mifi/auth-gatekeeper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit - version 1.0.0

Browse Source
This commit is contained in:
Mike Fitzpatrick
2023-05-30 17:38:55 -04:00
commit 1f3eb0b9c9
23 changed files with 9396 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
.drone.yml Normal file
View File

@@ -0,0 +1,136 @@
kind: pipeline
type: docker
name: Test Pipeline
workspace:
path: /drone/auth
steps:
- name: yarn install
image: node:20-bullseye-slim
environment:
YARN_VERSION: 3.5.0
commands:
- yarn set version stable
- yarn install
volumes:
- name: yarnrc
path: /drone/auth/.yarnrc.yml
- name: Code Style Checks
image: node:latest
commands:
- yarn prettier
- name: Lint
image: node:latest
commands:
- yarn lint
- name: Unit Tests
image: node:latest
commands:
- yarn test
- name: Send Test Status Notification
image: plugins/webhook
settings:
urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
content_type: application/json
template: |
{
"icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
"text": "[{{ repo.name }} - Build # {{ build.number }}] Code Quality Checks {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
"username":"DroneBot"
}
when:
status:
- success
- failure
- name: Build
image: node:latest
commands:
- yarn build:production
- name: Send Build Status Notifications
image: plugins/webhook
settings:
urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
content_type: application/json
template: |
{
"icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
"text": "[{{ repo.name }} - Build # {{ build.number }}] Build package {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
"username":"DroneBot"
}
when:
status:
- success
- failure
volumes:
- name: yarnrc
host:
path: /volume1/docker/.yarnrc.yml
trigger:
branch:
- main
- develop
event:
- pull_request
---
kind: pipeline
type: docker
name: Publish Pipeline
workspace:
path: /drone/auth
steps:
- name: Build
image: node:20-bullseye-slim
environment:
YARN_VERSION: 3.5.0
commands:
- yarn set version stable
- yarn install
- yarn build:production
volumes:
- name: yarnrc
path: /drone/auth/.yarnrc.yml
- name: Publish NPM
image: node:20-bullseye-slim
commands:
- yarn npm publish
volumes:
- name: npmrc
path: /drone/auth/.npmrc
- name: yarnrc
path: /drone/auth/.yarnrc.yml
- name: Report NPM Publish Status
image: plugins/webhook
settings:
urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
content_type: application/json
template: |
{
"icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
"text": "[{{ repo.name }} - New npm package release {{tag}} from # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
"username":"DroneBot"
}
when:
status:
- success
- failure
volumes:
- name: npmrc
host:
path: /volume1/docker/beethoven/labs-auth/.npmrc
- name: yarnrc
host:
path: /volume1/docker/.yarnrc.yml
depends_on:
- Test Pipeline
trigger:
event:
- tag

19
.eslintrc.js Normal file
View File

@@ -0,0 +1,19 @@
/* eslint-env node */
module.exports = {
extends: [
'eslint:recommended',
'plugin:@typescript-eslint/recommended',
'plugin:import/errors',
'plugin:prettier/recommended',
'prettier',
],
parser: '@typescript-eslint/parser',
plugins: ['@typescript-eslint'],
settings: {
'import/parsers': {
'@typescript-eslint/parser': ['.ts', '.tsx'],
},
'import/resolver': 'typescript',
},
root: true,
};

135
.gitignore vendored Normal file
View File

@@ -0,0 +1,135 @@
# ---> Node
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# Snowpack dependency directory (https://snowpack.dev/)
web_modules/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional stylelint cache
.stylelintcache
# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
# Next.js build output
.next
out
# Nuxt.js build / generate output
.nuxt
dist
# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public
# vuepress build output
.vuepress/dist
# vuepress v2.x temp and cache directory
.temp
.cache
# Docusaurus cache and generated files
.docusaurus
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# TernJS port file
.tern-port
# Stores VSCode versions used for testing VSCode extensions
.vscode-test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
# Project
lib/
.yarnrc.yml

10
.npmignore Normal file
View File

@@ -0,0 +1,10 @@
.build.yarnrc.yml
.drone.yml
.eslintrc*
.npmrc
.prettierrc*
.yarnrc.yml
babel.config.*
jest.config.*
tsconfig*.json
tslint.json

7
.prettierrc.js Normal file
View File

@@ -0,0 +1,7 @@
module.exports = {
parser: 'typescript',
printWidth: 120,
trailingComma: 'all',
tabWidth: 4,
singleQuote: true,
};

873
.yarn/releases/yarn-3.5.1.cjs vendored Executable file
View File

File diff suppressed because one or more lines are too long

2
README.md Normal file
View File

@@ -0,0 +1,2 @@
# @mifi/services-common

195
jest.config.ts Normal file
View File

@@ -0,0 +1,195 @@
/*
* For a detailed explanation regarding each configuration property and type check, visit:
* https://jestjs.io/docs/configuration
*/
export default {
// All imported modules in your tests should be mocked automatically
// automock: false,
// Stop running tests after `n` failures
// bail: 0,
// The directory where Jest should store its cached dependency information
// cacheDirectory: "/private/var/folders/75/3cyx0pq133n7gk3ysqf0mj4r0000gn/T/jest_dx",
// Automatically clear mock calls, instances, contexts and results before every test
clearMocks: true,
// Indicates whether the coverage information should be collected while executing the test
collectCoverage: true,
// An array of glob patterns indicating a set of files for which coverage information should be collected
// collectCoverageFrom: undefined,
// The directory where Jest should output its coverage files
coverageDirectory: "coverage",
// An array of regexp pattern strings used to skip coverage collection
// coveragePathIgnorePatterns: [
// "/node_modules/"
// ],
// Indicates which provider should be used to instrument code for coverage
// coverageProvider: "babel",
// A list of reporter names that Jest uses when writing coverage reports
// coverageReporters: [
// "json",
// "text",
// "lcov",
// "clover"
// ],
// An object that configures minimum threshold enforcement for coverage results
// coverageThreshold: undefined,
// A path to a custom dependency extractor
// dependencyExtractor: undefined,
// Make calling deprecated APIs throw helpful error messages
// errorOnDeprecated: false,
// The default configuration for fake timers
// fakeTimers: {
// "enableGlobally": false
// },
// Force coverage collection from ignored files using an array of glob patterns
// forceCoverageMatch: [],
// A path to a module which exports an async function that is triggered once before all test suites
// globalSetup: undefined,
// A path to a module which exports an async function that is triggered once after all test suites
// globalTeardown: undefined,
// A set of global variables that need to be available in all test environments
// globals: {},
// The maximum amount of workers used to run your tests. Can be specified as % or a number. E.g. maxWorkers: 10% will use 10% of your CPU amount + 1 as the maximum worker number. maxWorkers: 2 will use a maximum of 2 workers.
// maxWorkers: "50%",
// An array of directory names to be searched recursively up from the requiring module's location
// moduleDirectories: [
// "node_modules"
// ],
// An array of file extensions your modules use
// moduleFileExtensions: [
// "js",
// "mjs",
// "cjs",
// "jsx",
// "ts",
// "tsx",
// "json",
// "node"
// ],
// A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
// moduleNameMapper: {},
// An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
// modulePathIgnorePatterns: [],
// Activates notifications for test results
// notify: false,
// An enum that specifies notification mode. Requires { notify: true }
// notifyMode: "failure-change",
// A preset that is used as a base for Jest's configuration
// preset: undefined,
// Run tests from one or more projects
// projects: undefined,
// Use this configuration option to add custom reporters to Jest
// reporters: undefined,
// Automatically reset mock state before every test
// resetMocks: false,
// Reset the module registry before running each individual test
// resetModules: false,
// A path to a custom resolver
// resolver: undefined,
// Automatically restore mock state and implementation before every test
// restoreMocks: false,
// The root directory that Jest should scan for tests and modules within
// rootDir: undefined,
// A list of paths to directories that Jest should use to search for files in
// roots: [
// "<rootDir>"
// ],
// Allows you to use a custom runner instead of Jest's default test runner
// runner: "jest-runner",
// The paths to modules that run some code to configure or set up the testing environment before each test
// setupFiles: [],
// A list of paths to modules that run some code to configure or set up the testing framework before each test
// setupFilesAfterEnv: [],
// The number of seconds after which a test is considered as slow and reported as such in the results.
// slowTestThreshold: 5,
// A list of paths to snapshot serializer modules Jest should use for snapshot testing
// snapshotSerializers: [],
// The test environment that will be used for testing
// testEnvironment: "jest-environment-node",
// Options that will be passed to the testEnvironment
// testEnvironmentOptions: {},
// Adds a location field to test results
// testLocationInResults: false,
// The glob patterns Jest uses to detect test files
// testMatch: [
// "**/__tests__/**/*.[jt]s?(x)",
// "**/?(*.)+(spec|test).[tj]s?(x)"
// ],
// An array of regexp pattern strings that are matched against all test paths, matched tests are skipped
// testPathIgnorePatterns: [
// "/node_modules/"
// ],
// The regexp pattern or array of patterns that Jest uses to detect test files
// testRegex: [],
// This option allows the use of a custom results processor
// testResultsProcessor: undefined,
// This option allows use of a custom test runner
// testRunner: "jest-circus/runner",
// A map from regular expressions to paths to transformers
// transform: undefined,
// An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation
// transformIgnorePatterns: [
// "/node_modules/",
// "\\.pnp\\.[^\\/]+$"
// ],
// An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them
// unmockedModulePathPatterns: undefined,
// Indicates whether each individual test should be reported during the run
// verbose: undefined,
// An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode
// watchPathIgnorePatterns: [],
// Whether to use watchman for file crawling
// watchman: true,
};

54
package.json Normal file
View File

@@ -0,0 +1,54 @@
{
"name": "@mifi/auth-gatekeeper",
"version": "1.0.0",
"author": "mifi (Mike Fitzpatrick)",
"license": "MIT",
"scripts": {
"build": "tsc",
"build:production": "tsc -p ./tsconfig.production.json",
"format": "prettier:fix && lint:fix",
"lint": "eslint --ext .ts,.tsx src/",
"lint:fix": "eslint --fix --ext .ts,.tsx src/",
"prettier": "prettier --check 'src/**/*.ts'",
"prettier:fix": "prettier --write 'src/**/*.ts'",
"test": "jest --passWithNoTests ./src"
},
"devDependencies": {
"@babel/core": "^7.21.8",
"@babel/preset-env": "^7.21.5",
"@babel/preset-typescript": "^7.21.5",
"@tsconfig/node16": "^1.0.4",
"@types/jest": "^29.5.1",
"@types/jsonwebtoken": "^9.0.2",
"@types/koa": "^2.13.6",
"@types/node": "^20.2.3",
"@typescript-eslint/eslint-plugin": "^5.59.2",
"@typescript-eslint/parser": "^5.59.2",
"babel-jest": "^29.5.0",
"eslint": "^8.39.0",
"eslint-config-prettier": "^8.8.0",
"eslint-import-resolver-typescript": "^3.5.5",
"eslint-plugin-import": "^2.27.5",
"eslint-plugin-n": "^15.0.0",
"eslint-plugin-prettier": "^4.2.1",
"eslint-plugin-promise": "^6.0.0",
"jest": "^29.5.0",
"koa": "^2.14.2",
"prettier": "^2.8.4",
"prettier-eslint": "^15.0.1",
"prettier-eslint-cli": "^7.1.0",
"ts-node": "^10.9.1",
"typescript": "^4.9.5"
},
"description": "",
"repository": {
"type": "git",
"url": "https://git.mifi.dev/mifi/auth-gatekeeper.git"
},
"packageManager": "yarn@3.5.1",
"dependencies": {
"@mifi/services-common": "^1.0.8",
"http-status-codes": "^2.2.0",
"jsonwebtoken": "^9.0.0"
}
}

10
src/env.ts Normal file
View File

@@ -0,0 +1,10 @@
export const PACKAGE_NAME = '@mifi/auth-gatekeeper';
export const JWT_AUDIENCE = process.env.JWT_AUDIENCE || 'mifi.dev';
export const JWT_ISSUER = process.env.JWT_ISSUER || PACKAGE_NAME;
export const JWT_SECRET = process.env.JWT_SECRET || 'secret';
export const LOGIN_VALID_TIMEOUT = process.env.LOGIN_VALID_TIMEOUT || '12h'; // ###d|h|m
export const RESET_VALID_TIMEOUT = process.env.RESET_VALID_TIMEOUT || '15m'; // ###d|h|m
export const VERIFY_VALID_TIMEOUT = process.env.VERIFY_VALID_TIMEOUT || '60d'; // ###d|h|m
export const DEFAULT_TOKEN_DAYS = process.env.DEFAULT_TOKEN_DAYS || 365;

43
src/index.ts Normal file
View File

@@ -0,0 +1,43 @@
import { StatusCodes } from 'http-status-codes';
import { Middleware } from 'koa';
import { initialize } from './middleware/initialize';
import { Strategy as StrategyBase, VerifyFunction } from './strategy';
import { authenticated } from './middleware/authenticated';
class Gatekeeper {
private static instance: Gatekeeper;
private strategies: { [key: string]: VerifyFunction } = {};
public authenticate =
(strategy: string): Middleware =>
async (ctx) => {
if (this.strategies[strategy]) {
const user = await this.strategies[strategy](ctx);
if (user) {
ctx.user = user;
}
} else {
ctx.throw(StatusCodes.INTERNAL_SERVER_ERROR);
}
};
public static authenticated = authenticated;
public initialize = initialize;
public static getInstance = () => {
if (!Gatekeeper.instance) {
Gatekeeper.instance = new Gatekeeper();
}
return Gatekeeper.instance;
};
public use = (strategy: StrategyBase) => {
this.strategies[<string>strategy.name] = strategy.verify;
};
}
export const gatekeeper = Gatekeeper.getInstance();
export const Strategy = StrategyBase;

11
src/middleware/authenticated.ts Normal file
View File

@@ -0,0 +1,11 @@
import { Middleware } from 'koa';
import { LOGIN_ROUTE } from '../../constants/env';
export const authenticated: Middleware = async (ctx, next) => {
if (ctx?.isAuthenticated()) {
await next();
} else {
ctx.redirect(process.env.LOGIN_ROUTE || LOGIN_ROUTE);
}
};

18
src/middleware/initialize.ts Normal file
View File

@@ -0,0 +1,18 @@
import { Middleware } from 'koa';
import { GatekeeperUser } from './types/GatekeeperUser';
declare module 'koa' {
interface ExtendableContext {
user: GatekeeperUser | null;
isAuthenticated(): boolean;
isUnauthenticated(): boolean;
logout(): void;
}
}
export const initialize: Middleware = (ctx) => {
ctx.user = null;
ctx.isAuthenticated = () => !!ctx.user;
ctx.isUnauthenticated = () => !ctx.user;
ctx.logout = () => (ctx.user = null);
};

16
src/middleware/jwt.ts Normal file
View File

@@ -0,0 +1,16 @@
import { Middleware } from 'koa';
import { verify } from '../utils/jwt';
import { GatekeeperUser } from '../types/GatekeeperUser';
export const jwt: Middleware = (ctx) => {
const [type, token] = ctx.request.headers.authorization
? ctx.request.headers.authorization.split(' ')
: ['Basic', null];
if (type === 'Bearer' && token) {
const decoded = verify(token);
if (decoded?.sub) {
ctx.user = <GatekeeperUser>decoded;
}
}
};

19
src/middleware/session.ts Normal file
View File

@@ -0,0 +1,19 @@
import { Middleware } from 'koa';
import { GatekeeperUser } from './types/GatekeeperUser';
type Fn<P, T> = (u: P) => T;
export const session =
<S = GatekeeperUser>(
sFn: Fn<GatekeeperUser, S> = (u) => u as S,
dFn: Fn<S, GatekeeperUser> = (u) => u as GatekeeperUser,
): Middleware =>
async (ctx, next) => {
if (ctx.session?.user) {
ctx.user = dFn(ctx.session.user);
}
await next();
if (ctx.session && ctx.session?.user && ctx.user) {
ctx.session.user = sFn(ctx.user);
}
};

18
src/strategy.ts Normal file
View File

@@ -0,0 +1,18 @@
import { Context } from 'koa';
import { STRATEGIES } from '../../constants/strategies';
import { GatekeeperUser } from './types/GatekeeperUser';
export type VerifyFunction = (ctx: Context) => Promise<GatekeeperUser | false>;
export class Strategy {
public name: keyof typeof STRATEGIES | string;
private verifyFn: VerifyFunction;
constructor(name: Strategy['name'], verify: Strategy['verifyFn']) {
this.name = name;
this.verifyFn = verify;
}
public verify: VerifyFunction = async (ctx) => this.verifyFn(ctx);
}

9
src/types/GatekeeperUser.ts Normal file
View File

@@ -0,0 +1,9 @@
export type GatekeeperUser<R = object> = {
record: string;
roles?: R;
sub: string;
tokens?: {
jwt: string;
refresh: string;
};
};

4
src/utils/jwt/index.ts Normal file
View File

@@ -0,0 +1,4 @@
import { sign } from './sign';
import { verify } from './verify';
export { sign, verify };

35
src/utils/jwt/sign.ts Normal file
View File

@@ -0,0 +1,35 @@
import { sign as jwtSign } from 'jsonwebtoken';
import { JWT_AUDIENCE, JWT_ISSUER, JWT_SECRET } from '../../constants/env';
import { Payload } from '@mifi/services-common/lib/types/Payload';
export type TokenProps = Payload & {
aud?: string;
exp?: number;
iss?: string;
sub: string | null;
};
export type SignProps = string | TokenProps | void;
export const sign = (props: SignProps) => {
const today = new Date();
const { sub = null, ...rest }: TokenProps =
typeof props === 'string' || typeof props === 'undefined' ? { sub: props || null } : props;
let { exp } = rest;
if (!exp) {
const defaultExp = new Date(today);
defaultExp.setDate(today.getDate() + parseInt(process.env.JWT_DAYS_VALID as string));
exp = defaultExp.getTime() / 1000;
}
return jwtSign(
{
exp,
sub,
aud: rest.aud || JWT_AUDIENCE,
iat: today.getTime(),
iss: rest.iss || JWT_ISSUER,
},
JWT_SECRET,
);
};

4
src/utils/jwt/verify.ts Normal file
View File

@@ -0,0 +1,4 @@
import { verify as jwtVerify } from 'jsonwebtoken';
import { JWT_SECRET } from '../../constants/env';
export const verify = (token: string) => jwtVerify(token, JWT_SECRET);

17
tsconfig.json Normal file
View File

@@ -0,0 +1,17 @@
{
"extends": "@tsconfig/node16/tsconfig.json",
"compilerOptions": {
"allowSyntheticDefaultImports": true,
"declaration": true,
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"noImplicitAny": true,
"outDir": "lib/",
"rootDirs": ["./", "src/"],
"strict": true,
"esModuleInterop": true,
"sourceMap": true,
"removeComments": false
},
"include": ["src"]
}

17
tsconfig.production.json Normal file
View File

@@ -0,0 +1,17 @@
{
"extends": "@tsconfig/node16/tsconfig.json",
"compilerOptions": {
"allowSyntheticDefaultImports": true,
"declaration": true,
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"noImplicitAny": true,
"outDir": "lib/",
"rootDirs": ["./", "src/"],
"strict": true,
"esModuleInterop": true,
"sourceMap": true,
"removeComments": false
},
"include": ["src"]
}

7744
yarn.lock Normal file
View File

File diff suppressed because it is too large Load Diff