This service is responsible for safely requesting and delivering a 2FA token to an arbitrary CI job. Typically though a tool like semantic-release.
Head over to https://continuousauth.dev and sign in to start using CFA. You can also check out our usage documentation for more information on how to use CFA and what it does.
Something like this:
At a high level CFA is just a proxy for 2FA, in a 2FA model there is "something you know" and "something you have". In the CFA model the "something you know" is still your NPM auth token, and the "something you have" is still the OTP generator. CFA just safely mediates a connection between the CI build and you by validating the CI build through both a CFA token and by forcing the CI build to "prove" it is actually asking for a token.
Included below is a flow diagram which explains what CFA verifies and how it verifies it. Other important parts of the code for this verification process can be found in each Requester implementation src/server/requesters.
You should probably just use the hosted version of CFA at https://continuousauth.dev but if you really want to deploy it yourself these are things you need to do.
The following environment variables need to be set:
PORT: Which port to run on (3000by default)SLACK_CLIENT_ID: Slack app idSLACK_CLIENT_SECRET: Slack app secretSLACK_SIGNING_SECRET: Slack app signing secretGITHUB_CLIENT_SECRET: GitHub token that allowselectron-botto cloneelectronGITHUB_CLIENT_ID: Same GitHub token as aboveSESSION_SECRET: Secret to use for web UI session tokensDATABASE_URL: In prod, use this to set a postgres connection URL
Optional variables:
DEBUG: Used by tons of modules used by the bot, set it to*for verbose output