Add GitHub authentication in front of the /dashboard service

2018-09-10 17:26:41 -07:00 · 2018-09-10 17:26:41 -07:00 · 0854281cd4
parent 39112b800f
commit 0854281cd4
8 changed files with 173 additions and 1 deletions
--- a/config/default.json
+++ b/config/default.json
@ -3,6 +3,19 @@
  "port": 3030,
  "public": "../public/",
  "postgres": "postgres://postgres:jenkinsuplink@db:5432/uplink_development",
+  "authentication": {
+    "secret": "a poorly formed development secret",
+    "session" : true,
+    "cookie" : {
+      "secure": false,
+      "enabled": true,
+      "name": "uplink-jwt"
+    }
+  },
+  "github": {
+    "clientID": "72bd7848c64951dded52",
+    "clientSecret": "60a8dc07b6391bff756d4eab3b84a520ee87becc"
+  },
  "paginate": {
    "default": 10,
    "max": 50
--- a/package-lock.json
+++ b/package-lock.json
@ -62,6 +62,29 @@
        }
      }
    },
+    "@feathersjs/authentication-jwt": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/@feathersjs/authentication-jwt/-/authentication-jwt-2.0.3.tgz",
+      "integrity": "sha512-FRiIlPI0Vh7LJaaws6yL651i7dQjISgdr3MijKZrKujpsBuc+jbZKKkRZWT+8t+XPu96Ph1qHhy1OpRskS8mgg==",
+      "requires": {
+        "@feathersjs/errors": "^3.3.2",
+        "debug": "^3.1.0",
+        "lodash.merge": "^4.6.0",
+        "lodash.omit": "^4.5.0",
+        "lodash.pick": "^4.4.0",
+        "passport-jwt": "^4.0.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+          "requires": {
+            "ms": "2.0.0"
+          }
+        }
+      }
+    },
    "@feathersjs/authentication-oauth2": {
      "version": "1.2.2",
      "resolved": "https://registry.npmjs.org/@feathersjs/authentication-oauth2/-/authentication-oauth2-1.2.2.tgz",
@ -2742,6 +2765,15 @@
      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
      "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
    },
+    "cookie-parser": {
+      "version": "1.4.3",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.3.tgz",
+      "integrity": "sha1-D+MfoZ0AC5X0qt8fU/3CuKIDuqU=",
+      "requires": {
+        "cookie": "0.3.1",
+        "cookie-signature": "1.0.6"
+      }
+    },
    "cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@ -3994,6 +4026,24 @@
        "bser": "^2.0.0"
      }
    },
+    "feathers-memory": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/feathers-memory/-/feathers-memory-2.2.0.tgz",
+      "integrity": "sha512-rkx6oKBMbQbqtXUCS8GfC9wRubcNNBD0cHIU7Mesyg1Wsk0Dm7JftqrLz0fax1R1j2VMmMM8EZXuljhdtfdGLw==",
+      "requires": {
+        "@feathersjs/commons": "^1.3.0",
+        "@feathersjs/errors": "^3.2.0",
+        "sift": "^6.0.0",
+        "uberproto": "^2.0.1"
+      },
+      "dependencies": {
+        "@feathersjs/commons": {
+          "version": "1.4.4",
+          "resolved": "https://registry.npmjs.org/@feathersjs/commons/-/commons-1.4.4.tgz",
+          "integrity": "sha512-ZPpzyZA3CPfoa9AuFv3BJUI/ubzaaXixp8T/pqeMFPT6DOaU/6oF7lz1RxwimzfJNna4gy/HByt0EoLSI3BKWg=="
+        }
+      }
+    },
    "feathers-sequelize": {
      "version": "3.1.2",
      "resolved": "https://registry.npmjs.org/feathers-sequelize/-/feathers-sequelize-3.1.2.tgz",
@ -7477,6 +7527,15 @@
        "passport-oauth2": "1.x.x"
      }
    },
+    "passport-jwt": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/passport-jwt/-/passport-jwt-4.0.0.tgz",
+      "integrity": "sha512-BwC0n2GP/1hMVjR4QpnvqA61TxenUMlmfNjYNgK0ZAs0HK4SOQkHcSv4L328blNTLtHq7DbmvyNJiH+bn6C5Mg==",
+      "requires": {
+        "jsonwebtoken": "^8.2.0",
+        "passport-strategy": "^1.0.0"
+      }
+    },
    "passport-oauth2": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/passport-oauth2/-/passport-oauth2-1.4.0.tgz",
@ -8991,6 +9050,11 @@
      "resolved": "https://registry.npmjs.org/shimmer/-/shimmer-1.2.0.tgz",
      "integrity": "sha512-xTCx2vohXC2EWWDqY/zb4+5Mu28D+HYNSOuFzsyRDRvI/e1ICb69afwaUwfjr+25ZXldbOLyp+iDUZHq8UnTag=="
    },
+    "sift": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/sift/-/sift-6.0.0.tgz",
+      "integrity": "sha1-+Tp3jly/BaUCTrw5HmsyURptH4I="
+    },
    "sigmund": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/sigmund/-/sigmund-1.0.1.tgz",
--- a/package.json
+++ b/package.json
@ -38,6 +38,7 @@
  },
  "dependencies": {
    "@feathersjs/authentication": "^2.1.9",
+    "@feathersjs/authentication-jwt": "^2.0.3",
    "@feathersjs/authentication-oauth2": "^1.2.2",
    "@feathersjs/configuration": "^2.0.2",
    "@feathersjs/errors": "^3.3.2",
@ -45,7 +46,9 @@
    "@feathersjs/feathers": "^3.2.1",
    "@feathersjs/socketio": "^3.2.4",
    "compression": "^1.7.3",
+    "cookie-parser": "^1.4.3",
    "cors": "^2.8.4",
+    "feathers-memory": "^2.2.0",
    "feathers-sequelize": "^3.1.2",
    "helmet": "^3.13.0",
    "passport-github": "^1.1.0",
--- a/public/index.html
+++ b/public/index.html
@ -64,6 +64,10 @@
    <main class="container">
        <h2 class="center-text">Uplink is a tiny little service to collect bursts of telemetry data from Jenkins</h2>

+        <div class="center-text">
+            <a href="/auth/github">Log in with GitHub</a>
+        </div>
+
      <footer>
        <p class="center-text">For more information on Uplink see <a href="https://github.com/jenkins-infra/uplink" title="Uplink on GitHub" target="blank">github.com/jenkins-infra/uplink</a>.</p>
      </footer>
--- a/src/app.ts
+++ b/src/app.ts
@ -8,18 +8,25 @@ import logger from './logger';

 import feathers from '@feathersjs/feathers';
 import configuration from '@feathersjs/configuration';
+import authentication from '@feathersjs/authentication';
+import jwt from '@feathersjs/authentication-jwt';
+import oauth2 from '@feathersjs/authentication-oauth2';
+import { Strategy } from 'passport-github';
 import express from '@feathersjs/express';
 import socketio from '@feathersjs/socketio';

+import cookieParser from 'cookie-parser';
+
 import middleware from './middleware';
 import services from './services';
 import { appHooks } from './app.hooks';
 import channels from './channels';

 const app = express(feathers());
+const settings = configuration();

 // Load app configuration
-app.configure(configuration());
+app.configure(settings);
 // Enable security, CORS, compression, favicon and body parsing
 app.use(helmet());
 app.use(cors());
@ -34,6 +41,23 @@ app.use('/', express.static(app.get('public')));
 app.configure(express.rest());
 app.configure(socketio());

+app.get('/dashboard', cookieParser());
+
+/*
+ * Allow overriding the JWT secret in the environment, a la Kubernetes
+ */
+app.get('authentication').secret = process.env.JWT_SECRET || app.get('authentication').secret;
+app.configure(authentication(app.get('authentication')));
+
+app.configure(jwt());
+const githubSettings = app.get('github');
+app.configure(oauth2(Object.assign(githubSettings, {
+  name: 'github',
+  Strategy: Strategy,
+  successRedirect: '/dashboard',
+  scope: [],
+})));
+
 // Configure other middleware (see `middleware/index.js`)
 app.configure(middleware);
 // Set up our services (see `services/index.js`)
--- a/src/services/dashboard.ts
+++ b/src/services/dashboard.ts
@ -0,0 +1,43 @@
+/**
+ * The Dashboard module is for logged in users to view events
+ */
+
+import logger from '../logger';
+
+import { Application, HooksObject, Params } from '@feathersjs/feathers';
+import authentication from '@feathersjs/authentication';
+
+
+export class Dashboard {
+  protected readonly app : Application;
+
+  constructor(app : Application) {
+    this.app = app;
+  }
+
+  public async find(params : Params) : Promise<any> {
+    logger.info('Parameters passed into the Dashboard service', params);
+    return Promise.resolve({});
+  }
+}
+
+export const dashboardHooks : HooksObject = {
+  before: {
+    all: [
+      authentication.hooks.authenticate(['jwt']),
+    ],
+    find: [],
+    get: [],
+    create: [],
+    update: [],
+    patch: [],
+    remove: []
+  },
+  after: {},
+  error: {},
+};
+
+export default (app) => {
+  app.use('/dashboard', new Dashboard(app));
+  app.service('dashboard').hooks(dashboardHooks);
+};
--- a/src/services/index.ts
+++ b/src/services/index.ts
@ -1,5 +1,9 @@
+import dashboard from './dashboard';
 import events from './events';
+import users from './users';

 export default (app) => {
+  app.configure(dashboard);
  app.configure(events);
+  app.configure(users);
 };
--- a/src/services/users.ts
+++ b/src/services/users.ts
@ -0,0 +1,17 @@
+
+import { HooksObject } from '@feathersjs/feathers';
+import memory from 'feathers-memory';
+
+export const usersHooks : HooksObject = {
+  before: {
+  },
+  after: {
+  },
+  error: {
+  },
+};
+
+export default (app) => {
+  app.use('/users', memory());
+  app.service('users').hooks(usersHooks);
+}