aboutsummaryrefslogtreecommitdiffstats
path: root/config/auth.ts
diff options
context:
space:
mode:
authorLibravatar Ricardo <ricardo@cino.io>2023-10-13 14:12:03 +0200
committerLibravatar GitHub <noreply@github.com>2023-10-13 13:12:03 +0100
commite503468660a13760010a94ecda5f0625c6f47f87 (patch)
treefa532f54fc5f091de08d55405ec6339bd2440a02 /config/auth.ts
parent1.3.16 [skip ci] (diff)
downloadferdium-server-e503468660a13760010a94ecda5f0625c6f47f87.tar.gz
ferdium-server-e503468660a13760010a94ecda5f0625c6f47f87.tar.zst
ferdium-server-e503468660a13760010a94ecda5f0625c6f47f87.zip
Server re-build with latest AdonisJS framework & Typescript (#47)
* chore: setup first basis structure * chore: ensure styling is loaded correctly * chore: comply to new routing syntax by replace . with / in routes/resource locations * chore: add login controller * chore: correctly use views with slash instead of dot * chore: working login + tests * chore: clean up tests * chore: add password-forgot endpoint and matching test * chore: add delete page test * chore: add logout test * chore: add reset-password route and tests * chore: remove obsolete comment * chore: add account-page and tests * chore: add data page & first step of the test * chore: add transfer/import data feature and tests * chore: add export and basic test * chore: add all static api routes with tests * Regenerate 'pnpm-lock.json' and fix bad merge conflict WIP: - Tests have been commented out since they dont work - Server doesn't start * easier dev and test runs * - remove --require-pragma from reformat-files so formatting works properly - run pnpm reformat-files over codebase - remove .json files from .eslintignore - add invalid.json file to .eslintignore - configure prettier properly in eslint config - add type jsdoc to prettier config - run adonis generate:manifest command to regenerate ace-manifest.json - specify volta in package.json - introduce typecheck npm script - remove unused .mjs extension from npm scripts - install missing type definition dependencies - add pnpm.allowedDeprecatedVersions to package.json - fix invalid extends in tsconfig.json causing TS issues throughout codebase - remove @ts-ignore throughout codebase which is not relevant anymore - enable some of the tsconfig options - remove outdated eslint-disable from codebase - change deprecated faker.company.companyName() to faker.company.name() - fix TS issues inside transfer.spec.ts * - update to latest node and pnpm versions - upgrade all non-major dependencies to latest - install missing @types/luxon dependency - add cuid to pnpm.allowedDeprecatedVersions - add esModuleInterop config option to tsconfig - migrate more deprecated faker methods to new ones - add more temporary ts-ignore to code * - update eslint config - remove trailingComma: all since default in prettier v3 - add typecheck command to prepare-code npm script - upgrade various dependencies to latest major version - update tsconfig to include only useful config options - disable some lint issues and fix others * - add test command to prepare-code - disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models - update precommit hook to excute pnpm prepare-code - remove ts-ignore statements from all models * fix node and pnpm dependency update * add cross env (so that we can develop on windows) * add signup endpoint (TODO: JWT auth) * Add login endpoint * Add me and updateMe endpoints * Add service endpoint * refactor: change endpoints to use jwt * add recipes endpoint * add workspaces endpoint * fix web controllors for login and post import * Update node deps * Change auth middleware (for web) and exempt api from CSRF * Add import endpoint (franz import) * Fix export/import logic * Fix service and workspace data in user/data * Fix partial lint * chore: workaround lint issues * fix: migration naming had two . * Sync back node with recipes repo * Temporarily ignore typescript * Fix adonisrc to handle public folder static assets * Fix issue with production database * add Legacy Password Provider * Fix lint errors * Fix issue on login errors frontend * add Legacy Password Provider * Fix issue with customIcons * Fix issue with auth tokens * Update 'node' to '18.18.0' * make docker work * improve docker entrypoint (test api performance) * Add migration database script * NODE_ENV on recipes * prefer @ts-expect-error over @ts-ignore * small fixes * Update 'pnpm' to '8.7.6' * fix error catch * Automatically generate JWT Public and Private keys * Use custom Adonis5-jwt * Update code to use secret (old way, no breaking changes) * Normalize appKey * Trick to make JWT tokens on client work with new version * Fix error with new JWT logic * Change migration and how we store JWT * Fix 500 response code (needs to be 401) * Improve logic and fix bugs * Fix build and entrypoint logic * Catch error if appKey changes * Add newToken logic * Fix lint (ignore any errors) * Add build for PRs * pnpm reformat-files result * Fix some tests * Fix reset password not working (test failing) * Restore csrfTokens (disabled by accident) * Fix pnpm start command with .env * Disable failing tests on the transfer endpoint (TODO) * Add tests to PR build * Fix build * Remove unnecessary assertStatus * Add typecheck * hash password on UserFactory (fix build) * Add JWT_USE_PEM true by default (increase security) * fix name of github action --------- Co-authored-by: Vijay A <vraravam@users.noreply.github.com> Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com> Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com> Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>
Diffstat (limited to 'config/auth.ts')
-rw-r--r--config/auth.ts263
1 files changed, 263 insertions, 0 deletions
diff --git a/config/auth.ts b/config/auth.ts
new file mode 100644
index 0000000..28a9b8c
--- /dev/null
+++ b/config/auth.ts
@@ -0,0 +1,263 @@
1/**
2 * Config source: https://git.io/JY0mp
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import { AuthConfig } from '@ioc:Adonis/Addons/Auth';
9import Env from '@ioc:Adonis/Core/Env';
10import { appKey, jwtUsePEM } from './app';
11
12/*
13|--------------------------------------------------------------------------
14| Authentication Mapping
15|--------------------------------------------------------------------------
16|
17| List of available authentication mapping. You must first define them
18| inside the `contracts/auth.ts` file before mentioning them here.
19|
20*/
21const authConfig: AuthConfig = {
22 guard: 'web',
23 guards: {
24 /*
25 |--------------------------------------------------------------------------
26 | Web Guard
27 |--------------------------------------------------------------------------
28 |
29 | Web guard uses classic old school sessions for authenticating users.
30 | If you are building a standard web application, it is recommended to
31 | use web guard with session driver
32 |
33 */
34 web: {
35 driver: 'session',
36
37 provider: {
38 /*
39 |--------------------------------------------------------------------------
40 | Driver
41 |--------------------------------------------------------------------------
42 |
43 | Name of the driver
44 |
45 */
46 driver: 'lucid',
47
48 /*
49 |--------------------------------------------------------------------------
50 | Identifier key
51 |--------------------------------------------------------------------------
52 |
53 | The identifier key is the unique key on the model. In most cases specifying
54 | the primary key is the right choice.
55 |
56 */
57 identifierKey: 'id',
58
59 /*
60 |--------------------------------------------------------------------------
61 | Uids
62 |--------------------------------------------------------------------------
63 |
64 | Uids are used to search a user against one of the mentioned columns. During
65 | login, the auth module will search the user mentioned value against one
66 | of the mentioned columns to find their user record.
67 |
68 */
69 uids: ['email'],
70
71 /*
72 |--------------------------------------------------------------------------
73 | Model
74 |--------------------------------------------------------------------------
75 |
76 | The model to use for fetching or finding users. The model is imported
77 | lazily since the config files are read way earlier in the lifecycle
78 | of booting the app and the models may not be in a usable state at
79 | that time.
80 |
81 */
82 model: () => import('App/Models/User'),
83 },
84 },
85 /*
86 |--------------------------------------------------------------------------
87 | OAT Guard
88 |--------------------------------------------------------------------------
89 |
90 | OAT (Opaque access tokens) guard uses database backed tokens to authenticate
91 | HTTP request. This guard DOES NOT rely on sessions or cookies and uses
92 | Authorization header value for authentication.
93 |
94 | Use this guard to authenticate mobile apps or web clients that cannot rely
95 | on cookies/sessions.
96 |
97 */
98 api: {
99 driver: 'oat',
100
101 /*
102 |--------------------------------------------------------------------------
103 | Tokens provider
104 |--------------------------------------------------------------------------
105 |
106 | Uses SQL database for managing tokens. Use the "database" driver, when
107 | tokens are the secondary mode of authentication.
108 | For example: The Github personal tokens
109 |
110 | The foreignKey column is used to make the relationship between the user
111 | and the token. You are free to use any column name here.
112 |
113 */
114 tokenProvider: {
115 type: 'api',
116 driver: 'database',
117 table: 'tokens',
118 foreignKey: 'user_id',
119 },
120
121 provider: {
122 /*
123 |--------------------------------------------------------------------------
124 | Driver
125 |--------------------------------------------------------------------------
126 |
127 | Name of the driver
128 |
129 */
130 driver: 'lucid',
131
132 /*
133 |--------------------------------------------------------------------------
134 | Identifier key
135 |--------------------------------------------------------------------------
136 |
137 | The identifier key is the unique key on the model. In most cases specifying
138 | the primary key is the right choice.
139 |
140 */
141 identifierKey: 'id',
142
143 /*
144 |--------------------------------------------------------------------------
145 | Uids
146 |--------------------------------------------------------------------------
147 |
148 | Uids are used to search a user against one of the mentioned columns. During
149 | login, the auth module will search the user mentioned value against one
150 | of the mentioned columns to find their user record.
151 |
152 */
153 uids: ['email'],
154
155 /*
156 |--------------------------------------------------------------------------
157 | Model
158 |--------------------------------------------------------------------------
159 |
160 | The model to use for fetching or finding users. The model is imported
161 | lazily since the config files are read way earlier in the lifecycle
162 | of booting the app and the models may not be in a usable state at
163 | that time.
164 |
165 */
166 model: () => import('App/Models/User'),
167 },
168 },
169 /*
170 |--------------------------------------------------------------------------
171 | Basic Auth Guard
172 |--------------------------------------------------------------------------
173 |
174 | Uses Basic auth to authenticate an HTTP request. There is no concept of
175 | "login" and "logout" with basic auth. You just authenticate the requests
176 | using a middleware and browser will prompt the user to enter their login
177 | details
178 |
179 */
180 basic: {
181 driver: 'basic',
182 realm: 'Login',
183
184 provider: {
185 /*
186 |--------------------------------------------------------------------------
187 | Driver
188 |--------------------------------------------------------------------------
189 |
190 | Name of the driver
191 |
192 */
193 driver: 'lucid',
194
195 /*
196 |--------------------------------------------------------------------------
197 | Identifier key
198 |--------------------------------------------------------------------------
199 |
200 | The identifier key is the unique key on the model. In most cases specifying
201 | the primary key is the right choice.
202 |
203 */
204 identifierKey: 'id',
205
206 /*
207 |--------------------------------------------------------------------------
208 | Uids
209 |--------------------------------------------------------------------------
210 |
211 | Uids are used to search a user against one of the mentioned columns. During
212 | login, the auth module will search the user mentioned value against one
213 | of the mentioned columns to find their user record.
214 |
215 */
216 uids: ['email'],
217
218 /*
219 |--------------------------------------------------------------------------
220 | Model
221 |--------------------------------------------------------------------------
222 |
223 | The model to use for fetching or finding users. The model is imported
224 | lazily since the config files are read way earlier in the lifecycle
225 | of booting the app and the models may not be in a usable state at
226 | that time.
227 |
228 */
229 model: () => import('App/Models/User'),
230 },
231 },
232 jwt: {
233 driver: 'jwt',
234 secret: jwtUsePEM ? undefined : appKey,
235 algorithmJwt: jwtUsePEM ? undefined : 'HS256',
236 publicKey: jwtUsePEM
237 ? Env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n')
238 : undefined,
239 privateKey: jwtUsePEM
240 ? Env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n')
241 : undefined,
242 persistJwt: true,
243 // TODO: We should improve the following implementation as this is a security concern.
244 // The following ts-expect-error is to set exp to undefined (JWT with no expiration)
245 // @ts-expect-error
246 jwtDefaultExpire: undefined,
247 refreshTokenDefaultExpire: '10d',
248 tokenProvider: {
249 driver: 'database',
250 table: 'jwt_tokens',
251 foreignKey: 'user_id',
252 },
253 provider: {
254 driver: 'lucid',
255 identifierKey: 'id',
256 uids: [],
257 model: () => import('App/Models/User'),
258 },
259 },
260 },
261};
262
263export default authConfig;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 16:44:09 +0000