fix(config): oauth is not configurable at runtime #35

zazuko · Oct 28, 2019 · 250d903 · 250d903
1 parent f7f3858
commit 250d903
Show file tree

Hide file tree

Showing 8 changed files with 173 additions and 146 deletions.
diff --git a/api/index.js b/api/index.js
@@ -61,7 +61,8 @@ const router = Router()
       }
       console.warn(`Starting Editor for ${process.env.CUSTOMER_NAME} with ${api} support, config v${editorConfig.id}`)
       apiMiddleware = await require(`./${api}`)(editorConfig)
-    } else {
+    }
+    else {
       debug('cached middleware')
     }
     apiMiddleware(req, res, next)

diff --git a/components/admin/AdminConfigForm.vue b/components/admin/AdminConfigForm.vue
@@ -308,119 +308,121 @@
         </div>
       </div>
 
-      <hr>
+      <div style="display: none">
+        <hr>
 
-      <h1 class="title">3. Forge Settings</h1>
-      <h2 class="subtitle">3.1. Login Strategy</h2>
+        <h1 class="title">3. Forge Settings</h1>
+        <h2 class="subtitle">3.1. Login Strategy</h2>
 
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Strategy</label>
-        </div>
-        <div class="field-body">
-          <div class="field is-narrow">
-            <div class="control">
-              <div class="select is-fullwidth">
-                <select
-                  name="loginStrategy"
-                  disabled>
-                  <option>GitHub</option>
-                  <option>Local</option>
-                </select>
+        <div class="field is-horizontal">
+          <div class="field-label is-normal">
+            <label class="label">Strategy</label>
+          </div>
+          <div class="field-body">
+            <div class="field is-narrow">
+              <div class="control">
+                <div class="select is-fullwidth">
+                  <select
+                    name="loginStrategy"
+                    disabled>
+                    <option>GitHub</option>
+                    <option>Local</option>
+                  </select>
+                </div>
               </div>
+              <p class="help">
+                Any OAuth API can be used for users to sign in.
+              </p>
             </div>
-            <p class="help">
-              Any OAuth API can be used for users to sign in.
-            </p>
           </div>
         </div>
-      </div>
 
-      <h2 class="subtitle">3.2. OAuth Settings</h2>
-      <p>
-        Changing these will affect through which GitHub app users
-        are signing in.
-      </p>
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">URL</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control is-expanded">
-              <input
-                :disabled="disabled"
-                class="input"
-                type="text"
-                placeholder="https://github.com/login/oauth"
-                v-model="forge.oauthHost"
-                required>
-            </p>
+        <h2 class="subtitle">3.2. OAuth Settings</h2>
+        <p>
+          Changing these will affect through which GitHub app users
+          are signing in.
+        </p>
+        <div class="field is-horizontal">
+          <div class="field-label is-normal">
+            <label class="label">URL</label>
           </div>
-        </div>
-      </div>
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Client ID</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control is-expanded">
-              <input
-                :disabled="disabled"
-                class="input"
-                type="text"
-                v-model="forge.oauthClientId"
-                required>
-            </p>
+          <div class="field-body">
+            <div class="field">
+              <p class="control is-expanded">
+                <input
+                  disabled="disabled"
+                  class="input"
+                  type="text"
+                  placeholder="https://github.com/login/oauth"
+                  v-model="forge.oauthHost"
+                  required>
+              </p>
+            </div>
           </div>
         </div>
-      </div>
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Client Secret</label>
+        <div class="field is-horizontal">
+          <div class="field-label is-normal">
+            <label class="label">Client ID</label>
+          </div>
+          <div class="field-body">
+            <div class="field">
+              <p class="control is-expanded">
+                <input
+                  disabled="disabled"
+                  class="input"
+                  type="text"
+                  v-model="forge.oauthClientId"
+                  required>
+              </p>
+            </div>
+          </div>
         </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control is-expanded">
-              <input
-                :disabled="disabled"
-                class="input"
-                type="text"
-                v-model="forge.oauthClientSecret"
-                required>
-            </p>
+        <div class="field is-horizontal">
+          <div class="field-label is-normal">
+            <label class="label">Client Secret</label>
+          </div>
+          <div class="field-body">
+            <div class="field">
+              <p class="control is-expanded">
+                <input
+                  disabled="disabled"
+                  class="input"
+                  type="text"
+                  v-model="forge.oauthClientSecret"
+                  required>
+              </p>
+            </div>
           </div>
         </div>
-      </div>
 
-      <h2 class="subtitle">3.3. GitHub Personal Access Token</h2>
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Token</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control is-expanded">
-              <input
-                :disabled="disabled"
-                class="input"
-                type="text"
-                v-model="forge.committerPersonalAccessToken"
-                placeholder=""
-                required>
-            </p>
-            <p class="help">
-              A GitHub Personal Access Token is required for the editor to interact with GitHub: create
-              pull requests, merge them, etc.
-            </p>
+        <h2 class="subtitle">3.3. GitHub Personal Access Token</h2>
+        <div class="field is-horizontal">
+          <div class="field-label is-normal">
+            <label class="label">Token</label>
+          </div>
+          <div class="field-body">
+            <div class="field">
+              <p class="control is-expanded">
+                <input
+                  disabled="disabled"
+                  class="input"
+                  type="text"
+                  v-model="forge.committerPersonalAccessToken"
+                  placeholder=""
+                  required>
+              </p>
+              <p class="help">
+                A GitHub Personal Access Token is required for the editor to interact with GitHub: create
+                pull requests, merge them, etc.
+              </p>
+            </div>
           </div>
         </div>
       </div>
 
       <hr>
 
-      <h1 class="title">4. Save</h1>
+      <h1 class="title">3. Save</h1>
       <div class="field is-horizontal">
         <div class="field-label is-normal">
           <!-- Left empty for spacing -->

diff --git a/docker-app-dev/.env b/docker-app-dev/.env
@@ -11,6 +11,10 @@ POSTGRESQL_ROLE_POSTGRAPHILE_PASSWORD=password-used-by-postgraphile-to-access-pg
 # secret seed for JWT - https://www.graphile.org/postgraphile/security/
 POSTGRAPHILE_TOKEN_SECRET=this-is-secret-as-well
 
+# cf. zazuko/ontology-editor#35
+OAUTH_CLIENT_ID=
+OAUTH_CLIENT_SECRET=
+
 # optional
 # DEBUG=graphile-build-pg,graphile-build-pg:sql,graphile-build-pg:warn,graphile-builder,graphql-parse-resolve-info,postgraphile:cli,postgraphile:graphql,postgraphile:postgres,postgraphile:postgres:error,postgraphile:request
 # SENTRY_DSN=
diff --git a/docker-app-prod/Dockerfile.web b/docker-app-prod/Dockerfile.web
@@ -11,9 +11,10 @@ COPY . /usr/src/app/
 RUN node -v && npm -v && npm ci --production
 
 # ENV BUILDING_WITHOUT_PG_ACCESS yes
+#
+# # Build app
+# RUN npm run build -- --modern=server
 
-# Build app
-# RUN npm run build
 #
 # # Stage 1, based on Nginx, to have only the compiled app, ready for production with Nginx
 FROM nginx:1.15

diff --git a/nuxt.config.js b/nuxt.config.js
@@ -101,8 +101,8 @@ module.exports = async () => {
       } : {
         local: false,
         github: {
-          client_id: editorConfig.forge.oauthClientId,
-          client_secret: editorConfig.forge.oauthClientSecret,
+          client_id: process.env.OAUTH_CLIENT_ID,
+          client_secret: process.env.OAUTH_CLIENT_SECRET,
           scope: ['user:email']
         }
       }

diff --git a/setup/fetch-config.js b/setup/fetch-config.js
@@ -1,12 +1,21 @@
 const knex = require('knex')
 const debug = require('debug')('editor:config')
+const getConfigFromEnvVars = require('./migration-helpers').getConfigFromEnvVars
+const envInit = require('./env-init')
 
 let config
 let lastFetch = (new Date(0)).getTime()
 
 const shouldRefetch = () => (Date.now() - lastFetch) > 15 * 1000
 
 module.exports = async function fetchConfig () {
+  if (process.env.BUILDING_WITHOUT_PG_ACCESS) {
+    envInit('test')
+    envInit('dev') // override
+    const config = getConfigFromEnvVars()
+    config.id = 1 // fake the config version
+    return config
+  }
   if (config && !shouldRefetch()) {
     debug('config served from cache')
     return config

diff --git a/setup/migrate.js b/setup/migrate.js
@@ -3,6 +3,7 @@ const path = require('path')
 const glob = require('glob-promise')
 const knex = require('knex')
 const ora = require('ora')
+const getConfigFromEnvVars = require('./migration-helpers').getConfigFromEnvVars
 
 const envInit = require('./env-init')
 
@@ -268,51 +269,7 @@ async function migrateSettings () {
       .limit(1)
 
     if (!existingConfigs.length) {
-      const editorConfig = JSON.parse(process.env.EDITOR_CONFIG)
-
-      const editor = {
-        loginStrategy: process.env.AUTH_STRATEGY || 'github',
-        host: process.env.EDITOR_HOST || 'localhost:3000',
-        protocol: process.env.EDITOR_PROTOCOL || 'http',
-        meta: {
-          title: editorConfig.head.title || 'Zazuko Ontology Editor Demo',
-          customerName: process.env.CUSTOMER_NAME || 'Zazuko GmbH',
-          description: editorConfig.head.description || 'Linked Data Ontology Editor for Domain Specialists'
-        },
-        logoUrl: '/dcf-logo.svg',
-        text: {
-          home: [
-            '<p>The Ontology Manager is based on a web interface and Github for repository functions. It has been created in order to enable collaboration on schema definition beyond the developer community and enabling the business process experts to engage and drive the creation of the best possible schema for the logistics industry, while ensuring a correct schema definition in Turtle (Terse RDF Triple Language) format.</p>',
-            '<p>The Ontology Manager consists of the following functions; </p> <ul class="dash-bullet"> <li> repository of schema in Turtle format (Github) </li> <li> logical visualization of schema </li> <li> forum capability </li> <li> proposal, voting, and acceptance of new schema entries, changes, and deprecation </li> <li> search in all defined schemas </li> <li> activity list view </li> </ul> <p> In order to join you will need a Github account. </p>'
-          ],
-          login: `${process.env.CUSTOMER_NAME} uses GitHub as a collaboration platform for the ontology management. Therefore you require a GitHub account to collaborate on ${process.env.CUSTOMER_NAME}.`
-        },
-        github: {
-          repo: editorConfig.github.repo || 'o',
-          owner: editorConfig.github.owner || 'vhf',
-          branch: editorConfig.github.branch || 'example-com'
-        },
-        committer: {
-          name: editorConfig.committer.name || 'Ontology Editor',
-          email: editorConfig.committer.email || 'victor.felder@zazuko.com'
-        }
-      }
-
-      const ontology = {
-        datasetBaseUrl: process.env.DATASET_BASE_URL || 'http://example.com/',
-        classBaseUrl: process.env.CLASS_BASE_URL || 'http://example.com/schema/',
-        propertyBaseUrl: process.env.PROPERTY_BASE_URL || 'http://example.com/schema/',
-        containersNestingPredicate: process.env.CONTAINERS_NESTING_PREDICATE || 'http://schema.org/hasPart',
-        ontologyRawUrl: process.env.ONTOLOGY_RAW_URL || 'https://raw.githubusercontent.com/vhf/o/example-com/ontology.nt',
-        structureRawUrl: process.env.STRUCTURE_RAW_URL || 'https://raw.githubusercontent.com/vhf/o/example-com/structure.nt'
-      }
-
-      const forge = {
-        oauthHost: process.env.OAUTH_HOST || 'https://github.com/login/oauth',
-        oauthClientId: process.env.OAUTH_CLIENT_ID || '',
-        oauthClientSecret: process.env.OAUTH_CLIENT_SECRET || '',
-        committerPersonalAccessToken: process.env.GITHUB_PERSONAL_ACCESS_TOKEN || ''
-      }
+      const { forge, editor, ontology } = getConfigFromEnvVars()
 
       await client.raw(`
         INSERT INTO
@@ -325,9 +282,10 @@ async function migrateSettings () {
         )
         RETURNING "id", "forge", "editor", "ontology";
       `)
-      spinner.succeed(`Imported config from env vars`)
-    } else {
-      spinner.succeed(`Config exists; not importing anything.`)
+      spinner.succeed('Imported config from env vars')
+    }
+    else {
+      spinner.succeed('Config exists; not importing anything.')
     }
 
     await client.destroy()