Merge branch 'main' into feat/oidc

reearth · Apr 4, 2022 · 0effecf · 0effecf
2 parents c3a33e3 + 3cbb456
commit 0effecf
Show file tree

Hide file tree

Showing 12 changed files with 146 additions and 101 deletions.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,50 @@
+# General
+PORT=8080
+REEARTH_DB=mongodb://localhost
+REEARTH_DEV=false
+
+# GCP
+GOOGLE_CLOUD_PROJECT=
+GCS_BUCKETNAME=
+GCS_PUBLICATIONCACHECONTROL=
+
+# Local Auth serv
+REEARTH_AUTH0_DOMAIN=https://example.auth0.com
+REEARTH_AUTH0_AUDIENCE=https://api.reearth.example.com
+REEARTH_AUTH0_CLIENTID=
+REEARTH_AUTH0_CLIENTSECRET=
+REEARTH_AUTH0_WEBCLIENTID=
+
+# Auth client
+#REEARTH_AUTH_ISS=https://hoge.com
+#REEARTH_AUTH_AUD=https://api.reearth.example.com
+# If you want to use multiple auth servers
+#REEARTH_AUTH=[{"ISS":"https://hoge.com","AUD":["https://api.reearth.example.com"]}]
+
+# Auth server
+# If you want to restrict signups, set secret
+REEARTH_SIGNUP_SECRET=
+# If you want to run auth server on localhost, set to true
+REEARTH_AUTHSRV_DEV=true
+REEARTH_AUTHSRV_DISABLED=false
+REEARTH_AUTHSRV_UIDOMAIN=https://reearth.example.com
+REEARTH_AUTHSRV_DOMAIN=https://api.reearth.example.com
+# Any random long string (keep it secrit)
+REEARTH_AUTHSRV_KEY=abcdefghijklmnopqrstuvwxyz
+
+# Available mailers: [log, smtp, sendgrid]
+REEARTH_MAILER=log
+
+#SendGrid config
+#REEARTH_MAILER=sendgrid
+#REEARTH_SENDGRID_EMAIL=noreplay@test.com
+#REEARTH_SENDGRID_NAME=
+#REEARTH_SENDGRID_API=
+
+#SMTP config
+#REEARTH_MAILER=smtp
+#REEARTH_SMTP_EMAIL=noreplay@test.com
+#REEARTH_SMTP_HOST=smtp.sendgrid.net
+#REEARTH_SMTP_PORT=587
+#REEARTH_SMTP_SMTPUSERNAME=apikey
+#REEARTH_SMTP_PASSWORD=Your_SendGrid_Token
diff --git a/internal/app/auth_server.go b/internal/app/auth_server.go
@@ -6,6 +6,8 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/url"
+	"os"
+	"strconv"
 	"strings"
 
 	"github.com/caos/oidc/pkg/op"
@@ -97,6 +99,14 @@ func authEndPoints(ctx context.Context, e *echo.Echo, r *echo.Group, cfg *Server
 	// can be removed when the mentioned issue is solved
 	// https://github.com/auth0/auth0-spa-js/issues/845
 	r.GET("v2/logout", logout())
+
+	debugMsg := ""
+	if dev, ok := os.LookupEnv(op.OidcDevMode); ok {
+		if isDev, _ := strconv.ParseBool(dev); isDev {
+			debugMsg = " with debug mode"
+		}
+	}
+	log.Infof("auth: oidc server started%s at %s", debugMsg, domain.String())
 }
 
 func setURLVarsHandler() func(handler http.Handler) http.Handler {

diff --git a/internal/app/config.go b/internal/app/config.go
@@ -55,6 +55,7 @@ type Auth0Config struct {
 }
 
 type AuthSrvConfig struct {
+	Dev      bool
 	Disabled bool
 	Domain   string `default:"http://localhost:8080"`
 	UIDomain string `default:"http://localhost:8080"`
@@ -131,6 +132,8 @@ func ReadConfig(debug bool) (*Config, error) {
 
 	if debug {
 		c.Dev = true
+	}
+	if c.Dev || c.AuthSrv.Dev {
 		if _, ok := os.LookupEnv(op.OidcDevMode); !ok {
 			_ = os.Setenv(op.OidcDevMode, "1")
 		}
@@ -173,24 +176,28 @@ func (c Config) Auths() (res []AuthConfig) {
 	return append(res, c.Auth...)
 }
 
+func prepareUrl(url string) string {
+	if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
+		url = "https://" + url
+	}
+	url = strings.TrimSuffix(url, "/")
+	return url
+}
+
 func (c Auth0Config) AuthConfig() *AuthConfig {
-	domain := c.Domain
 	if c.Domain == "" {
 		return nil
 	}
-	if !strings.HasPrefix(domain, "https://") && !strings.HasPrefix(domain, "http://") {
-		domain = "https://" + domain
-	}
-	if !strings.HasSuffix(domain, "/") {
-		domain = domain + "/"
-	}
+	domain := prepareUrl(c.Domain)
+
 	aud := []string{}
 	if c.Audience != "" {
-		aud = append(aud, c.Audience)
+		aud = append(aud, prepareUrl(c.Audience))
 	}
 	return &AuthConfig{
-		ISS: domain,
-		AUD: aud,
+		ISS:      domain,
+		AUD:      aud,
+		ClientID: &c.ClientID,
 	}
 }
 

diff --git a/internal/app/config_test.go b/internal/app/config_test.go
@@ -7,11 +7,13 @@ import (
 )
 
 func TestAuth0Config_AuthConfig(t *testing.T) {
+	s := ""
 	assert.Equal(t, &AuthConfig{
-		ISS: "https://hoge.auth0.com/",
-		AUD: []string{"xxx"},
+		ISS:      "https://hoge.auth0.com",
+		AUD:      []string{"https://xxx"},
+		ClientID: &s,
 	}, Auth0Config{
-		Domain:   "hoge.auth0.com",
+		Domain:   "hoge.auth0.com/",
 		Audience: "xxx",
 	}.AuthConfig())
 	assert.Nil(t, Auth0Config{

diff --git a/internal/app/jwt.go b/internal/app/jwt.go
@@ -30,6 +30,7 @@ func NewMultiValidator(providers []AuthConfig) (MultiValidator, error) {
 	validators := make([]*validator.Validator, 0, len(providers))
 	for _, p := range providers {
 		issuerURL, err := url.Parse(p.ISS)
+		issuerURL.Path = "/"
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse the issuer url: %w", err)
 		}
@@ -51,7 +52,7 @@ func NewMultiValidator(providers []AuthConfig) (MultiValidator, error) {
 		v, err := validator.New(
 			provider.KeyFunc,
 			algorithm,
-			p.ISS,
+			issuerURL.String(),
 			p.AUD,
 		)
 		if err != nil {

diff --git a/internal/app/web.go b/internal/app/web.go
@@ -3,6 +3,7 @@ package app
 import (
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
@@ -21,7 +22,7 @@ func web(e *echo.Echo, wc WebConfig, a []AuthConfig) {
 	if len(a) > 0 {
 		ac := a[0]
 		if ac.ISS != "" {
-			config["auth0Domain"] = ac.ISS
+			config["auth0Domain"] = strings.TrimSuffix(ac.ISS, "/")
 		}
 		if ac.ClientID != nil {
 			config["auth0ClientId"] = *ac.ClientID

diff --git a/internal/infrastructure/mongo/auth_request.go b/internal/infrastructure/mongo/auth_request.go
@@ -29,18 +29,15 @@ func (r *authRequestRepo) init() {
 }
 
 func (r *authRequestRepo) FindByID(ctx context.Context, id2 id.AuthRequestID) (*auth.Request, error) {
-	filter := bson.D{{Key: "id", Value: id2.String()}}
-	return r.findOne(ctx, filter)
+	return r.findOne(ctx, bson.M{"id": id2.String()})
 }
 
 func (r *authRequestRepo) FindByCode(ctx context.Context, s string) (*auth.Request, error) {
-	filter := bson.D{{Key: "code", Value: s}}
-	return r.findOne(ctx, filter)
+	return r.findOne(ctx, bson.M{"code": s})
 }
 
 func (r *authRequestRepo) FindBySubject(ctx context.Context, s string) (*auth.Request, error) {
-	filter := bson.D{{Key: "subject", Value: s}}
-	return r.findOne(ctx, filter)
+	return r.findOne(ctx, bson.M{"subject": s})
 }
 
 func (r *authRequestRepo) Save(ctx context.Context, request *auth.Request) error {
@@ -49,10 +46,10 @@ func (r *authRequestRepo) Save(ctx context.Context, request *auth.Request) error
 }
 
 func (r *authRequestRepo) Remove(ctx context.Context, requestID id.AuthRequestID) error {
-	return r.client.RemoveOne(ctx, requestID.String())
+	return r.client.RemoveOne(ctx, bson.M{"id": requestID.String()})
 }
 
-func (r *authRequestRepo) findOne(ctx context.Context, filter bson.D) (*auth.Request, error) {
+func (r *authRequestRepo) findOne(ctx context.Context, filter interface{}) (*auth.Request, error) {
 	dst := make([]*auth.Request, 0, 1)
 	c := mongodoc.AuthRequestConsumer{
 		Rows: dst,

diff --git a/internal/infrastructure/mongo/property.go b/internal/infrastructure/mongo/property.go
@@ -161,10 +161,9 @@ func (r *propertyRepo) RemoveByScene(ctx context.Context, sceneID id.SceneID) er
 	if !r.f.CanWrite(sceneID) {
 		return nil
 	}
-	filter := bson.D{
-		{Key: "scene", Value: sceneID.String()},
-	}
-	_, err := r.client.Collection().DeleteMany(ctx, filter)
+	_, err := r.client.Collection().DeleteMany(ctx, bson.M{
+		"scene": sceneID.String(),
+	})
 	if err != nil {
 		return rerror.ErrInternalBy(err)
 	}

diff --git a/internal/infrastructure/mongo/scene.go b/internal/infrastructure/mongo/scene.go
@@ -45,24 +45,17 @@ func (r *sceneRepo) FindByID(ctx context.Context, id id.SceneID) (*scene.Scene,
 }
 
 func (r *sceneRepo) FindByIDs(ctx context.Context, ids []id.SceneID) (scene.List, error) {
-	filter := bson.M{
+	return r.find(ctx, make(scene.List, 0, len(ids)), bson.M{
 		"id": bson.M{
 			"$in": id.SceneIDsToStrings(ids),
 		},
-	}
-	dst := make(scene.List, 0, len(ids))
-	res, err := r.find(ctx, dst, filter)
-	if err != nil {
-		return nil, err
-	}
-	return filterScenes(ids, res), nil
+	})
 }
 
 func (r *sceneRepo) FindByProject(ctx context.Context, id id.ProjectID) (*scene.Scene, error) {
-	filter := bson.M{
+	return r.findOne(ctx, bson.M{
 		"project": id.String(),
-	}
-	return r.findOne(ctx, filter)
+	})
 }
 
 func (r *sceneRepo) FindByTeam(ctx context.Context, teams ...id.TeamID) (scene.List, error) {
@@ -111,10 +104,6 @@ func (r *sceneRepo) findOne(ctx context.Context, filter interface{}) (*scene.Sce
 	return c.Rows[0], nil
 }
 
-func filterScenes(ids []id.SceneID, rows scene.List) scene.List {
-	return rows.FilterByID(ids...)
-}
-
 func (r *sceneRepo) readFilter(filter interface{}) interface{} {
 	return applyTeamFilter(filter, r.f.Readable)
 }

diff --git a/internal/infrastructure/mongo/tag.go b/internal/infrastructure/mongo/tag.go
@@ -153,10 +153,9 @@ func (r *tagRepo) RemoveAll(ctx context.Context, ids []id.TagID) error {
 }
 
 func (r *tagRepo) RemoveByScene(ctx context.Context, sceneID id.SceneID) error {
-	filter := bson.D{
-		{Key: "scene", Value: sceneID.String()},
-	}
-	_, err := r.client.Collection().DeleteMany(ctx, filter)
+	_, err := r.client.Collection().DeleteMany(ctx, bson.M{
+		"scene": sceneID.String(),
+	})
 	if err != nil {
 		return rerror.ErrInternalBy(err)
 	}

diff --git a/internal/infrastructure/mongo/team.go b/internal/infrastructure/mongo/team.go
@@ -30,33 +30,26 @@ func (r *teamRepo) init() {
 }
 
 func (r *teamRepo) FindByUser(ctx context.Context, id id.UserID) (user.TeamList, error) {
-	filter := bson.D{
-		{Key: "members." + strings.Replace(id.String(), ".", "", -1), Value: bson.D{
-			{Key: "$exists", Value: true},
-		}},
-	}
-	return r.find(ctx, nil, filter)
+	return r.find(ctx, nil, bson.M{
+		"members." + strings.Replace(id.String(), ".", "", -1): bson.M{
+			"$exists": true,
+		},
+	})
 }
 
 func (r *teamRepo) FindByIDs(ctx context.Context, ids []id.TeamID) (user.TeamList, error) {
-	filter := bson.D{
-		{Key: "id", Value: bson.D{
-			{Key: "$in", Value: id.TeamIDsToStrings(ids)},
-		}},
-	}
 	dst := make([]*user.Team, 0, len(ids))
-	res, err := r.find(ctx, dst, filter)
+	res, err := r.find(ctx, dst, bson.M{
+		"id": bson.M{"$in": id.TeamIDsToStrings(ids)},
+	})
 	if err != nil {
 		return nil, err
 	}
 	return filterTeams(ids, res), nil
 }
 
 func (r *teamRepo) FindByID(ctx context.Context, id id.TeamID) (*user.Team, error) {
-	filter := bson.D{
-		{Key: "id", Value: id.String()},
-	}
-	return r.findOne(ctx, filter)
+	return r.findOne(ctx, bson.M{"id": id.String()})
 }
 
 func (r *teamRepo) Save(ctx context.Context, team *user.Team) error {
@@ -89,7 +82,7 @@ func (r *teamRepo) RemoveAll(ctx context.Context, ids []id.TeamID) error {
 	})
 }
 
-func (r *teamRepo) find(ctx context.Context, dst []*user.Team, filter bson.D) (user.TeamList, error) {
+func (r *teamRepo) find(ctx context.Context, dst []*user.Team, filter interface{}) (user.TeamList, error) {
 	c := mongodoc.TeamConsumer{
 		Rows: dst,
 	}
@@ -99,7 +92,7 @@ func (r *teamRepo) find(ctx context.Context, dst []*user.Team, filter bson.D) (u
 	return c.Rows, nil
 }
 
-func (r *teamRepo) findOne(ctx context.Context, filter bson.D) (*user.Team, error) {
+func (r *teamRepo) findOne(ctx context.Context, filter interface{}) (*user.Team, error) {
 	dst := make([]*user.Team, 0, 1)
 	c := mongodoc.TeamConsumer{
 		Rows: dst,