@boxyhq/saml-jackson 0.1.5-beta.93 → 0.1.5-beta.97

package/README.md

@@ -105,7 +105,7 @@ docker run -p 5000:5000 -p 6000:6000 boxyhq/jackson:78e9099d
 ```
 
 # Database Support
-Jackson currently supports SQL databases (Postgres, CockroachDB, MySQL and MariaDB), MongoDB and Redis.
+Jackson currently supports SQL databases (Postgres, CockroachDB, MySQL, and MariaDB), MongoDB, and Redis.
 
 # Configuration
 Configuration is done via env vars (and in the case of the npm library via an options object). The following options are supported and will have to be configured during deployment:
@@ -114,7 +114,7 @@ Configuration is done via env vars (and in the case of the npm library via an op
 - EXTERNAL_URL (npm: externalUrl): The public URL to reach this service, used internally for documenting the SAML configuration instructions. Defaults to `http://{HOST_URL}:{HOST_PORT}` for Jackson service, required for npm library
 - INTERNAL_HOST_URL: The URL to bind to expose the internal APIs, defaults to `localhost`. Do not configure this to a public network
 - INTERNAL_HOST_PORT: The port to bind to for the internal APIs, defaults to `6000`
-- SAML_AUDIENCE (npm: samlAudience): This is just an identitifer to validate the SAML audience, this value will also get configured in the SAML apps created by your customers. Once set do not change this value unless you get your customers to reconfigure their SAML again. Defaults to `https://saml.boxyhq.com` and is case sensitive. This does not have be a real URL
+- SAML_AUDIENCE (npm: samlAudience): This is just an identifier to validate the SAML audience, this value will also get configured in the SAML apps created by your customers. Once set do not change this value unless you get your customers to reconfigure their SAML again. Defaults to `https://saml.boxyhq.com` and is case sensitive. This does not have to be a real URL
 - IDP_ENABLED (npm: idpEnabled): Set to `true` to enable IdP initiated login for SAML. SP initiated login is the only recommended flow but you might have to support IdP login at times. Defaults to `false`
 - DB_ENGINE (npm: db.engine): Supported values are `redis`, `sql`, `mongo`, `mem`. Defaults to `sql`
 - DB_URL (npm: db.url): The database URL to connect to, for example `postgres://postgres:postgres@localhost:5450/jackson`
@@ -167,7 +167,7 @@ curl --location --request POST 'http://localhost:6000/api/v1/saml/config' \
 - rawMetadata: The XML metadata file your customer gets from their Identity Provider
 - defaultRedirectUrl: The redirect URL to use in the IdP login flow. Jackson will call this URL after completing an IdP login flow
 - redirectUrl: JSON encoded array containing a list of allowed redirect URLs. Jackson will disallow any redirects not on this list (or not the default URL above)
-- tenant: Jackson supports a multi-tenant architecture, this is a unique identifier you set from your side that relates back to your customer's tenant. This is normally an email, domain, an account id, or user id
+- tenant: Jackson supports a multi-tenant architecture, this is a unique identifier you set from your side that relates back to your customer's tenant. This is normally an email, domain, an account id, or user-id
 - product: Jackson support multiple products, this is a unique identifier you set from your side that relates back to the product your customer is using
 
 The response returns a JSON with `client_id` and `client_secret` that can be stored against your tenant and product for a more secure OAuth 2.0 flow. If you do not want to store the `client_id` and `client_secret` you can alternatively use `client_id=tentant=<tenantID>&product=<productID>` and any arbitrary value for `client_secret` when setting up the OAuth 2.0 flow.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.1.5-beta.93",
+  "version": "0.1.5-beta.97",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "src/index.js",
@@ -32,27 +32,27 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "0.2.0",
-    "@peculiar/webcrypto": "1.1.7",
-    "@peculiar/x509": "1.4.1",
+    "@peculiar/webcrypto": "1.2.2",
+    "@peculiar/x509": "1.6.0",
     "cors": "2.8.5",
     "express": "4.17.1",
-    "mongodb": "4.1.3",
-    "mysql2": "^2.3.3-rc.0",
+    "mongodb": "4.2.0",
+    "mysql2": "2.3.3",
     "pg": "8.7.1",
     "rambda": "6.9.0",
-    "redis": "4.0.0-rc.3",
+    "redis": "4.0.0-rc.4",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
     "thumbprint": "0.0.1",
-    "typeorm": "0.2.38",
+    "typeorm": "0.2.41",
     "xml-crypto": "2.1.3",
     "xml2js": "0.4.23",
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
     "cross-env": "7.0.3",
-    "eslint": "^8.2.0",
-    "nodemon": "2.0.13",
-    "tap": "15.0.10"
+    "eslint": "8.3.0",
+    "nodemon": "2.0.15",
+    "tap": "15.1.2"
   }
 }

package/src/db/sql/entity/JacksonIndex.js

@@ -13,9 +13,11 @@ module.exports = new EntitySchema({
     },
     key: {
       type: 'varchar',
+      length: 1500,
     },
     storeKey: {
       type: 'varchar',
+      length: 1500,
     }
   },
   relations: {

package/src/db/sql/entity/JacksonStore.js

@@ -1,20 +1,36 @@
 const EntitySchema = require('typeorm').EntitySchema;
 const JacksonStore = require('../model/JacksonStore.js');
 
-module.exports = new EntitySchema({
-  name: 'JacksonStore',
-  target: JacksonStore,
-  columns: {
-    key: {
-      primary: true,
-      type: 'varchar',
-    },
-    value: {
-      type: 'varchar',
+const valueType = (type) => {
+  switch (type) {
+    case 'postgres':
+    case 'cockroachdb':
+      return 'text';
+    case 'mysql':
+    case 'mariadb':
+      return 'mediumtext';
+    default:
+      return 'varchar';
+  }
+};
+
+module.exports = (type) => {
+  return new EntitySchema({
+    name: 'JacksonStore',
+    target: JacksonStore,
+    columns: {
+      key: {
+        primary: true,
+        type: 'varchar',
+        length: 1500,
+      },
+      value: {
+        type: valueType(type),
+      },
+      expiresAt: {
+        type: 'bigint',
+        nullable: true,
+      },
     },
-    expiresAt: {
-      type: 'bigint',
-      nullable: true,
-    }
-  },
-});
+  });
+};

package/src/db/sql/sql.js

@@ -8,17 +8,28 @@ const dbutils = require('../utils.js');
 class Sql {
   constructor(options) {
     return (async () => {
-      this.connection = await typeorm.createConnection({
-        name: options.type,
-        type: options.type,
-        url: options.url,
-        synchronize: true,
-        logging: false,
-        entities: [
-          require('./entity/JacksonStore.js'),
-          require('./entity/JacksonIndex.js'),
-        ],
-      });
+      while (true) {
+        try {
+          this.connection = await typeorm.createConnection({
+            name: options.type,
+            type: options.type,
+            url: options.url,
+            synchronize: true,
+            migrationsTableName: '_jackson_migrations',
+            logging: false,
+            entities: [
+              require('./entity/JacksonStore.js')(options.type),
+              require('./entity/JacksonIndex.js'),
+            ],
+          });
+
+          break;
+        } catch (err) {
+          console.error(`error connecting to ${options.type} db: ${err}`);
+          await dbutils.sleep(1000);
+          continue;
+        }
+      }
 
       this.storeRepository = this.connection.getRepository(JacksonStore);
       this.indexRepository = this.connection.getRepository(JacksonIndex);
@@ -45,7 +56,9 @@ class Sql {
 
         this.timerId = setTimeout(this.ttlCleanup, options.ttl * 1000);
       } else {
-        console.log('Warning: ttl cleanup not enabled, set both "ttl" and "limit" options to enable it!')
+        console.log(
+          'Warning: ttl cleanup not enabled, set both "ttl" and "limit" options to enable it!'
+        );
       }
 
       return this;

package/src/db/utils.js

@@ -16,14 +16,15 @@ const keyFromParts = (...parts) => {
   return parts.join(':'); // TODO: pick a better strategy, keys can collide now
 };
 
+const sleep = (ms) => {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+};
+
 module.exports = {
   key,
-
   keyForIndex,
-
   keyDigest,
-
   keyFromParts,
-
+  sleep,
   indexPrefix: '_index',
 };

package/src/index.js

@@ -56,7 +56,8 @@ module.exports = async function (opts) {
     }
   }
 
-  console.log(`Using engine: ${opts.db.engine}`);
+  const type = opts.db.type ? ' Type: ' + opts.db.type : '';
+  console.log(`Using engine: ${opts.db.engine}.${type}`);
 
   return {
     apiController,

package/src/saml/saml.js

@@ -141,20 +141,12 @@ module.exports = {
           let X509Certificate = null;
           let ssoPostUrl = null;
           let ssoRedirectUrl = null;
-          let loginType = 'idp';
 
-          let ssoDes = rambda.pathOr(
-            null,
+          const ssoDes = rambda.pathOr(
+            [],
             'EntityDescriptor.IDPSSODescriptor',
             res
           );
-          if (!ssoDes) {
-            ssoDes = rambda.pathOr([], 'EntityDescriptor.SPSSODescriptor', res);
-            if (!ssoDes) {
-              loginType = 'sp';
-            }
-          }
-
           for (const ssoDesRec of ssoDes) {
             const keyDes = ssoDesRec['KeyDescriptor'];
             for (const keyDesRec of keyDes) {
@@ -165,10 +157,7 @@ module.exports = {
               }
             }
 
-            const ssoSvc =
-              ssoDesRec['SingleSignOnService'] ||
-              ssoDesRec['AssertionConsumerService'] ||
-              [];
+            const ssoSvc = ssoDesRec['SingleSignOnService'] || [];
             for (const ssoSvcRec of ssoSvc) {
               if (
                 rambda.pathOr('', '$.Binding', ssoSvcRec).endsWith('HTTP-POST')
@@ -199,7 +188,6 @@ module.exports = {
           if (ssoRedirectUrl) {
             ret.sso.redirectUrl = ssoRedirectUrl;
           }
-          ret.loginType = loginType;
 
           resolve(ret);
         }