Merge pull request #19 from m-ld/socket-io-bearer-auth

Bearer authentication for socket.io
m-ld · Nov 21, 2023 · 51b5e69 · 51b5e69
2 parents 48a6b99 + ed0eec9
commit 51b5e69
Show file tree

Hide file tree

Showing 41 changed files with 872 additions and 284 deletions.
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -5,9 +5,9 @@ name: Node.js CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "edge" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "edge" ]
 
 jobs:
   build:

diff --git a/architecture/api/admin/admin.use-case.puml b/architecture/api/admin/admin.use-case.puml
@@ -7,22 +7,32 @@ left to right direction
 user <|-- root : is a
 
 package "User End-Point" {
-  user --> (change details) : self
-  note right: PATCH /user/:user {emails, keyids}
-  note bottom of "change details": including revoke key
-  (get activation) #lightgreen
-  user --> (get activation)
-  note right of "get activation": sends code by email
-  note right of "get activation": POST /user/:user/activation {email}
-  (get user key) #lightgreen
-  user --> (get user key) : self; can use\nactivation
-  note top of "get user key": must use activation\nfor self-service create
-  note right of "get user key": create user account\nif not exists
-  note right of "get user key": POST /user/:user/key
-  root --> (get user key) : any user
-  user --> (delete user) : self
-  root --> (delete user) : any user
-  note right: DEL /user/:user
+  usecase changeDetails as "=== change details
+  PATCH /user/:user {emails, keyids}"
+  user --> (changeDetails) : self
+  note right: including revoke key
+
+  usecase getActivation #lightgreen as "=== get activation
+  POST /user/:user/activation {email}"
+  user --> (getActivation)
+  note right: sends code by email
+
+  usecase mintUserKey #lightgreen as "=== mint user key
+  POST /user/:user/key"
+  user --> mintUserKey : self; can use\nactivation
+  note right of mintUserKey: must use activation\nfor self-service create
+  note right of mintUserKey: create user account\nif not exists
+  root --> mintUserKey : any user
+
+  usecase deleteUser as "=== delete user
+  DEL /user/:user"
+  user --> deleteUser : self
+  root --> deleteUser : any user
+
+  usecase getPublicKey as "=== get public key
+  GET /user/:user/publicKey/:keyid"
+  user --> getPublicKey : self
+  root --> getPublicKey : any user
 }
 
 @enduml
diff --git a/architecture/api/admin/img/admin.use-case.svg b/architecture/api/admin/img/admin.use-case.svg
diff --git a/architecture/api/domain/account-domain.seq.puml b/architecture/api/domain/account-domain.seq.puml
@@ -5,16 +5,20 @@ hide footbox
 title App with Gateway account
 
 participant "App\nClient" as client
+participant "Identity Provider" as idp
 participant "App Service\nor lambda" as service
 
-service -> Gateway: PUT /domain/<<account>>/<<name>> ""{authKey}""
+client <--> idp: Authenticate user (or anon)
+client -> service ++ : get config for subdomain {userId}
+service -> Gateway ++: PUT /domain/<<account>>/<<name>>\n{authKey, userId}
+Gateway -> Gateway: Create user JWT,\nsign with authKey
 return config for new clones
 note left
 <code>
 {
   @domain:"<<name>>.<<account>>.<<hostname>>",
   genesis:true,
-  io
+  io: { auth: { jwt } }
 }
 </code>
 end note
@@ -23,9 +27,7 @@ if backup clone
 or domain exists,
 genesis is false
 end note
-client <--> service: Authenticate user (or anon)
-service -> service: Create client JWT,\nsign with authKey
-service -> client: ""{config, jwt}""
+return config
 client -> client ++: Create clone
 client <--> Gateway: socket.io remotes ""{jwt}""
 

diff --git a/architecture/api/domain/img/account-domain.seq.svg b/architecture/api/domain/img/account-domain.seq.svg
diff --git a/architecture/api/domain/img/public.seq.svg b/architecture/api/domain/img/public.seq.svg
diff --git a/architecture/api/domain/public.seq.puml b/architecture/api/domain/public.seq.puml
@@ -4,7 +4,7 @@ hide footbox
 
 title App with anonymous users using Gateway public messaging
 
-anon -> Gateway: POST /domain/public ☆
+anon -> Gateway: POST /domain/public
 return config for new clones
 note left
 <code>
@@ -15,7 +15,7 @@ note left
 }
 </code>
 end note
-note right: no backup clone created ☆
+note right: no backup clone created
 anon -> anon ++: Create genesis clone
 <-- anon: Tell other app instances
 anon <--> Gateway: socket.io remotes (rate limited)

diff --git a/architecture/gateway design.mm b/architecture/gateway design.mm
@@ -320,7 +320,7 @@
 </node>
 </node>
 <node TEXT="deployment" ID="ID_1093246398" CREATED="1669713904042" MODIFIED="1669713906788">
-<node TEXT="native" ID="ID_1357853973" CREATED="1669917664941" MODIFIED="1669917682875">
+<node TEXT="native" ID="ID_1357853973" CREATED="1669917664941" MODIFIED="1696846339222">
 <icon BUILTIN="bookmark"/>
 <arrowlink SHAPE="CUBIC_CURVE" COLOR="#000000" WIDTH="1" TRANSPARENCY="200" FONT_SIZE="9" FONT_FAMILY="SansSerif" DESTINATION="ID_435682791" STARTINCLINATION="672;0;" ENDINCLINATION="672;0;" STARTARROW="NONE" ENDARROW="NONE"/>
 </node>

diff --git a/doc/_includes/http/named-subdomains/put-with-signer.http b/doc/_includes/http/named-subdomains/put-with-signer.http
@@ -0,0 +1,12 @@
+PUT {{origin}}/api/v1/domain/{{account}}/{{subdomain}}
+Accept: application/json
+Authorization: Basic {{digest}}
+Content-Type: application/json
+
+{
+  "useSignatures": true,
+  "user": {
+    "@id": "≪user URI≫",
+    "key": { "keyid": "≪keyid≫", "public": "≪base64(DER encoded RSA public key)≫" }
+  }
+}
diff --git a/doc/_includes/sidebar.liquid b/doc/_includes/sidebar.liquid
@@ -25,6 +25,7 @@
   </p>
   <ul class="menu-list">
     <li><a href="self-host">Self-Hosting</a></li>
+    <li><a href="signed-updates">Signatures</a></li>
     <li>
       <a href="https://github.com/m-ld/m-ld-gateway/tree/v{{ '{{ version }}' }}/architecture">Architecture</a>
     </li>