Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth overhaul #79

Merged
merged 46 commits into from
Jun 25, 2023
Merged

Auth overhaul #79

merged 46 commits into from
Jun 25, 2023

Conversation

shanedg
Copy link
Owner

@shanedg shanedg commented Jan 9, 2023

No description provided.

shanedg
shanedg commented Jan 9, 2023
View reviewed changes
discord/lib/views/login.html Outdated Show resolved Hide resolved
@shanedg shanedg force-pushed the auth-overhaul branch 2 times, most recently from 5976f70 to e904770 Compare February 20, 2023 10:27
@shanedg
feat(discord): overhaul authentication handling
a2c8625 
Establish explicit paths for intercepting the authorization code,
rendering the login page, and rendering the authenticated application.
Replace authenticated html template with @trshcmpctr/client build.
Replace hard-coded localhost addresses with a required redirect_uri
configuration option.
Add a helper for creating redirect handlers.

Rename getNewTokenWithDependencies to createAuthorizationCodeGrantHandler.
createAuthorizationCodeGrantHandler now:
- no longer renders any html
- only responsible for authenticating from authorization code
- no longer fetches user and guild data
- no longer injects user data or new session flag

Rename getRenderLoginWithData to createLoginRenderHandler.
createLoginRenderHandler no longer checks for code query param because this
is now exclusively handled by getHandleAuthentication.

Rename getReuseSessionTokenWithDependencies
to createAuthenticatedRenderHandler.
createAuthenticatedRenderHandler now:
- renders html from @trshcmpctr/client build
- no longer fetches user and guild data
- no longer injects user data or new session flag
@shanedg
feat(discord): add endpoint for guild membership
fcd0359 
Discord auth ensures we have the user's identity but we require them to
be a member of a particular guild to be authorized to see any data or
take any actions.
Removes previous guild membership check based on separate user and guild
API requests.
Removes now-unused request batching and guild filtering utils.
Removes now-unused 'identity' scope.
@shanedg
refactor(discord): rename index to server
ad3cf30
@shanedg
docs(discord): add critical fixme reminder
aae0b31
@shanedg
docs(discord): update code grant flow description
ec92909
@shanedg
docs(discord): improve fetch helper description
3de1817
@shanedg
fix(discord): keep access token server-side
02a03a0 
Replace cookie-session with express-session backed by filesystem store
@shanedg
feat(discord): improve guild membership helper
f7c2c67 
Return guild membership handler from a higher order function to allow
for more convenient testing.
Catch possible rejections from fetching the discord api.
Add tests.
@shanedg
test(discord): add authenticated api handler tests
650436e
@shanedg
style(discord): add space around operator
8fe103c
@shanedg
fix(discord): improve code grant error handling
b393030 
Catch possible rejections from posting the discord token endpoint
@shanedg
test(discord): avoid asserting log methods called
bd377d4 
Avoid test file before hook for only one test
@shanedg
chore: sort example config keys
2eb154b
@shanedg
feat(discord): log session if missing auth
a7c8304
@shanedg
feat(discord): rethrow caught error as cause
01e9351
@shanedg
feat: complete clickjack defense
04381c1
@shanedg
feat(discord): client error retry interaction
392dea4
@shanedg
docs(discord): update returned handler descriptions
389a904
@shanedg
fix(discord): pass errors to middleware for handling
20f4458 
Express does not catch *any* handler errors automatically
@shanedg
style(discord): space between test setup, execution, assertions
6456d29
@shanedg
docs(discord): improve jsdoc comments
a28f162
@shanedg
feat(discord): prefer to return response#sendStatus
2654aee 
Better than calling and returning on the next line
@shanedg
fix(discord): remove unused utils index
b9f386d 
Prefer to avoid reexporting modules via directory index files.
It adds unnecessary noise to fuzzy file search and creates toil when
renaming exported modules.
@shanedg
feat(discord): extract redirect handler to own module
b4064ac
@shanedg
feat(discord): handle application errors after headers sent
0756452
@shanedg
feat(discord): prefer prototype.bind for partial application in app
3384732 
Prefer to avoid reexporting modules from directory index,
adds noise to fuzzy file search and toil renaming exports
@shanedg
build(discord): increase log level
b6f5cbc
@shanedg
build(discord): start server with production flag
f21221d
@shanedg
feat(discord): break handlers into separate routers
2a2bdba
@shanedg
feat(discord): rewrite login handler as a class
aefefa8
@shanedg
feat(discord): initialize login handler middleware automatically
1735216
@shanedg
feat(discord): rewrite client app handler as a class
2a3a5da
@shanedg
feat(discord): rewrite api handler as a class
abc76ef
@shanedg
feat(discord): assemble login link server side
4e94637
@shanedg
fix(discord): retrieve arguments from instance configuration
bb84dcc
@shanedg
feat(discord): prefer versioned discord endpoint
07bc620
@shanedg shanedg force-pushed the auth-overhaul branch 2 times, most recently from b7ee4fe to 4cafd24 Compare June 25, 2023 17:34
@shanedg shanedg marked this pull request as ready for review June 25, 2023 17:46
@shanedg shanedg merged commit f968b4b into main Jun 25, 2023
1 check passed
@shanedg shanedg deleted the auth-overhaul branch June 25, 2023 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@shanedg