH_PROVIDER_BITBUCKET_CLIENT_SECRET": "bitbucketClientSecret",
"AUTH_PROVIDER_BITBUCKET_ENABLED": "true",
"AUTH_PROVIDER_DISCORD_AUDIENCE": "audience",
"AUTH_PROVIDER_DISCORD_CLIENT_ID": "discordClientId",
"AUTH_PROVIDER_DISCORD_CLIENT_SECRET": "discordClientSecret",
"AUTH_PROVIDER_DISCORD_ENABLED": "true",
"AUTH_PROVIDER_DISCORD_SCOPE": "identify,email",
"AUTH_PROVIDER_FACEBOOK_AUDIENCE": "audience",
"AUTH_PROVIDER_FACEBOOK_CLIENT_ID": "facebookClientId",
"AUTH_PROVIDER_FACEBOOK_CLIENT_SECRET": "facebookClientSecret",
"AUTH_PROVIDER_FACEBOOK_ENABLED": "true",
Expand All @@ -72,14 +76,17 @@ func expectedAuth() *Service {
"AUTH_PROVIDER_GITLAB_CLIENT_SECRET": "gitlabClientSecret",
"AUTH_PROVIDER_GITLAB_ENABLED": "true",
"AUTH_PROVIDER_GITLAB_SCOPE": "read_user",
"AUTH_PROVIDER_GOOGLE_AUDIENCE": "audience",
"AUTH_PROVIDER_GOOGLE_CLIENT_ID": "googleClientId",
"AUTH_PROVIDER_GOOGLE_CLIENT_SECRET": "googleClientSecret",
"AUTH_PROVIDER_GOOGLE_ENABLED": "true",
"AUTH_PROVIDER_GOOGLE_SCOPE": "openid,profile,email",
"AUTH_PROVIDER_LINKEDIN_AUDIENCE": "audience",
"AUTH_PROVIDER_LINKEDIN_CLIENT_ID": "linkedinClientId",
"AUTH_PROVIDER_LINKEDIN_CLIENT_SECRET": "linkedinClientSecret",
"AUTH_PROVIDER_LINKEDIN_ENABLED": "true",
"AUTH_PROVIDER_LINKEDIN_SCOPE": "r_liteprofile,r_emailaddress",
"AUTH_PROVIDER_SPOTIFY_AUDIENCE": "audience",
"AUTH_PROVIDER_SPOTIFY_CLIENT_ID": "spotifyClientId",
"AUTH_PROVIDER_SPOTIFY_CLIENT_SECRET": "spotifyClientSecret",
"AUTH_PROVIDER_SPOTIFY_ENABLED": "true",
Expand All @@ -88,13 +95,15 @@ func expectedAuth() *Service {
"AUTH_PROVIDER_STRAVA_CLIENT_SECRET": "stravaClientSecret",
"AUTH_PROVIDER_STRAVA_ENABLED": "true",
"AUTH_PROVIDER_STRAVA_SCOPE": "read_all",
"AUTH_PROVIDER_TWITCH_AUDIENCE": "audience",
"AUTH_PROVIDER_TWITCH_CLIENT_ID": "twitchClientId",
"AUTH_PROVIDER_TWITCH_CLIENT_SECRET": "twitchClientSecret",
"AUTH_PROVIDER_TWITCH_ENABLED": "true",
"AUTH_PROVIDER_TWITCH_SCOPE": "user:email",
"AUTH_PROVIDER_TWITTER_CONSUMER_KEY": "twitterConsumerKey",
"AUTH_PROVIDER_TWITTER_CONSUMER_SECRET": "twitterConsumerSecret",
"AUTH_PROVIDER_TWITTER_ENABLED": "true",
"AUTH_PROVIDER_WINDOWS_LIVE_AUDIENCE": "audience",
"AUTH_PROVIDER_WINDOWS_LIVE_CLIENT_ID": "windowsliveClientId",
"AUTH_PROVIDER_WINDOWS_LIVE_CLIENT_SECRET": "windowsliveClientSecret",
"AUTH_PROVIDER_WINDOWS_LIVE_ENABLED": "true",
Expand Down
5 changes: 3 additions & 2 deletions dockercompose/compose.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -480,13 +480,14 @@ func sanitizeBranch(name string) string {
return strings.ToLower(re.ReplaceAllString(name, ""))
}

func IsJWTSecretCompatibleWithHasuraAuth(
func IsJWTSecretCompatibleWithHasuraAuth( //nolint:cyclop
jwtSecret *model.ConfigJWTSecret,
) bool {
if jwtSecret != nil && jwtSecret.Type != nil && *jwtSecret.Type != "" && jwtSecret.Key != nil &&
*jwtSecret.Key != "" {
return *jwtSecret.Type == "HS256" || *jwtSecret.Type == "HS384" ||
*jwtSecret.Type == "HS512"
*jwtSecret.Type == "HS512" || *jwtSecret.Type == "RS256" ||
*jwtSecret.Type == "RS384" || *jwtSecret.Type == "RS512"
}
return false
}
Expand Down
16 changes: 16 additions & 0 deletions dockercompose/main_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
Anonymous: &model.ConfigAuthMethodAnonymous{
Enabled: ptr(true),
},
Otp: &model.ConfigAuthMethodOtp{
Email: &model.ConfigAuthMethodOtpEmail{
Enabled: ptr(true),
},
},
EmailPassword: &model.ConfigAuthMethodEmailPassword{
EmailVerificationRequired: ptr(true),
HibpEnabled: ptr(true),
Expand All @@ -82,6 +87,7 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
TeamId: ptr("appleTeamId"),
Scope: []string{},
PrivateKey: ptr("applePrivateKey"),
Audience: ptr("audience"),
},
Azuread: &model.ConfigAuthMethodOauthAzuread{
ClientId: ptr("azureadClientId"),
Expand All @@ -99,54 +105,63 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
ClientSecret: ptr("discordClientSecret"),
Enabled: ptr(true),
Scope: []string{"identify", "email"},
Audience: ptr("audience"),
},
Facebook: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("facebookClientId"),
ClientSecret: ptr("facebookClientSecret"),
Enabled: ptr(true),
Scope: []string{"email"},
Audience: ptr("audience"),
},
Github: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("githubClientId"),
ClientSecret: ptr("githubClientSecret"),
Enabled: ptr(true),
Scope: []string{"user:email"},
Audience: ptr("audience"),
},
Gitlab: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("gitlabClientId"),
ClientSecret: ptr("gitlabClientSecret"),
Enabled: ptr(true),
Scope: []string{"read_user"},
Audience: ptr("audience"),
},
Google: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("googleClientId"),
ClientSecret: ptr("googleClientSecret"),
Enabled: ptr(true),
Scope: []string{"openid", "profile", "email"},
Audience: ptr("audience"),
},
Linkedin: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("linkedinClientId"),
ClientSecret: ptr("linkedinClientSecret"),
Enabled: ptr(true),
Scope: []string{"r_liteprofile", "r_emailaddress"},
Audience: ptr("audience"),
},
Spotify: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("spotifyClientId"),
ClientSecret: ptr("spotifyClientSecret"),
Enabled: ptr(true),
Scope: []string{"user-read-email"},
Audience: ptr("audience"),
},
Strava: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("stravaClientId"),
ClientSecret: ptr("stravaClientSecret"),
Enabled: ptr(true),
Scope: []string{"read_all"},
Audience: ptr("audience"),
},
Twitch: &model.ConfigStandardOauthProviderWithScope{
ClientId: ptr("twitchClientId"),
ClientSecret: ptr("twitchClientSecret"),
Enabled: ptr(true),
Scope: []string{"user:email"},
Audience: ptr("audience"),
},
Twitter: &model.ConfigAuthMethodOauthTwitter{
ConsumerKey: ptr("twitterConsumerKey"),
Expand All @@ -158,6 +173,7 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
ClientSecret: ptr("windowsliveClientSecret"),
Enabled: ptr(true),
Scope: []string{"wl.emails"},
Audience: ptr("audience"),
},
Workos: &model.ConfigAuthMethodOauthWorkos{
ClientId: ptr("workosClientId"),
Expand Down
53 changes: 53 additions & 0 deletions examples/myproject/functions/jwt-verify.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
import { Request, Response } from 'express'
import process from 'process'
import jwt from 'jsonwebtoken'
import jwksClient from 'jwks-rsa'

// Initialize the JWKS client
const client = jwksClient({
jwksUri: 'https://local.auth.local.nhost.run/v1/.well-known/jwks.json',
cache: true,
cacheMaxAge: 86400000, // 24 hours cache
});

export default (req: Request, res: Response) => {
const authHeader = req.headers.authorization;

if (!authHeader?.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Unauthorized: missing header' });
}

const token = authHeader.split(' ')[1];

// Promisify the key fetching and verification process
const verifyToken = new Promise((resolve, reject) => {
const verifyOptions = {
algorithms: ['RS256', 'RS384', 'RS512'],
};

jwt.verify(token, (header, callback) => {
client.getSigningKey(header.kid, (err, key) => {
if (err) return callback(err);
callback(null, key.getPublicKey());
});
}, verifyOptions, (err, decoded) => {
if (err) reject(err);
else resolve(decoded);
});
});

// Execute the verification
verifyToken
.then((decoded) => {
res.status(200).json({
headers: req.headers,
query: req.query,
node: process.version,
arch: process.arch,
token: decoded,
});
})
.catch((err) => {
res.status(401).json({ error: `Unauthorized: ${err}` });
});
}
Loading

0 comments on commit a3960f8

Please sign in to comment.