From ef1c8d41d2c1028ff190a12b0108e594e8e1b1a6 Mon Sep 17 00:00:00 2001 From: xmlking Date: Wed, 14 Nov 2018 16:57:47 -0800 Subject: [PATCH] fix(api): fix auth config --- angular.json | 1 - apps/api-e2e/tsconfig.e2e.json | 2 +- apps/api/README.md | 27 ++----------------- apps/api/src/app.controller.spec.ts | 2 +- .../assets}/email-templates/welcome.pug | 0 apps/api/src/auth/passport/jwt.strategy.ts | 9 ++++--- apps/api/src/auth/passport/ws-jwt.strategy.ts | 9 ++++--- apps/api/src/email/email-core.module.ts | 2 +- apps/api/src/environments/environment.prod.ts | 10 +++---- apps/api/src/environments/environment.ts | 12 ++++----- apps/api/src/main.hmr.ts | 8 +++--- apps/api/src/main.ts | 8 +++--- package.json | 6 ++--- 13 files changed, 35 insertions(+), 61 deletions(-) rename apps/api/{ => src/assets}/email-templates/welcome.pug (100%) diff --git a/angular.json b/angular.json index 221ca70bf..950e97fb9 100644 --- a/angular.json +++ b/angular.json @@ -227,7 +227,6 @@ "root": "apps/api", "sourceRoot": "apps/api/src", "projectType": "application", - "prefix": "ngx", "schematics": {}, "architect": { "build": { diff --git a/apps/api-e2e/tsconfig.e2e.json b/apps/api-e2e/tsconfig.e2e.json index c64269225..e216f46c3 100644 --- a/apps/api-e2e/tsconfig.e2e.json +++ b/apps/api-e2e/tsconfig.e2e.json @@ -1,7 +1,7 @@ { "extends": "../../tsconfig.json", "compilerOptions": { - "outDir": "../../dist/out-tsc/apps/api-e2e", + "outDir": "../../dist/apps/api-e2e", "module": "commonjs", "target": "es6", "types": ["jest", "node"] diff --git a/apps/api/README.md b/apps/api/README.md index 9d9957cd7..b68f9f123 100755 --- a/apps/api/README.md +++ b/apps/api/README.md @@ -14,7 +14,6 @@ ORM | [TypeORM](http://typeorm.io/) | File Upload | [Multer](https://github.com/expressjs/multer) | Validation | [Class-Validator](https://github.com/typestack/class-validator)| Documentation | [Open API(Swagger)](https://swagger.io) | -Configuration | [Dotenv](https://github.com/motdotla/dotenv) | Authentication | [Passport.js](http://www.passportjs.org) | Testing | [Jest](https://github.com/facebook/jest) & [SuperTest](https://github.com/visionmedia/supertest)| Code Style | [Prettier](https://github.com/prettier/prettier) & [TS-Lint](https://palantir.github.io/tslint/)| @@ -40,9 +39,6 @@ docker ps -a docker rm 82be5234c94a ``` -> make sure to delete **dist/apps/api** before running any of the following commands. -> other wish old .js **entity** classes my conflict and cause unexpected bugs. - #### Run Dev Mode ```bash # start in watch mode @@ -50,40 +46,21 @@ ng serve api # to turn on logging for `request` NODE_DEBUG=request ng serve api DEBUG=typeorm:* ng serve api - -# start -npm run api:start -# if you want run with `development` config -NODE_ENV=development npm run api:start ``` -#### Run HMR Mode -> run both commands in two terminals -```bash -# incremental rebuild (webpack) -npm run api:webpack -# incremental load (HMR) -npm run api:start:hmr -``` - #### Run Prod Mode > run both commands ```bash # build first -npm run api:prestart:prod +ng build api --prod # then run npm run api:start:prod -# if you want run with `production` config -NODE_ENV=production npm run api:start:prod ``` ### Build > build for production env ```bash -# with TSC (recommended) -NODE_ENV=production npm run api:prestart:prod -# with webpack -npm run api:webpack -- -p +npm run api:build ``` ### Generate diff --git a/apps/api/src/app.controller.spec.ts b/apps/api/src/app.controller.spec.ts index efe7957f3..f5ae0effa 100644 --- a/apps/api/src/app.controller.spec.ts +++ b/apps/api/src/app.controller.spec.ts @@ -9,7 +9,7 @@ describe('AppController', () => { beforeAll(async () => { app = await Test.createTestingModule({ controllers: [AppController], - imports: [ConfigModule.forRoot()], + imports: [ConfigModule], }).compile(); }); diff --git a/apps/api/email-templates/welcome.pug b/apps/api/src/assets/email-templates/welcome.pug similarity index 100% rename from apps/api/email-templates/welcome.pug rename to apps/api/src/assets/email-templates/welcome.pug diff --git a/apps/api/src/auth/passport/jwt.strategy.ts b/apps/api/src/auth/passport/jwt.strategy.ts index 45363ddb8..3c5f74f7d 100644 --- a/apps/api/src/auth/passport/jwt.strategy.ts +++ b/apps/api/src/auth/passport/jwt.strategy.ts @@ -5,19 +5,20 @@ import { passportJwtSecret, SigningKeyNotFoundError } from '@xmlking/jwks-rsa'; import { AuthService } from '../auth.service'; import { JwtToken } from '../interfaces/jwt-token.interface'; +import { environment as env } from '@env-api/environment'; @Injectable() export class JwtStrategy extends PassportStrategy(Strategy) { constructor(private readonly authService: AuthService) { super({ jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), - // secretOrKey: process.env.OIDC_PUBLIC_KEY, + // secretOrKey: env.auth.publicKey, secretOrKeyProvider: passportJwtSecret({ cache: true, rateLimit: true, jwksRequestsPerMinute: 5, strictSsl: false, - jwksUri: `${process.env.OIDC_ISSUER_URL}/protocol/openid-connect/certs`, + jwksUri: `${env.auth.issuer}/protocol/openid-connect/certs`, }), handleSigningKeyError: (err, cb) => { if (err instanceof SigningKeyNotFoundError) { @@ -27,8 +28,8 @@ export class JwtStrategy extends PassportStrategy(Strategy) { }, // Validate the audience and the issuer. - audience: process.env.OIDC_CLIENT, - issuer: process.env.OIDC_ISSUER_URL, + audience: env.auth.clientId, + issuer: env.auth.issuer, algorithm: ['RS256'], }); } diff --git a/apps/api/src/auth/passport/ws-jwt.strategy.ts b/apps/api/src/auth/passport/ws-jwt.strategy.ts index cea2c40f4..d874573ca 100644 --- a/apps/api/src/auth/passport/ws-jwt.strategy.ts +++ b/apps/api/src/auth/passport/ws-jwt.strategy.ts @@ -6,6 +6,7 @@ import { passportJwtSecret, SigningKeyNotFoundError } from '@xmlking/jwks-rsa'; import { AuthService } from '../auth.service'; import { JwtToken } from '../interfaces/jwt-token.interface'; import { WsException } from '@nestjs/websockets'; +import { environment as env } from '@env-api/environment'; const extractJwtFromWsQuery = req => { let token = null; @@ -22,13 +23,13 @@ export class WsJwtStrategy extends PassportStrategy(Strategy, 'ws-jwt') { constructor(private readonly authService: AuthService) { super({ jwtFromRequest: extractJwtFromWsQuery, // ExtractJwt.fromUrlQueryParameter('token'), - // secretOrKey: process.env.OIDC_PUBLIC_KEY, + // secretOrKey: env.auth.publicKey, secretOrKeyProvider: passportJwtSecret({ cache: true, rateLimit: true, jwksRequestsPerMinute: 5, strictSsl: false, - jwksUri: `${process.env.OIDC_ISSUER_URL}/protocol/openid-connect/certs`, + jwksUri: `${env.auth.issuer}/protocol/openid-connect/certs`, }), handleSigningKeyError: (err, cb) => { if (err instanceof SigningKeyNotFoundError) { @@ -38,8 +39,8 @@ export class WsJwtStrategy extends PassportStrategy(Strategy, 'ws-jwt') { }, // Validate the audience and the issuer. - audience: process.env.OIDC_CLIENT, - issuer: process.env.OIDC_ISSUER_URL, + audience: env.auth.clientId, + issuer: env.auth.issuer, algorithm: ['RS256'], }); } diff --git a/apps/api/src/email/email-core.module.ts b/apps/api/src/email/email-core.module.ts index 08346324e..358a97194 100644 --- a/apps/api/src/email/email-core.module.ts +++ b/apps/api/src/email/email-core.module.ts @@ -14,7 +14,7 @@ const defaultConfig = { forceEmbeddedImages: false, from: undefined, }, - templateDir: `${process.cwd()}/email-templates`, + templateDir: `${process.cwd()}/assets/email-templates`, }; @Global() diff --git a/apps/api/src/environments/environment.prod.ts b/apps/api/src/environments/environment.prod.ts index 4a1358ea8..e1ad9d80c 100644 --- a/apps/api/src/environments/environment.prod.ts +++ b/apps/api/src/environments/environment.prod.ts @@ -23,11 +23,9 @@ export const environment = { synchronize: false, }, - oidc: { - // issuerUrl: 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/kubernetes', - // client: 'cockpit', - issuerUrl: process.env.OIDC_ISSUER_URL || 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/is360', - client: process.env.OIDC_CLIENT || 'is360ui', + auth: { + issuer: process.env.OIDC_ISSUER_URL || 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/is360', + clientId: process.env.OIDC_CLIENT_ID || 'is360ui', }, email: { @@ -43,7 +41,7 @@ export const environment = { defaults: { from: process.env.EMAIL_FROM ? process.env.EMAIL_FROM : '"sumo demo" ', }, - templateDir: process.env.EMAIL_TEMPLATE_DIR || 'apps/api/email-templates', + templateDir: process.env.EMAIL_TEMPLATE_DIR || `${__dirname}/assets/email-templates`, }, webPush: { diff --git a/apps/api/src/environments/environment.ts b/apps/api/src/environments/environment.ts index 933f67958..db20fc2ce 100644 --- a/apps/api/src/environments/environment.ts +++ b/apps/api/src/environments/environment.ts @@ -29,11 +29,11 @@ export const environment = { synchronize: true, }, - oidc: { - // issuerUrl: 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/kubernetes', - // client: 'cockpit', - issuerUrl: process.env.OIDC_ISSUER_URL || 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/is360', - client: process.env.OIDC_CLIENT || 'is360ui', + auth: { + // issuer: 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/kubernetes', + // clientId: 'cockpit', + issuer: 'https://myroute-is360.a3c1.starter-us-west-1.openshiftapps.com/auth/realms/is360', + clientId: 'is360ui', }, email: { @@ -44,7 +44,7 @@ export const environment = { defaults: { from: '"sumo demo" ', }, - templateDir: 'apps/api/email-templates', + templateDir: 'apps/api/src/assets/email-templates', }, webPush: { diff --git a/apps/api/src/main.hmr.ts b/apps/api/src/main.hmr.ts index e4d1e586d..a5fb3ad33 100755 --- a/apps/api/src/main.hmr.ts +++ b/apps/api/src/main.hmr.ts @@ -33,16 +33,16 @@ async function bootstrap() { .setSchemes(config.isProd() ? 'https' : 'http') .addOAuth2( 'implicit', - `${env.oidc.issuerUrl}/protocol/openid-connect/auth`, - `${env.oidc.issuerUrl}/protocol/openid-connect/token`, + `${env.auth.issuer}/protocol/openid-connect/auth`, + `${env.auth.issuer}/protocol/openid-connect/token`, ) .build(); const document = SwaggerModule.createDocument(app, options); SwaggerModule.setup('docs', app, document, { swaggerOptions: { - oauth2RedirectUrl: `${env.server.domainUrl})}/docs/oauth2-redirect.html`, + oauth2RedirectUrl: `${env.server.domainUrl}/docs/oauth2-redirect.html`, oauth: { - clientId: env.oidc.client, + clientId: env.auth.clientId, appName: 'Sumo API', }, }, diff --git a/apps/api/src/main.ts b/apps/api/src/main.ts index 39a1ca270..c4493e335 100755 --- a/apps/api/src/main.ts +++ b/apps/api/src/main.ts @@ -34,16 +34,16 @@ async function bootstrap() { .setSchemes(config.isProd() ? 'https' : 'http') .addOAuth2( 'implicit', - `${env.oidc.issuerUrl}/protocol/openid-connect/auth`, - `${env.oidc.issuerUrl}/protocol/openid-connect/token`, + `${env.auth.issuer}/protocol/openid-connect/auth`, + `${env.auth.issuer}/protocol/openid-connect/token`, ) .build(); const document = SwaggerModule.createDocument(app, options); SwaggerModule.setup('docs', app, document, { swaggerOptions: { - oauth2RedirectUrl: `${env.server.domainUrl})}/docs/oauth2-redirect.html`, + oauth2RedirectUrl: `${env.server.domainUrl}/docs/oauth2-redirect.html`, oauth: { - clientId: env.oidc.client, + clientId: env.auth.clientId, appName: 'Sumo API', // scopeSeparator: ' ', // additionalQueryStringParams: {audience: env.oidc.audience}, diff --git a/package.json b/package.json index 3ca20035a..2889f510e 100644 --- a/package.json +++ b/package.json @@ -51,13 +51,11 @@ "dep-graph": "./node_modules/.bin/nx dep-graph", "help": "./node_modules/.bin/nx help", "// - API Serve": "API Serve", - "api:start:ng": "ng serve api", - "api:start": "ts-node -r tsconfig-paths/register apps/api/src/main.ts", + "api:start": "ng serve api", "api:start:dev": "nodemon --config ./apps/api/nodemon.json", "api:start:debug": "nodemon --config ./apps/api/nodemon-debug.json", + "api:build": "rimraf dist && ng build api --prod", "api:start:prod": "node dist/apps/api/main.js", - "api:prestart:prod": "rimraf dist && tsc -p ./apps/api/tsconfig.app.json", - "api:webpack": "webpack --config ./apps/api/webpack.config.js", "// - API Test": "API Testing", "api:test": "jest --projects=apps/api --roots=src", "api:test:watch": "jest --projects=apps/api --roots=src --watch",