Add user login

.circleci/config.yml

@@ -0,0 +1,79 @@
+version: 2
+
+jobs:
+  build:
+    working_directory: ~/project/infra
+    machine:
+        enabled: true
+    steps:
+      - checkout:
+          path: ~/project
+
+      - run:
+          name: Install Nix
+          command: |
+            sudo mkdir -p /nix
+            sudo chown circleci /nix
+            bash <(curl https://nixos.org/nix/install)
+            echo '. /home/circleci/.nix-profile/etc/profile.d/nix.sh' >> $BASH_ENV
+            sudo mkdir -p /etc/nix
+
+            # Enable sandbox
+            echo "build-use-sandbox = true" | sudo tee -a /etc/nix/nix.conf
+            echo "substituters = https://cache.nixos.org https://static-haskell-nix.cachix.org https://deckgo.cachix.org" \
+                | sudo tee -a /etc/nix/nix.conf
+            echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= static-haskell-nix.cachix.org-1:Q17HawmAwaM1/BfIxaEDKAxwTOyRVhPG5Ji9K3+FvUU= deckgo.cachix.org-1:Kx6Rm054j44GugSRodI2R8T7tAr2u63gKbcCQ9wgaUk=" \
+                | sudo tee -a /etc/nix/nix.conf
+
+      - run:
+          name: Install cachix
+          command: |
+            nix-env -iA cachix -f https://cachix.org/api/v1/install
+
+      - run:
+          name: Run cachix
+          command: |
+            cachix push deckgo --watch-store
+          background: true
+
+      - run:
+          name: Nix build
+          command: |
+            ./script/test
+
+      - run:
+          name: "Update Node.js and npm"
+          command: |
+            nix-env -f ./nix -iA nodejs-10_x
+
+      - run:
+          name: Install netlify-cli
+          command: |
+            npm install netlify-cli
+
+      - run: # TODO: shouldn't deploy to prod on every commit
+          name: Netlify deploy
+          command: |
+            echo "Branch:" "$CIRCLE_BRANCH"
+            echo "Repo:" "$CIRCLE_REPOSITORY_URL"
+            echo "PR:" "$CIRCLE_PULL_REQUEST"
+            if [ "$CIRCLE_BRANCH" == "master" ]; then
+                echo "Deploying to production"
+                ./node_modules/netlify-cli/bin/run deploy \
+                    --dir=$(nix-build -A swaggerUi --no-link) \
+                    --message="$CIRCLE_SHA1" --prod
+            elif [ -n "$CIRCLE_PULL_REQUEST" ]; then
+                echo "One time deploy for PR $CIRCLE_PR_NUMBER"
+                ./node_modules/netlify-cli/bin/run deploy \
+                    --dir=$(nix-build -A swaggerUi --no-link) \
+                    --message="$CIRCLE_SHA1"
+            else
+                echo "Not deploying"
+            fi
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      - build:
+          context: cachix

infra/default.nix

@@ -14,46 +14,96 @@ rec
   tar -xvf ${pkgs.sources.dynamodb}
   '';
 
-  test = pkgs.runCommand "tests" { buildInputs = [ pkgs.jre pkgs.curl pkgs.netcat pkgs.awscli ]; }
+  publicKey = builtins.readFile ./public.cer;
+
+  swaggerUi = pkgs.runCommand "swagger-ui" {}
+  ''
+    mkdir -p $out
+    ${handler}/bin/swagger $out
+  '';
+
+  googleResp = { "key1" = publicKey ; };
+
+  apiDir = pkgs.writeTextFile
+      { name = "google-resp";
+        destination = "/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
+        text = builtins.toJSON googleResp;
+      };
+
+  # TODO: don't use latest dynamodb (but pin version)
+
+  test = pkgs.runCommand "tests"
+    { buildInputs =
+        [ pkgs.jre
+          pkgs.netcat
+          pkgs.awscli
+          pkgs.haskellPackages.wai-app-static
+        ];
+    }
   ''
 
-      java -Djava.library.path=${dynamoJar}/DynamoDBLocal_lib -jar ${dynamoJar}/DynamoDBLocal.jar -sharedDb -port 8000 &
+      # Set up DynamoDB
+      java \
+        -Djava.library.path=${dynamoJar}/DynamoDBLocal_lib \
+        -jar ${dynamoJar}/DynamoDBLocal.jar \
+        -sharedDb -port 8000 &
 
       while ! nc -z 127.0.0.1 8000; do
         echo waiting for DynamoDB
         sleep 1
       done
+
       export AWS_DEFAULT_REGION=us-east-1
       export AWS_ACCESS_KEY_ID=dummy
       export AWS_SECRET_ACCESS_KEY=dummy
 
+      aws dynamodb create-table \
+        --table-name Users \
+        --attribute-definitions \
+            AttributeName=UserId,AttributeType=S \
+        --key-schema AttributeName=UserId,KeyType=HASH \
+        --endpoint-url http://127.0.0.1:8000 \
+        --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
+        > /dev/null
+
       aws dynamodb create-table \
         --table-name Decks \
         --attribute-definitions \
             AttributeName=DeckId,AttributeType=S \
         --key-schema AttributeName=DeckId,KeyType=HASH \
         --endpoint-url http://127.0.0.1:8000 \
-        --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1
+        --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
+        > /dev/null
 
       aws dynamodb create-table \
         --table-name Slides \
         --attribute-definitions \
             AttributeName=SlideId,AttributeType=S \
         --key-schema AttributeName=SlideId,KeyType=HASH \
         --endpoint-url http://127.0.0.1:8000 \
-        --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1
+        --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
+        > /dev/null
 
+      # Start server with fs redirect for getProtocolByName
       NIX_REDIRECTS=/etc/protocols=${pkgs.iana-etc}/etc/protocols \
         LD_PRELOAD="${pkgs.libredirect}/lib/libredirect.so" \
         ${handler}/bin/server &
 
       while ! nc -z 127.0.0.1 8080; do
+        echo waiting for server
+        sleep 1
+      done
+
+      # Set up mock server for Google public keys
+      cp ${pkgs.writeText "google-x509" (builtins.toJSON googleResp)} cert
+      warp -d ${apiDir} -p 8081 &
+      while ! nc -z 127.0.0.1 8081; do
         echo waiting for warp
         sleep 1
       done
 
       echo "Running tests"
-      ${handler}/bin/test
+      ${handler}/bin/test ${./token}
 
       touch $out
   '';

infra/dynamo.tf

@@ -1,4 +1,16 @@
-resource "aws_dynamodb_table" "deckdeckgo-test-dynamodb-table" {
+resource "aws_dynamodb_table" "deckdeckgo-test-dynamodb-table-users" {
+  name           = "Users"
+  billing_mode   = "PAY_PER_REQUEST"
+  hash_key       = "UserId"
+
+  attribute {
+    name = "UserId"
+    type = "S"
+  }
+
+}
+
+resource "aws_dynamodb_table" "deckdeckgo-test-dynamodb-table-decks" {
   name           = "Decks"
   billing_mode   = "PAY_PER_REQUEST"
   hash_key       = "DeckId"

infra/firebase-login/default.nix

@@ -0,0 +1,5 @@
+# TODO: port tests
+# TODO: fix sources
+# TODO: drop nix/packages
+with { pkgs = import ./nix {}; };
+pkgs.callPackage ./nix/packages.nix {}

infra/firebase-login/nix/default.nix

@@ -0,0 +1,17 @@
+{ sources ? import ./sources.nix }:
+with
+  { overlay = _: pkgs: rec
+      { inherit (import sources.niv {}) niv;
+        haskellPackages = pkgs.haskellPackages.override
+          { overrides = _: super:
+              { jose = super.callCabal2nix "jose" sources.hs-jose {}; };
+          };
+
+        packages = import ./packages.nix
+          { inherit (pkgs) haskell lib ;
+            inherit haskellPackages;
+          };
+      };
+  };
+import sources.nixpkgs
+  { overlays = [ overlay ] ; config = {}; }

infra/firebase-login/nix/packages.nix

@@ -0,0 +1,19 @@
+{ haskell
+, haskellPackages
+, lib
+, runCommand
+, writeText
+, zip
+}:
+rec
+{ firebase-login-sdist = haskell.lib.sdistTarball firebase-login;
+  firebase-login = haskellPackages.callCabal2nix "firebase-login" firebase-login-source {};
+  firebase-login-source = lib.sourceByRegex ../.
+    [ "^package.yaml$"
+      "^src.*"
+      "^examples.*"
+      "^README.md$"
+      "^LICENSE$"
+    ];
+  firebase-login-version-file = writeText "version" firebase-login.version;
+}

infra/firebase-login/nix/sources.json

@@ -0,0 +1,37 @@
+{
+    "nixpkgs": {
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/395a543f3605ea7c17797ad33fda0c251b802978.tar.gz",
+        "owner": "NixOS",
+        "branch": "nixos-18.09",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
+        "repo": "nixpkgs-channels",
+        "type": "tarball",
+        "sha256": "0az7333nr9fax6885kj7s61c0hs6wblj7a2y78k4pq0jnhjxqzzg",
+        "description": "Nixpkgs/NixOS branches that track the Nixpkgs/NixOS channels",
+        "rev": "395a543f3605ea7c17797ad33fda0c251b802978"
+    },
+    "hs-jose": {
+        "homepage": "http://hackage.haskell.org/package/jose",
+        "url": "https://github.com/frasertweedale/hs-jose/archive/71274bf64c0600c1d877152173a08a5bff7adf4d.tar.gz",
+        "owner": "frasertweedale",
+        "branch": "master",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
+        "repo": "hs-jose",
+        "type": "tarball",
+        "sha256": "0ah189vika1s0jk8f17mn77gilkw24vbs6xlggxw1qj926i6c4pk",
+        "description": "Haskell JOSE and JWT library",
+        "rev": "71274bf64c0600c1d877152173a08a5bff7adf4d"
+    },
+    "niv": {
+        "homepage": "https://github.com/nmattia/niv",
+        "url": "https://github.com/nmattia/niv/archive/f57c85d05e6c2dd359f901d936f896e4f117d3e6.tar.gz",
+        "owner": "nmattia",
+        "branch": "master",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
+        "repo": "niv",
+        "type": "tarball",
+        "sha256": "0fbmbc73qgd4f07pag18zkdh65wxv406jm3rdrrfkk85l1inscg3",
+        "description": "Easy dependency management for Nix projects",
+        "rev": "f57c85d05e6c2dd359f901d936f896e4f117d3e6"
+    }
+}

infra/firebase-login/nix/sources.nix

@@ -0,0 +1,29 @@
+# A record, from name to path, of the third-party packages
+with
+{
+  sources = builtins.fromJSON (builtins.readFile ./sources.json);
+
+  # fetchTarball version that is compatible between all the sources of Nix
+  fetchTarball =
+    { url, sha256 }:
+      if builtins.lessThan builtins.nixVersion "1.12" then
+        builtins.fetchTarball { inherit url; }
+      else
+        builtins.fetchTarball { inherit url sha256; };
+  mapAttrs = builtins.mapAttrs or
+    (f: set: with builtins;
+      listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
+};
+
+# NOTE: spec must _not_ have an "outPath" attribute
+mapAttrs (_: spec:
+  if builtins.hasAttr "outPath" spec
+  then abort
+    "The values in sources.json should not have an 'outPath' attribute"
+  else
+    if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
+    then
+      spec //
+    { outPath = fetchTarball { inherit (spec) url sha256; } ; }
+    else spec
+  ) sources

infra/firebase-login/package.yaml

@@ -0,0 +1,32 @@
+name: firebase-login
+maintainer: Nicolas Mattia <nicolas@nmattia.com>
+copyright: (c) 2019 David Dal Busco and Nicolas Mattia
+license: MIT
+
+dependencies:
+    - aeson
+    - base
+    - bytestring
+    - http-client
+    - http-client-tls
+    - http-conduit
+    - jose >= 0.8.0.0 # For fromX509Certificate
+    - lens
+    - mtl
+    - network-uri
+    - pem
+    - servant
+    - servant-client-core
+    - servant-server
+    - servant-swagger
+    - text
+    - unordered-containers
+    - wai
+    - word8
+    - x509
+
+ghc-options:
+    - -Wall
+
+library:
+    source-dirs: src

infra/firebase-login/script/test

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+# vim: filetype=sh
+
+nix-build --no-link

infra/firebase-login/script/update

@@ -0,0 +1,6 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -I nixpkgs=./nix
+#!nix-shell -i bash -p niv nix --pure
+# vim: filetype=sh
+
+niv update

infra/firebase-login/script/upload

@@ -0,0 +1,13 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -I nixpkgs=./nix
+#!nix-shell -i bash -p cabal-install -p nix -p curl --pure
+# vim: filetype=sh
+
+set -euo pipefail
+
+sdistVersion=$(cat $(nix-build -A firebase-login-version-file))
+sdistTarball=$(nix-build -A firebase-login-sdist)/firebase-login-$sdistVersion.tar.gz
+
+echo "Tarball: $sdistTarball"
+
+cabal upload "$@" $sdistTarball

infra/firebase-login/shell.nix

@@ -0,0 +1,5 @@
+with { pkgs = import ./nix {}; };
+pkgs.haskellPackages.developPackage
+  { root = ./.;
+    modifier = drv: drv // { buildInputs = drv.buildInputs ++ [ pkgs.cabal-install ]; } ;
+  }