Fix: updates to accounts-ghe (fixes #201 , #200 )

- Make accounts-ghe a local package - don't send auth token to github as part of params - don't require GITHUB_API and GITHUB_URL for ghe logins - sanitize GHE url input on the initial razeedash configuration screen
razee-io · Jun 12, 2020 · 27b5d01 · 27b5d01
1 parent af9234c
commit 27b5d01
Show file tree

Hide file tree

Showing 10 changed files with 47 additions and 60 deletions.
diff --git a/.meteor/versions b/.meteor/versions
@@ -1,7 +1,7 @@
 accounts-base@1.6.0
 accounts-github@1.4.3
 accounts-oauth@1.2.0
-accounts-password@1.6.0
+accounts-password@1.6.1
 accounts-ui@1.3.1
 accounts-ui-unstyled@1.4.2
 ahref:flow-router-breadcrumb@1.1.0
@@ -51,7 +51,7 @@ hot-code-push@1.0.4
 html-tools@1.0.11
 htmljs@1.0.11
 http@1.4.2
-ibmcloud:accounts-ghe@2.0.5
+ibmcloud:accounts-ghe@3.0.0
 id-map@1.1.0
 inter-process-messaging@0.1.1
 johanbrook:publication-collector@1.1.0
@@ -69,7 +69,7 @@ meteor-base@1.4.0
 meteortesting:browser-tests@1.0.0
 meteortesting:mocha@1.1.3
 meteortesting:mocha-core@5.2.0_3
-minifier-css@1.5.0
+minifier-css@1.5.1
 minifier-js@2.6.0
 minimongo@1.6.0
 mobile-experience@1.1.0

diff --git a/README.md b/README.md
@@ -24,8 +24,6 @@ When deploying RazeeDash these variables can be set by adding them to the `razee
 | MONGO_URL        | Required | -                        | URL to your mongo instance |
 | MONGO_OPTIONS    | Optional | -                        | Set additional mongo connection string options |
 | OAUTH_SECRET_KEY | Optional | -                        | GitHub OAuth Secret Key |
-| GITHUB_URL       | Optional | <https://github.com/>     | Required when using GitHub Enterprise authentication |
-| GITHUB_API       | Optional | <https://api.github.com/> | Required when using GitHub Enterprise authentication |
 | BITBUCKET_URL    | Optional | <https://bitbucket.org/>     | Required when using Bitbucket Enterprise authentication |
 | BITBUCKET_API    | Optional | <https://api.bitbucket.org/2.0/> | Required when using Bitbucket Enterprise authentication |
 | BUILD_ID         | Optional | Travis build ID          | Travis Build ID |
@@ -52,18 +50,6 @@ Example registration for running locally.
 | Homepage URL | <http://localhost:3000> |
 | User authorization callback URL | <http://localhost:3000/_oauth/github> |
 
-### Using GitHub Enterprise for authentication
-
-- Add `github_url` and `github_api` to the `razeedash-config` ConfigMap.  For example:
-
-    ```yaml
-    apiVersion: v1
-    kind: ConfigMap
-    data:
-        github_url: https://github.your_company.com/
-        github_api: https://github.your_company.com/api/v3/
-    ```
-
 ### Using Bitbucket Enterprise authentication
 
 Add `bitbucket_url` and `bitbucket_api` to the `razeedash-config` ConfigMap. For example:

diff --git a/imports/api/lib/ghe.js b/imports/api/lib/ghe.js
@@ -19,13 +19,20 @@ import { OAuth } from 'meteor/oauth';
 import { HTTP } from 'meteor/http';
 import log from './log.js';
 import _ from 'lodash';
-import { loginType } from './login.js';
+import { ServiceConfiguration } from 'meteor/service-configuration';
+import { loginType, sanitizeUrl } from './login.js';
 
 function listOrgs(loggedInUserObj){
-    const url = `${Meteor.settings.public.GITHUB_API}user/memberships/orgs?state=active&per_page=100`;
     const serviceName = loginType();
+    let gitUrl = 'https://api.github.com';
+    if(serviceName === 'ghe') {
+        let {gheURL} = ServiceConfiguration.configurations.findOne({ service: 'ghe' }, {fields: {gheURL: 1}});
+        gitUrl = sanitizeUrl(gheURL) + '/api/v3';
+    } 
+
+    const url = `${gitUrl}/user/memberships/orgs?state=active&per_page=100`;
     const token = OAuth.openSecret( loggedInUserObj.services[serviceName].accessToken, loggedInUserObj._id );
-    
+
     const options = {
         headers: {
             Authorization: `bearer ${token}`,

diff --git a/imports/api/lib/login.js b/imports/api/lib/login.js
@@ -27,6 +27,19 @@ AccountsTemplates.configure({
     },
 });
 
+const sanitizeUrl = (url) => {
+
+    const httpCheck = /^((http|https):\/\/)/;
+    if(!httpCheck.test(url)) {
+        url = `https://${url}`;
+    }
+
+    const trailingSlash = /\/*$/gi;
+    const newUrl = url.replace(trailingSlash, '');
+
+    return newUrl;
+};
+
 // A user can logon via github, github enterprise, bitbucket or they can create a local id/password stored in mongo
 // `localUser` is used throughout our code so that we can skip calls to the github api for local users
 function localUser() {
@@ -47,4 +60,4 @@ function getServiceConfiguration() {
     return config ? config.service : undefined;
 }
 
-export { localUser, loginType, getServiceConfiguration };
+export { localUser, loginType, getServiceConfiguration, sanitizeUrl };
diff --git a/imports/startup/client/index.js b/imports/startup/client/index.js
@@ -32,7 +32,8 @@ import { Orgs } from '/imports/api/org/orgs';
 import { Clusters } from '/imports/api/cluster/clusters/clusters';
 import { Session } from 'meteor/session';
 import { Accounts } from 'meteor/accounts-base';
-import { localUser, loginType, getServiceConfiguration } from '/imports/api/lib/login.js';
+import { localUser, loginType, getServiceConfiguration, sanitizeUrl } from '/imports/api/lib/login.js';
+import { ServiceConfiguration } from 'meteor/service-configuration';
 
 Accounts.ui.config( { requestPermissions: { 
     github: ['read:user', 'read:org'],
@@ -145,19 +146,16 @@ Template.registerHelper('meteorSetting', (name)=>{
     return _.get(Meteor.settings.public, name, null);
 });
 
-Template.registerHelper('githubUrl', ()=>{
-    return Meteor.settings.public.GITHUB_URL;
-});
-Template.registerHelper('bitbucketUrl', ()=>{
-    return Meteor.settings.public.BITBUCKET_URL;
-});
 Template.registerHelper('scmUrl', ()=>{
     const service = getServiceConfiguration();
     let scmLink = '';
     if(service === 'bitbucket') {
         scmLink = Meteor.settings.public.BITBUCKET_URL;
+    } else if(service === 'ghe') {
+        let {gheURL} = ServiceConfiguration.configurations.findOne({ service: 'ghe' }, {fields: {gheURL: 1}});
+        scmLink = sanitizeUrl(gheURL);
     } else {
-        scmLink = Meteor.settings.public.GITHUB_URL;
+        scmLink = 'https://github.com/';
     }
     return scmLink.endsWith('/') ? scmLink : scmLink + '/';
 });
@@ -292,12 +290,6 @@ Template.registerHelper('outputDisabledFlipped', (disabled) => {
     return (disabled ? '' : 'disabled');
 });
 
-Template.registerHelper('commitHref', (commitId, deployment=null)=>{
-    const githubOrgName = Session.get('currentOrgName');
-    const githubProjName = deployment.searchableData.name;
-    return `${Meteor.settings.public.GITHUB_URL}${githubOrgName}/${githubProjName}/commit/${commitId}`;
-});
-
 Template.registerHelper('valuesJoined', (values) => {
     if (values.length == 1) {
         return `"${values[0]}"`;

diff --git a/imports/startup/server/index.js b/imports/startup/server/index.js
@@ -52,8 +52,6 @@ const migrateUnencryptedUsers = () => {
 
 Meteor.startup(()=>{
     // envs copied over to client
-    Meteor.settings.public.GITHUB_URL = process.env.GITHUB_URL || 'https://github.com/';
-    Meteor.settings.public.GITHUB_API = process.env.GITHUB_API || 'https://api.github.com/';
     Meteor.settings.public.BITBUCKET_URL = process.env.BITBUCKET_URL || 'https://bitbucket.org/';
     Meteor.settings.public.BITBUCKET_API = process.env.BITBUCKET_API || 'https://api.bitbucket.org/2.0/';
     Meteor.settings.public.RAZEE_GITHUB_URL = 'https://github.com/razee-io/razeedash';
@@ -65,7 +63,7 @@ Meteor.startup(()=>{
     };
     versionInfo.str = `${versionInfo.buildId}_${versionInfo.lastCommitId}`;
     Meteor.settings.public.version = versionInfo;
-    
+
     if ( process.env.OAUTH_SECRET_KEY ) {
         migrateUnencryptedUsers();
     }

diff --git a/imports/ui/pages/razeeWelcome/index.js b/imports/ui/pages/razeeWelcome/index.js
@@ -94,6 +94,9 @@ Template.SelectOrg.events({
 Template.SelectOrg_git.helpers({
     scmIcon() {
         return loginType() === 'bitbucket' ? 'fa-bitbucket' : 'fa-github';
+    },
+    orgName() {
+        return Template.currentData().org.name;
     }
 });
 

diff --git a/imports/ui/pages/razeeWelcome/page.html b/imports/ui/pages/razeeWelcome/page.html
@@ -187,5 +187,5 @@ <h5 class="modal-title">Remove "{{orgName}}"</h5>
 
 
 <template name="SelectOrg_git">
-    <a href="{{scmUrl}}{{org.name}}" class="ml-2 btn btn-sm btn-light fa {{scmIcon}} rounded-0 git-img action-button" alt="{{org.name}} link"></a>
+    <a href="{{scmUrl}}{{orgName}}" class="ml-2 btn btn-sm btn-light fa {{scmIcon}} rounded-0 git-img action-button" alt="{{orgName}} link"></a>
 </template>
diff --git a/kubernetes/razeedash/resource.yaml b/kubernetes/razeedash/resource.yaml
@@ -55,18 +55,6 @@ items:
                   name: razeedash-secret
                   key: oauth_secret_key
                   optional: true
-            - name: GITHUB_URL
-              valueFrom:
-                configMapKeyRef:
-                  name: razeedash-config
-                  key: github_url
-                  optional: true
-            - name: GITHUB_API
-              valueFrom:
-                configMapKeyRef:
-                  name: razeedash-config
-                  key: github_api
-                  optional: true
             - name: BITBUCKET_URL
               valueFrom:
                 configMapKeyRef:

diff --git a/package-lock.json b/package-lock.json