fix: auth to work with zero config (#131)

Co-authored-by: rot1024 <aayhrot@gmail.com>
reearth · Apr 4, 2022 · 3cbb456 · 3cbb456
1 parent 47be6ab
commit 3cbb456
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 15 deletions.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,50 @@
+# General
+PORT=8080
+REEARTH_DB=mongodb://localhost
+REEARTH_DEV=false
+
+# GCP
+GOOGLE_CLOUD_PROJECT=
+GCS_BUCKETNAME=
+GCS_PUBLICATIONCACHECONTROL=
+
+# Local Auth serv
+REEARTH_AUTH0_DOMAIN=https://example.auth0.com
+REEARTH_AUTH0_AUDIENCE=https://api.reearth.example.com
+REEARTH_AUTH0_CLIENTID=
+REEARTH_AUTH0_CLIENTSECRET=
+REEARTH_AUTH0_WEBCLIENTID=
+
+# Auth client
+#REEARTH_AUTH_ISS=https://hoge.com
+#REEARTH_AUTH_AUD=https://api.reearth.example.com
+# If you want to use multiple auth servers
+#REEARTH_AUTH=[{"ISS":"https://hoge.com","AUD":["https://api.reearth.example.com"]}]
+
+# Auth server
+# If you want to restrict signups, set secret
+REEARTH_SIGNUP_SECRET=
+# If you want to run auth server on localhost, set to true
+REEARTH_AUTHSRV_DEV=true
+REEARTH_AUTHSRV_DISABLED=false
+REEARTH_AUTHSRV_UIDOMAIN=https://reearth.example.com
+REEARTH_AUTHSRV_DOMAIN=https://api.reearth.example.com
+# Any random long string (keep it secrit)
+REEARTH_AUTHSRV_KEY=abcdefghijklmnopqrstuvwxyz
+
+# Available mailers: [log, smtp, sendgrid]
+REEARTH_MAILER=log
+
+#SendGrid config
+#REEARTH_MAILER=sendgrid
+#REEARTH_SENDGRID_EMAIL=noreplay@test.com
+#REEARTH_SENDGRID_NAME=
+#REEARTH_SENDGRID_API=
+
+#SMTP config
+#REEARTH_MAILER=smtp
+#REEARTH_SMTP_EMAIL=noreplay@test.com
+#REEARTH_SMTP_HOST=smtp.sendgrid.net
+#REEARTH_SMTP_PORT=587
+#REEARTH_SMTP_SMTPUSERNAME=apikey
+#REEARTH_SMTP_PASSWORD=Your_SendGrid_Token
diff --git a/internal/app/auth_server.go b/internal/app/auth_server.go
@@ -6,6 +6,8 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/url"
+	"os"
+	"strconv"
 	"strings"
 
 	"github.com/caos/oidc/pkg/op"
@@ -97,6 +99,14 @@ func authEndPoints(ctx context.Context, e *echo.Echo, r *echo.Group, cfg *Server
 	// can be removed when the mentioned issue is solved
 	// https://github.com/auth0/auth0-spa-js/issues/845
 	r.GET("v2/logout", logout())
+
+	debugMsg := ""
+	if dev, ok := os.LookupEnv(op.OidcDevMode); ok {
+		if isDev, _ := strconv.ParseBool(dev); isDev {
+			debugMsg = " with debug mode"
+		}
+	}
+	log.Infof("auth: oidc server started%s at %s", debugMsg, domain.String())
 }
 
 func setURLVarsHandler() func(handler http.Handler) http.Handler {

diff --git a/internal/app/config.go b/internal/app/config.go
@@ -55,6 +55,7 @@ type Auth0Config struct {
 }
 
 type AuthSrvConfig struct {
+	Dev      bool
 	Disabled bool
 	Domain   string `default:"http://localhost:8080"`
 	UIDomain string `default:"http://localhost:8080"`
@@ -131,6 +132,8 @@ func ReadConfig(debug bool) (*Config, error) {
 
 	if debug {
 		c.Dev = true
+	}
+	if c.Dev || c.AuthSrv.Dev {
 		if _, ok := os.LookupEnv(op.OidcDevMode); !ok {
 			_ = os.Setenv(op.OidcDevMode, "1")
 		}
@@ -173,24 +176,28 @@ func (c Config) Auths() (res []AuthConfig) {
 	return append(res, c.Auth...)
 }
 
+func prepareUrl(url string) string {
+	if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
+		url = "https://" + url
+	}
+	url = strings.TrimSuffix(url, "/")
+	return url
+}
+
 func (c Auth0Config) AuthConfig() *AuthConfig {
-	domain := c.Domain
 	if c.Domain == "" {
 		return nil
 	}
-	if !strings.HasPrefix(domain, "https://") && !strings.HasPrefix(domain, "http://") {
-		domain = "https://" + domain
-	}
-	if !strings.HasSuffix(domain, "/") {
-		domain = domain + "/"
-	}
+	domain := prepareUrl(c.Domain)
+
 	aud := []string{}
 	if c.Audience != "" {
-		aud = append(aud, c.Audience)
+		aud = append(aud, prepareUrl(c.Audience))
 	}
 	return &AuthConfig{
-		ISS: domain,
-		AUD: aud,
+		ISS:      domain,
+		AUD:      aud,
+		ClientID: &c.ClientID,
 	}
 }
 

diff --git a/internal/app/config_test.go b/internal/app/config_test.go
@@ -7,11 +7,13 @@ import (
 )
 
 func TestAuth0Config_AuthConfig(t *testing.T) {
+	s := ""
 	assert.Equal(t, &AuthConfig{
-		ISS: "https://hoge.auth0.com/",
-		AUD: []string{"xxx"},
+		ISS:      "https://hoge.auth0.com",
+		AUD:      []string{"https://xxx"},
+		ClientID: &s,
 	}, Auth0Config{
-		Domain:   "hoge.auth0.com",
+		Domain:   "hoge.auth0.com/",
 		Audience: "xxx",
 	}.AuthConfig())
 	assert.Nil(t, Auth0Config{

diff --git a/internal/app/jwt.go b/internal/app/jwt.go
@@ -28,6 +28,7 @@ func NewMultiValidator(providers []AuthConfig) (MultiValidator, error) {
 	validators := make([]*validator.Validator, 0, len(providers))
 	for _, p := range providers {
 		issuerURL, err := url.Parse(p.ISS)
+		issuerURL.Path = "/"
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse the issuer url: %w", err)
 		}
@@ -49,7 +50,7 @@ func NewMultiValidator(providers []AuthConfig) (MultiValidator, error) {
 		v, err := validator.New(
 			provider.KeyFunc,
 			algorithm,
-			p.ISS,
+			issuerURL.String(),
 			p.AUD,
 		)
 		if err != nil {

diff --git a/internal/app/web.go b/internal/app/web.go
@@ -3,6 +3,7 @@ package app
 import (
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
@@ -21,7 +22,7 @@ func web(e *echo.Echo, wc WebConfig, a []AuthConfig) {
 	if len(a) > 0 {
 		ac := a[0]
 		if ac.ISS != "" {
-			config["auth0Domain"] = ac.ISS
+			config["auth0Domain"] = strings.TrimSuffix(ac.ISS, "/")
 		}
 		if ac.ClientID != nil {
 			config["auth0ClientId"] = *ac.ClientID