secret-tech / backend-auth Goto Github PK
View Code? Open in Web Editor NEWIdentity service
Home Page: https://secrettech.io
License: MIT License
Identity service
Home Page: https://secrettech.io
License: MIT License
We need to handle OPTIONS requests, add CORS and other headers required by JavaScript browser clients
Fix "npm run build" and Dockerfile.
OS:Mac OS Sierra
Docker: Version 18.03.0-ce-mac60 (23751)
docker-compose build --no-cache
docker-compose up -d
docker-compose exec auth npm i (ERROR: No container found for auth_1)
command: exec auth nom i ,prompt ERROR.
When tenant has small amount of users(bellow 50) pagination works wrong.
It returns non-zero cursor but 0 users. So the first page stays empty.
The first page is not empty if tenant has registered users
Use winston for this purpose
Fix default token expiration time.
Consider using search patterns with *
allowed to match all symbols?
Search by login is supposed to be OK
Add message
field to validation errors
Add ability to read environment variables from .env file.
I send post request and got message 'curl: (52) Empty reply from server'.
I have built successfully and related container is up running, testing process should be OK.
This is environment and build process info.
1.dev environment
OS:Mac OS Sierra
Docker: Version 18.03.0-ce-mac60 (23751)
2./etc/hosts DNS.
127.0.0.1 auth
127.0.0.1 verify
2.docker compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------
backendauth_auth_1 /bin/sh -c npm start Up 0.0.0.0:32782->3000/tcp, 0.0.0.0:32781->4000/tcp
backendauth_redis_1 docker-entrypoint.sh redis ... Up 0.0.0.0:32780->6379/tcp
3.docker-compose exec auth npm test
> [email protected] test /usr/src/app
> nyc mocha ./src/**/*.spec.ts
(node:91) Warning: process.on(SIGPROF) is reserved while debugging
Application
✓ should return 404 and not contain X-Powered-By header
✓ should return 406 for unsupported Accept header
✓ should return 406 for unsupported Content-Type header
Authenticate
POST /auth
✓ should return 404 (54ms)
✓ should require login
✓ should require password
✓ should require deviceId
✓ should authenticate user (421ms)
✓ should respond with 403 error code when password is incorrect (416ms)
POST /auth/logout
✓ should logout
✓ should respond with 400 code when logout with incorrect token
✓ should require token
POST /auth/verify
✓ should be valid token
✓ should be invalid token
✓ should require token
Tenants
POST /tenant
✓ should create tenant (233ms)
✓ should not create tenant when email already exists (429ms)
✓ should require email
✓ should validate email
✓ should require password
✓ should validate password length
✓ should validate password format
✓ should use tenant IP whitelist
POST /tenant/login
✓ should authenticate tenant (425ms)
✓ should not authenticate tenant with incorrect password (421ms)
✓ should not authenticate tenant with incorrect email (216ms)
✓ should require email
✓ should validate email
✓ should require password
✓ should validate password length
✓ should validate password format
POST /tenant/logout
✓ should logout (424ms)
✓ should respond with error for incorrect token (429ms)
✓ should require token
POST /tenant/verify
✓ should verify valid token (422ms)
✓ should respond with error for incorrect token (427ms)
✓ should require token
Users
POST /user
✓ should create user (210ms)
✓ should create user when additional fields are present in request (209ms)
✓ should create user when additional fields are present in request (209ms)
✓ should validate email
✓ should require email
✓ should require login
✓ should require password
✓ should require sub
DELETE /user
✓ should delete user (209ms)
✓ should respond with 404 code if login is not found (42ms)
✓ should require login
Auth Middleware
Test Auth
✓ should require Authorization header
✓ should require Bearer
✓ should not auth incorrect token
✓ should not authorize non-tenant user
✓ should authorize tenant
IP whitelist filter
Test filter
✓ should respond with 403 if IP is not in whitelist
✓ should allow request if IP is in whitelist
Request Throttler
Test throttler
✓ should throttle
✓ should throttle white list IP
jwtService
#generate
✓ should return token
#verify
✓ should verify token
✓ should verify token
keyService
#set
✓ should create session
#get
✓ should return session
#delete
✓ should delete session
storageService
#set
✓ should return "OK"
#get
✓ should return value
✓ should return null
#expire
✓ should return 1
✓ should return 0
#del
✓ should return 1
✓ should return 0
tenantService
#create
✓ should create new tenant (220ms)
#login
✓ should login tenant and return valid token (424ms)
userService
#create
✓ should create new user (221ms)
#get
✓ should return user
74 passing (16s)
------------------------|----------|----------|----------|----------|----------------|
File | % Stmts | % Branch | % Funcs | % Lines |Uncovered Lines |
------------------------|----------|----------|----------|----------|----------------|
All files | 98.47 | 81.73 | 100 | 98.37 | |
src | 95.77 | 73.33 | 100 | 95.71 | |
app.ts | 90 | 62.5 | 100 | 89.66 | 16,17,20 |
config.ts | 100 | 77.27 | 100 | 100 | |
ioc.container.ts | 100 | 100 | 100 | 100 | |
src/controllers | 98.94 | 90 | 100 | 98.86 | |
jwt.controller.ts | 97.56 | 90 | 100 | 97.44 | 67 |
tenant.controller.ts | 100 | 87.5 | 100 | 100 | |
user.controller.ts | 100 | 100 | 100 | 100 | |
src/middlewares | 97.53 | 88.24 | 100 | 97.53 | |
auth.ts | 100 | 100 | 100 | 100 | |
ip.whitelist.ts | 91.67 | 66.67 | 100 | 91.67 | 28 |
request.throttler.ts | 95.65 | 80 | 100 | 95.65 | 57 |
request.validation.ts | 100 | 100 | 100 | 100 | |
src/services | 100 | 75 | 100 | 100 | |
jwt.service.ts | 100 | 100 | 100 | 100 | |
key.service.ts | 100 | 100 | 100 | 100 | |
storage.service.ts | 100 | 50 | 100 | 100 | |
tenant.service.ts | 100 | 100 | 100 | 100 | |
user.service.ts | 100 | 100 | 100 | 100 | |
------------------------|----------|----------|----------|----------|----------------|
=============================== Coverage summary ===============================
Statements : 98.47% ( 385/391 )
Branches : 81.73% ( 85/104 )
Functions : 100% ( 74/74 )
Lines : 98.37% ( 363/369 )
================================================================================
4.send curl request.
curl --include \
--request POST \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data-binary "{
\"email\": \"[email protected]\",
\"password\": \"Password2\"
}" \
'http://auth:3000/tenant'
I got 'curl: (52) Empty reply from server'.
By the way, the docs say the API endpoint is: http://auth:3000/
,is my DNS setup steps correct?
Thanks
List users of tenant who requested GET /user
endpoint.
Review API and fix obvious security issues according to checklist
Add this checklist to repo's README file.
Add validation middleware for all endpoints.
Endpoint: /user
POST.
If tenant has no users, and trying get users list backend throws an exception
ReplyError: ERR wrong number of arguments for 'mget' command
at parseError (/usr/src/app/node_modules/redis-parser/lib/parser.js:193:12)
at parseType (/usr/src/app/node_modules/redis-parser/lib/parser.js:303:14)
Expected behavior - backend responds with an empty array
It tells that accessToken required in request body but it actually needs token
Add possibility to register and authenticate tenants separately from end users.
[email protected] serve /usr/src/app
node ./dist/bin/www.js
events.js:160
throw er; // Unhandled 'error' event
^
ReplyError: Ready check failed: ERR max number of clients reached
at parseError (/usr/src/app/node_modules/redis-parser/lib/parser.js:193:12)
at parseType (/usr/src/app/node_modules/redis-parser/lib/parser.js:303:14)
npm ERR! Linux 4.9.36-x86_64-linode85
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "run" "serve"
npm ERR! node v6.11.0
npm ERR! npm v3.10.10
npm ERR! code ELIFECYCLE
npm ERR! [email protected] serve: node ./dist/bin/www.js
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] serve script 'node ./dist/bin/www.js'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the auth package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! node ./dist/bin/www.js
npm ERR! You can get information on how to open an issue for this project with:
npm ERR! npm bugs auth
npm ERR! Or if that isn't available, you can get their info via:
npm ERR! npm owner ls auth
npm ERR! There is likely additional logging output above.
npm ERR! Please include the following file with any support request:
npm ERR! /usr/src/app/npm-debug.log
Docker has ability to use "secrets", for an example it could be using for AUTH_JWT env. But docker mount secrets as files. That's why need to use suffix _FILE (for env below it will be AUTH_JWT_FILE). An entrypoint script parse envs and detects _FILE prefix in name, read pointed file and export new env without _FILE suffix.
Allow additional fields on user creation requests. E.g. employeeId and others.
Document Auth service API. Fix and add tests.
Add white list of IPs which can create tenants.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.