secret-tech / backend-auth Goto Github PK
View Code? Open in Web Editor NEWIdentity service
Home Page: https://secrettech.io
License: MIT License
backend-auth's People
Contributors
Stargazers
Watchers
backend-auth's Issues
Add headers to support requests from JS web client
We need to handle OPTIONS requests, add CORS and other headers required by JavaScript browser clients
Fix "npm run build" and Dockerfile.
Fix "npm run build" and Dockerfile.
build ERROR: No container found for auth_1
OS:Mac OS Sierra
Docker: Version 18.03.0-ce-mac60 (23751)
docker-compose build --no-cache
docker-compose up -d
docker-compose exec auth npm i (ERROR: No container found for auth_1)
command: exec auth nom i ,prompt ERROR.
Add reg date and last activity date to each user in users list (timestamp format)
Fix pagination bug
The problem
When tenant has small amount of users(bellow 50) pagination works wrong.
It returns non-zero cursor but 0 users. So the first page stays empty.
Expected behaviour
The first page is not empty if tenant has registered users
Add logging
Use winston for this purpose
Try to use Redis URL for password protected connections.
Fix default token expiration time.
Fix default token expiration time.
Search users by login
Consider using search patterns with * allowed to match all symbols?
Search by login is supposed to be OK
Web client oriented validation error messages
Add message field to validation errors
Add dotenv
Add ability to read environment variables from .env file.
curl: (52) Empty reply from server
I send post request and got message 'curl: (52) Empty reply from server'.
I have built successfully and related container is up running, testing process should be OK.
This is environment and build process info.
1.dev environment
OS:Mac OS Sierra
Docker: Version 18.03.0-ce-mac60 (23751)
2./etc/hosts DNS.
127.0.0.1 auth
127.0.0.1 verify
2.docker compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------
backendauth_auth_1 /bin/sh -c npm start Up 0.0.0.0:32782->3000/tcp, 0.0.0.0:32781->4000/tcp
backendauth_redis_1 docker-entrypoint.sh redis ... Up 0.0.0.0:32780->6379/tcp
3.docker-compose exec auth npm test
> [email protected] test /usr/src/app
> nyc mocha ./src/**/*.spec.ts
(node:91) Warning: process.on(SIGPROF) is reserved while debugging
Application
✓ should return 404 and not contain X-Powered-By header
✓ should return 406 for unsupported Accept header
✓ should return 406 for unsupported Content-Type header
Authenticate
POST /auth
✓ should return 404 (54ms)
✓ should require login
✓ should require password
✓ should require deviceId
✓ should authenticate user (421ms)
✓ should respond with 403 error code when password is incorrect (416ms)
POST /auth/logout
✓ should logout
✓ should respond with 400 code when logout with incorrect token
✓ should require token
POST /auth/verify
✓ should be valid token
✓ should be invalid token
✓ should require token
Tenants
POST /tenant
✓ should create tenant (233ms)
✓ should not create tenant when email already exists (429ms)
✓ should require email
✓ should validate email
✓ should require password
✓ should validate password length
✓ should validate password format
✓ should use tenant IP whitelist
POST /tenant/login
✓ should authenticate tenant (425ms)
✓ should not authenticate tenant with incorrect password (421ms)
✓ should not authenticate tenant with incorrect email (216ms)
✓ should require email
✓ should validate email
✓ should require password
✓ should validate password length
✓ should validate password format
POST /tenant/logout
✓ should logout (424ms)
✓ should respond with error for incorrect token (429ms)
✓ should require token
POST /tenant/verify
✓ should verify valid token (422ms)
✓ should respond with error for incorrect token (427ms)
✓ should require token
Users
POST /user
✓ should create user (210ms)
✓ should create user when additional fields are present in request (209ms)
✓ should create user when additional fields are present in request (209ms)
✓ should validate email
✓ should require email
✓ should require login
✓ should require password
✓ should require sub
DELETE /user
✓ should delete user (209ms)
✓ should respond with 404 code if login is not found (42ms)
✓ should require login
Auth Middleware
Test Auth
✓ should require Authorization header
✓ should require Bearer
✓ should not auth incorrect token
✓ should not authorize non-tenant user
✓ should authorize tenant
IP whitelist filter
Test filter
✓ should respond with 403 if IP is not in whitelist
✓ should allow request if IP is in whitelist
Request Throttler
Test throttler
✓ should throttle
✓ should throttle white list IP
jwtService
#generate
✓ should return token
#verify
✓ should verify token
✓ should verify token
keyService
#set
✓ should create session
#get
✓ should return session
#delete
✓ should delete session
storageService
#set
✓ should return "OK"
#get
✓ should return value
✓ should return null
#expire
✓ should return 1
✓ should return 0
#del
✓ should return 1
✓ should return 0
tenantService
#create
✓ should create new tenant (220ms)
#login
✓ should login tenant and return valid token (424ms)
userService
#create
✓ should create new user (221ms)
#get
✓ should return user
74 passing (16s)
------------------------|----------|----------|----------|----------|----------------|
File | % Stmts | % Branch | % Funcs | % Lines |Uncovered Lines |
------------------------|----------|----------|----------|----------|----------------|
All files | 98.47 | 81.73 | 100 | 98.37 | |
src | 95.77 | 73.33 | 100 | 95.71 | |
app.ts | 90 | 62.5 | 100 | 89.66 | 16,17,20 |
config.ts | 100 | 77.27 | 100 | 100 | |
ioc.container.ts | 100 | 100 | 100 | 100 | |
src/controllers | 98.94 | 90 | 100 | 98.86 | |
jwt.controller.ts | 97.56 | 90 | 100 | 97.44 | 67 |
tenant.controller.ts | 100 | 87.5 | 100 | 100 | |
user.controller.ts | 100 | 100 | 100 | 100 | |
src/middlewares | 97.53 | 88.24 | 100 | 97.53 | |
auth.ts | 100 | 100 | 100 | 100 | |
ip.whitelist.ts | 91.67 | 66.67 | 100 | 91.67 | 28 |
request.throttler.ts | 95.65 | 80 | 100 | 95.65 | 57 |
request.validation.ts | 100 | 100 | 100 | 100 | |
src/services | 100 | 75 | 100 | 100 | |
jwt.service.ts | 100 | 100 | 100 | 100 | |
key.service.ts | 100 | 100 | 100 | 100 | |
storage.service.ts | 100 | 50 | 100 | 100 | |
tenant.service.ts | 100 | 100 | 100 | 100 | |
user.service.ts | 100 | 100 | 100 | 100 | |
------------------------|----------|----------|----------|----------|----------------|
=============================== Coverage summary ===============================
Statements : 98.47% ( 385/391 )
Branches : 81.73% ( 85/104 )
Functions : 100% ( 74/74 )
Lines : 98.37% ( 363/369 )
================================================================================
4.send curl request.
curl --include \
--request POST \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data-binary "{
\"email\": \"[email protected]\",
\"password\": \"Password2\"
}" \
'http://auth:3000/tenant'
I got 'curl: (52) Empty reply from server'.
By the way, the docs say the API endpoint is: http://auth:3000/,is my DNS setup steps correct?
Thanks
List users for tenant endpoint
List users of tenant who requested GET /user endpoint.
API security Audit and fixes
Review API and fix obvious security issues according to checklist
Add this checklist to repo's README file.
Add pagination for GET /user endpoint
Add validation middleware for all endpoints.
Add validation middleware for all endpoints.
Fix develop docker-compose. Rename image. Add instructions to Readme.
The field "sub" in documentation is missed.
Endpoint: /user POST.
Do not invalidate tenant token when tenant logs in from another device?
Remove password from POST /user endpoint response.
Get users from empty account exception
If tenant has no users, and trying get users list backend throws an exception
ReplyError: ERR wrong number of arguments for 'mget' command
at parseError (/usr/src/app/node_modules/redis-parser/lib/parser.js:193:12)
at parseType (/usr/src/app/node_modules/redis-parser/lib/parser.js:303:14)
Expected behavior - backend responds with an empty array
Fix docs for /tenant/logout endpoint
It tells that accessToken required in request body but it actually needs token
Add possibility to register and authenticate tenants separately from end users.
Add possibility to register and authenticate tenants separately from end users.
Investigate crash.
[email protected] serve /usr/src/app
node ./dist/bin/www.js
events.js:160
throw er; // Unhandled 'error' event
^
ReplyError: Ready check failed: ERR max number of clients reached
at parseError (/usr/src/app/node_modules/redis-parser/lib/parser.js:193:12)
at parseType (/usr/src/app/node_modules/redis-parser/lib/parser.js:303:14)
npm ERR! Linux 4.9.36-x86_64-linode85
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "run" "serve"
npm ERR! node v6.11.0
npm ERR! npm v3.10.10
npm ERR! code ELIFECYCLE
npm ERR! [email protected] serve: node ./dist/bin/www.js
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] serve script 'node ./dist/bin/www.js'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the auth package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! node ./dist/bin/www.js
npm ERR! You can get information on how to open an issue for this project with:
npm ERR! npm bugs auth
npm ERR! Or if that isn't available, you can get their info via:
npm ERR! npm owner ls auth
npm ERR! There is likely additional logging output above.
npm ERR! Please include the following file with any support request:
npm ERR! /usr/src/app/npm-debug.log
Need to improve docker image for passing envs through files
Docker has ability to use "secrets", for an example it could be using for AUTH_JWT env. But docker mount secrets as files. That's why need to use suffix _FILE (for env below it will be AUTH_JWT_FILE). An entrypoint script parse envs and detects _FILE prefix in name, read pointed file and export new env without _FILE suffix.
Add jwt to response after sign-up request
Update packages
Add `message` field on sign in/sign up errors
Allow additional fields on user creation requests.
Allow additional fields on user creation requests. E.g. employeeId and others.
Able to invalidate user's jwt
Add /tenant/verify endpoint to verify tenant JWTs.
Document Auth service API. Fix and add tests.
Document Auth service API. Fix and add tests.
Add white list of IPs which can create tenants.
Add white list of IPs which can create tenants.
Fix travis.yml
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.