Oauth2 PKCE state using redis (#236)

Co-authored-by: Uroš Marolt <[email protected]>

Author: epipav

backend/.env.dist.composed

@@ -9,6 +9,9 @@ CROWD_SQS_NODEJS_WORKER_DELAYABLE_QUEUE=http://sqs:9324/000000000000/nodejs-work
 CROWD_SQS_PYTHON_WORKER_QUEUE="http://sqs:9324/000000000000/python-worker.fifo"
 CROWD_SQS_PREMIUM_PYTHON_WORKER_QUEUE="http://sqs:9324/000000000000/premium-python-worker.fifo"
 
+# Redis settings
+CROWD_REDIS_HOST=redis
+
 # S3 settings
 CROWD_S3_HOST="s3"
 

backend/.env.dist.local

@@ -24,6 +24,12 @@ CROWD_SQS_AWS_ACCESS_KEY_ID=x
 CROWD_SQS_AWS_SECRET_ACCESS_KEY=x
 CROWD_SQS_AWS_REGION=elasticmq
 
+# Redis settings
+CROWD_REDIS_USERNAME=default
+CROWD_REDIS_PASSWORD=crowdtest
+CROWD_REDIS_HOST=localhost
+CROWD_REDIS_PORT=6379
+
 # S3 settings
 CROWD_S3_HOST=localhost
 CROWD_S3_PORT=9000

backend/config/custom-environment-variables.json

@@ -8,6 +8,12 @@
     "jwtExpiresIn": "CROWD_API_JWT_EXPIRES_IN",
     "premiumApiUrl": "CROWD_PREMIUM_API_URL"
   },
+  "redis": {
+    "username": "CROWD_REDIS_USERNAME",
+    "password": "CROWD_REDIS_PASSWORD",
+    "host": "CROWD_REDIS_HOST",
+    "port": "CROWD_REDIS_PORT"
+  },
   "sqs": {
     "host": "CROWD_SQS_HOST",
     "port": "CROWD_SQS_PORT",

backend/package-lock.json

@@ -4,13 +4,13 @@
   "scripts": {
     "start:api": "ts-node --transpile-only ./src/bin/api.ts",
     "start:api:dev": "nodemon --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/api.ts\"",
-    "start:api:dev:local": "set -a && . ./.env.dist.local && . ./.env.override.local && set +a && SERVICE=api nodemon --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/api.ts\"",
+    "start:api:dev:local": "set -a && . ./.env.dist.local && . ./.env.override.local && set +a && SERVICE=api nodemon --signal SIGKILL --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/api.ts\"",
     "start:job-generator": "ts-node --transpile-only ./src/bin/job-generator.ts",
     "start:job-generator:dev": "nodemon --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/job-generator.ts\"",
-    "start:job-generator:dev:local": "set -a && . ./.env.dist.local && . ./.env.override.local && set +a && SERVICE=job-generator nodemon --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/job-generator.ts\"",
+    "start:job-generator:dev:local": "set -a && . ./.env.dist.local && . ./.env.override.local && set +a && SERVICE=job-generator nodemon --signal SIGKILL --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/job-generator.ts\"",
     "start:nodejs-worker": "ts-node --transpile-only ./src/bin/nodejs-worker.ts",
     "start:nodejs-worker:dev": "nodemon --watch \"src/**/*.ts\" -e ts,json --exec \"ts-node --transpile-only ./src/bin/nodejs-worker.ts\"",
-    "start:nodejs-worker:dev:local": "set -a && . ./.env.dist.local && . ./.env.override.local && set +a && SERVICE=nodejs-worker nodemon --watch \"src/**/*.ts\" -e ts,json --exec \"node --inspect=0.0.0.0:9229 -r ts-node/register ./src/bin/nodejs-worker.ts --transpile-only\"",
+    "start:nodejs-worker:dev:local": "set -a && . ./.env.dist.local && . ./.env.override.local && set +a && SERVICE=nodejs-worker nodemon --signal SIGKILL --watch \"src/**/*.ts\" -e ts,json --exec \"node --inspect=0.0.0.0:9229 -r ts-node/register ./src/bin/nodejs-worker.ts --transpile-only\"",
     "build": "tsc && npm run build:documentation && cp package*json dist/ && cp .sequelizerc dist/.sequelizerc ",
     "test": "../scripts/cli scaffold up-test && jest --clearCache && set -a && . ./.env.dist.local && . ./.env.test && set +a && NODE_ENV=test SERVICE=test jest --runInBand --verbose --forceExit",
     "build:documentation": "copyfiles --flat ./src/documentation/openapi.json ./dist/documentation/",
@@ -77,6 +77,7 @@
     "passport-slack": "0.0.7",
     "pg": "^8.7.3",
     "pm2": "^5.2.0",
+    "redis": "^4.5.0",
     "sanitize-html": "^2.7.1",
     "sequelize": "6.21.2",
     "sequelize-cli-typescript": "^3.2.0-c",

backend/package.json

@@ -1,8 +1,5 @@
-import { get } from 'lodash'
 import passport from 'passport'
-import GoogleStrategy from 'passport-google-oauth20'
 import { API_CONFIG, GOOGLE_CONFIG } from '../../config'
-import { databaseInit } from '../../database/databaseConnection'
 import AuthService from '../../services/auth/authService'
 import { createServiceChildLogger } from '../../utils/logging'
 
@@ -31,43 +28,6 @@ export default (app, routes) => {
   })
 
   if (GOOGLE_CONFIG.clientId) {
-    passport.use(
-      new GoogleStrategy(
-        {
-          clientID: GOOGLE_CONFIG.clientId,
-          clientSecret: GOOGLE_CONFIG.clientSecret,
-          callbackURL: GOOGLE_CONFIG.callbackUrl,
-        },
-        (accessToken, refreshToken, profile, done) => {
-          databaseInit()
-            .then((database) => {
-              const email = get(profile, 'emails[0].value')
-              const emailVerified = get(profile, 'emails[0].verified', false)
-              const displayName = get(profile, 'displayName')
-              const { firstName, lastName } = splitFullName(displayName)
-
-              return AuthService.signinFromSocial(
-                'google',
-                profile.id,
-                email,
-                emailVerified,
-                firstName,
-                lastName,
-                displayName,
-                { database },
-              )
-            })
-            .then((jwtToken) => {
-              done(null, jwtToken)
-            })
-            .catch((error) => {
-              log.error(error, 'Error while handling google auth!')
-              done(error, null)
-            })
-        },
-      ),
-    )
-
     routes.get(
       '/auth/social/google',
       passport.authenticate('google', {
@@ -103,19 +63,3 @@ function handleCallback(res, err, jwtToken) {
 
   res.redirect(`${API_CONFIG.frontendUrl}/?social=true&authToken=${jwtToken}`)
 }
-
-function splitFullName(fullName) {
-  let firstName
-  let lastName
-
-  if (fullName && fullName.split(' ').length > 1) {
-    const [firstNameArray, ...lastNameArray] = fullName.split(' ')
-    firstName = firstNameArray
-    lastName = lastNameArray.join(' ')
-  } else {
-    firstName = fullName || null
-    lastName = null
-  }
-
-  return { firstName, lastName }
-}