@boxyhq/saml-jackson 0.2.4-beta.198 → 0.3.0-beta.248

package/src/db/sql/entity/JacksonTTL.js

@@ -1,23 +0,0 @@
-const EntitySchema = require('typeorm').EntitySchema;
-const JacksonTTL = require('../model/JacksonTTL.js');
-
-module.exports = new EntitySchema({
-  name: 'JacksonTTL',
-  target: JacksonTTL,
-  columns: {
-    key: {
-      primary: true,
-      type: 'varchar',
-      length: 1500,
-    },
-    expiresAt: {
-      type: 'bigint',
-    },
-  },
-  indices: [
-    {
-      name: '_jackson_ttl_expires_at',
-      columns: ['expiresAt'],
-    },
-  ],
-});

package/src/db/sql/model/JacksonIndex.js

@@ -1,9 +0,0 @@
-/*export */ class JacksonIndex {
-  constructor(id, key, store) {
-    this.id = id;
-    this.key = key;
-    this.store = store;
-  }
-}
-
-module.exports = JacksonIndex;

package/src/db/sql/model/JacksonStore.js

@@ -1,10 +0,0 @@
-/*export */ class JacksonStore {
-  constructor(key, value, iv, tag) {
-    this.key = key;
-    this.value = value;
-    this.iv = iv;
-    this.tag = tag;
-  }
-}
-
-module.exports = JacksonStore;

package/src/db/sql/model/JacksonTTL.js

@@ -1,8 +0,0 @@
-/*export */ class JacksonTTL {
-  constructor(key, expiresAt) {
-    this.key = key;
-    this.expiresAt = expiresAt;
-  }
-}
-
-module.exports = JacksonTTL;

package/src/db/sql/sql.js

@@ -1,153 +0,0 @@
-/*eslint no-constant-condition: ["error", { "checkLoops": false }]*/
-
-require('reflect-metadata');
-const typeorm = require('typeorm');
-const JacksonStore = require('./model/JacksonStore.js');
-const JacksonIndex = require('./model/JacksonIndex.js');
-const JacksonTTL = require('./model/JacksonTTL.js');
-
-const dbutils = require('../utils.js');
-
-class Sql {
-  constructor(options) {
-    return (async () => {
-      while (true) {
-        try {
-          this.connection = await typeorm.createConnection({
-            name: options.type + Math.floor(Math.random() * 100000),
-            type: options.type,
-            url: options.url,
-            synchronize: true,
-            migrationsTableName: '_jackson_migrations',
-            logging: false,
-            entities: [
-              require('./entity/JacksonStore.js')(options.type),
-              require('./entity/JacksonIndex.js'),
-              require('./entity/JacksonTTL.js'),
-            ],
-          });
-
-          break;
-        } catch (err) {
-          console.error(`error connecting to ${options.type} db: ${err}`);
-          await dbutils.sleep(1000);
-          continue;
-        }
-      }
-
-      this.storeRepository = this.connection.getRepository(JacksonStore);
-      this.indexRepository = this.connection.getRepository(JacksonIndex);
-      this.ttlRepository = this.connection.getRepository(JacksonTTL);
-
-      if (options.ttl && options.cleanupLimit) {
-        this.ttlCleanup = async () => {
-          const now = Date.now();
-
-          while (true) {
-            const ids = await this.ttlRepository
-              .createQueryBuilder('jackson_ttl')
-              .limit(options.cleanupLimit)
-              .where('jackson_ttl.expiresAt <= :expiresAt', { expiresAt: now })
-              .getMany();
-
-            if (ids.length <= 0) {
-              break;
-            }
-
-            const delIds = ids.map((id) => {
-              return id.key;
-            });
-
-            await this.storeRepository.remove(ids);
-            await this.ttlRepository.delete(delIds);
-          }
-
-          this.timerId = setTimeout(this.ttlCleanup, options.ttl * 1000);
-        };
-
-        this.timerId = setTimeout(this.ttlCleanup, options.ttl * 1000);
-      } else {
-        console.log(
-          'Warning: ttl cleanup not enabled, set both "ttl" and "cleanupLimit" options to enable it!'
-        );
-      }
-
-      return this;
-    })();
-  }
-
-  async get(namespace, key) {
-    let res = await this.storeRepository.findOne({
-      key: dbutils.key(namespace, key),
-    });
-
-    if (res && res.value) {
-      return {
-        value: res.value,
-        iv: res.iv,
-        tag: res.tag,
-      };
-    }
-
-    return null;
-  }
-
-  async getByIndex(namespace, idx) {
-    const res = await this.indexRepository.find({
-      key: dbutils.keyForIndex(namespace, idx),
-    });
-
-    const ret = [];
-
-    if (res) {
-      res.forEach((r) => {
-        ret.push({
-          value: r.store.value,
-          iv: r.store.iv,
-          tag: r.store.tag,
-        });
-      });
-    }
-
-    return ret;
-  }
-
-  async put(namespace, key, val, ttl = 0, ...indexes) {
-    await this.connection.transaction(async (transactionalEntityManager) => {
-      const dbKey = dbutils.key(namespace, key);
-      const store = new JacksonStore(dbKey, val.value, val.iv, val.tag);
-      await transactionalEntityManager.save(store);
-
-      if (ttl) {
-        const ttlRec = new JacksonTTL(dbKey, Date.now() + ttl * 1000);
-        await transactionalEntityManager.save(ttlRec);
-      }
-
-      // no ttl support for secondary indexes
-      for (const idx of indexes || []) {
-        const key = dbutils.keyForIndex(namespace, idx);
-        const rec = await this.indexRepository.findOne({
-          key,
-          storeKey: store.key,
-        });
-        if (!rec) {
-          await transactionalEntityManager.save(
-            new JacksonIndex(0, key, store)
-          );
-        }
-      }
-    });
-  }
-
-  async delete(namespace, key) {
-    return await this.storeRepository.remove({
-      key: dbutils.key(namespace, key),
-    });
-  }
-}
-
-module.exports = {
-  new: async (options) => {
-    return new Sql(options);
-  },
-};

package/src/db/store.js

@@ -1,42 +0,0 @@
-const dbutils = require('./utils.js');
-
-class Store {
-  constructor(namespace, db, ttl = 0) {
-    this.namespace = namespace;
-    this.db = db;
-    this.ttl = ttl;
-  }
-
-  async get(key) {
-    return await this.db.get(this.namespace, dbutils.keyDigest(key));
-  }
-
-  async getByIndex(idx) {
-    idx.value = dbutils.keyDigest(idx.value);
-    return await this.db.getByIndex(this.namespace, idx);
-  }
-
-  async put(key, val, ...indexes) {
-    indexes = (indexes || []).map((idx) => {
-      idx.value = dbutils.keyDigest(idx.value);
-      return idx;
-    });
-    return await this.db.put(
-      this.namespace,
-      dbutils.keyDigest(key),
-      val,
-      this.ttl,
-      ...indexes
-    );
-  }
-
-  async delete(key) {
-    return await this.db.delete(this.namespace, dbutils.keyDigest(key));
-  }
-}
-
-module.exports = {
-  new: (namespace, db, ttl = 0) => {
-    return new Store(namespace, db, ttl);
-  },
-};

package/src/db/utils.js

@@ -1,30 +0,0 @@
-const Ripemd160 = require('ripemd160');
-
-const key = (namespace, k) => {
-  return namespace + ':' + k;
-};
-
-const keyForIndex = (namespace, idx) => {
-  return key(key(namespace, idx.name), idx.value);
-};
-
-const keyDigest = (k) => {
-  return new Ripemd160().update(k).digest('hex');
-};
-
-const keyFromParts = (...parts) => {
-  return parts.join(':'); // TODO: pick a better strategy, keys can collide now
-};
-
-const sleep = (ms) => {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-};
-
-module.exports = {
-  key,
-  keyForIndex,
-  keyDigest,
-  keyFromParts,
-  sleep,
-  indexPrefix: '_index',
-};

package/src/env.js

@@ -1,39 +0,0 @@
-const hostUrl = process.env.HOST_URL || 'localhost';
-const hostPort = (process.env.HOST_PORT || '5000') * 1;
-const externalUrl =
-  process.env.EXTERNAL_URL || 'http://' + hostUrl + ':' + hostPort;
-const samlPath = process.env.SAML_PATH || '/oauth/saml';
-
-const internalHostUrl = process.env.INTERNAL_HOST_URL || 'localhost';
-const internalHostPort = (process.env.INTERNAL_HOST_PORT || '6000') * 1;
-
-const apiKeys = (process.env.JACKSON_API_KEYS || '').split(',');
-
-const samlAudience = process.env.SAML_AUDIENCE;
-const preLoadedConfig = process.env.PRE_LOADED_CONFIG;
-
-const idpEnabled = process.env.IDP_ENABLED;
-const db = {
-  engine: process.env.DB_ENGINE,
-  url: process.env.DB_URL,
-  type: process.env.DB_TYPE,
-  ttl: process.env.DB_TTL,
-  encryptionKey: process.env.DB_ENCRYPTION_KEY,
-};
-
-module.exports = {
-  hostUrl,
-  hostPort,
-  externalUrl,
-  samlPath,
-  samlAudience,
-  preLoadedConfig,
-  internalHostUrl,
-  internalHostPort,
-  apiKeys,
-  idpEnabled,
-  db,
-  useInternalServer: !(
-    hostUrl === internalHostUrl && hostPort === internalHostPort
-  ),
-};

package/src/index.js

@@ -1,67 +0,0 @@
-const DB = require('./db/db.js');
-const readConfig = require('./read-config.js');
-
-const defaultOpts = (opts) => {
-  const newOpts = {
-    ...opts,
-  };
-
-  if (!newOpts.externalUrl) {
-    throw new Error('externalUrl is required');
-  }
-  if (!newOpts.samlPath) {
-    throw new Error('samlPath is required');
-  }
-
-  newOpts.samlAudience = newOpts.samlAudience || 'https://saml.boxyhq.com';
-  newOpts.preLoadedConfig = newOpts.preLoadedConfig || ''; // path to folder containing static SAML config that will be preloaded. This is useful for self-hosted deployments that only have to support a single tenant (or small number of known tenants).
-  newOpts.idpEnabled = newOpts.idpEnabled === true;
-  newOpts.db = newOpts.db || {};
-  newOpts.db.engine = newOpts.db.engine || 'sql'; // Supported values: redis, sql, mongo, mem. Keep comment in sync with db.js
-  newOpts.db.url =
-    newOpts.db.url || 'postgresql://postgres:postgres@localhost:5432/postgres';
-  newOpts.db.type = newOpts.db.type || 'postgres'; // Only needed if DB_ENGINE is sql. Supported values: postgres, cockroachdb, mysql, mariadb
-  newOpts.db.ttl = (newOpts.db.ttl || 300) * 1; // TTL for the code, session and token stores (in seconds)
-  newOpts.db.cleanupLimit = (newOpts.db.cleanupLimit || 1000) * 1; // Limit cleanup of TTL entries to this many items at a time
-
-  return newOpts;
-};
-
-module.exports = async function (opts) {
-  opts = defaultOpts(opts);
-
-  const db = await DB.new(opts.db);
-  const configStore = db.store('saml:config');
-  const sessionStore = db.store('oauth:session', opts.db.ttl);
-  const codeStore = db.store('oauth:code', opts.db.ttl);
-  const tokenStore = db.store('oauth:token', opts.db.ttl);
-
-  const apiController = require('./controller/api.js')({ configStore });
-  const oauthController = require('./controller/oauth.js')({
-    configStore,
-    sessionStore,
-    codeStore,
-    tokenStore,
-    opts,
-  });
-  // write pre-loaded config if present
-  if (opts.preLoadedConfig && opts.preLoadedConfig.length > 0) {
-    const configs = await readConfig(opts.preLoadedConfig);
-
-    for (const config of configs) {
-      await apiController.config(config);
-      console.log(
-        `loaded config for tenant "${config.tenant}" and product "${config.product}"`
-      );
-    }
-  }
-
-  const type =
-    opts.db.engine === 'sql' && opts.db.type ? ' Type: ' + opts.db.type : '';
-  console.log(`Using engine: ${opts.db.engine}.${type}`);
-
-  return {
-    apiController,
-    oauthController,
-  };
-};

package/src/jackson.js

@@ -1,161 +0,0 @@
-const express = require('express');
-const cors = require('cors');
-
-const env = require('./env.js');
-const { extractAuthToken } = require('./controller/utils.js');
-
-let apiController;
-let oauthController;
-
-const oauthPath = '/oauth';
-const apiPath = '/api/v1/saml';
-
-const app = express();
-
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
-app.get(oauthPath + '/authorize', async (req, res) => {
-  try {
-    const { redirect_url } = await oauthController.authorize(req.query);
-
-    res.redirect(redirect_url);
-  } catch (err) {
-    const { message, statusCode = 500 } = err;
-
-    res.status(statusCode).send(message);
-  }
-});
-
-app.post(env.samlPath, async (req, res) => {
-  try {
-    const { redirect_url } = await oauthController.samlResponse(req.body);
-
-    res.redirect(redirect_url);
-  } catch (err) {
-    const { message, statusCode = 500 } = err;
-
-    res.status(statusCode).send(message);
-  }
-});
-
-app.post(oauthPath + '/token', cors(), async (req, res) => {
-  try {
-    const result = await oauthController.token(req.body);
-
-    res.json(result);
-  } catch (err) {
-    const { message, statusCode = 500 } = err;
-
-    res.status(statusCode).send(message);
-  }
-});
-
-app.get(oauthPath + '/userinfo', async (req, res) => {
-  try {
-    let token = extractAuthToken(req);
-
-    // check for query param
-    if (!token) {
-      token = req.query.access_token;
-    }
-
-    if (!token) {
-      res.status(401).json({ message: 'Unauthorized' });
-    }
-
-    const profile = await oauthController.userInfo(token);
-
-    res.json(profile);
-  } catch (err) {
-    const { message, statusCode = 500 } = err;
-
-    res.status(statusCode).json({ message });
-  }
-});
-
-const server = app.listen(env.hostPort, async () => {
-  console.log(
-    `🚀 The path of the righteous server: http://${env.hostUrl}:${env.hostPort}`
-  );
-
-  const ret = await require('./index.js')(env);
-  apiController = ret.apiController;
-  oauthController = ret.oauthController;
-});
-
-// Internal routes, recommended not to expose this to the public interface though it would be guarded by API key(s)
-let internalApp = app;
-
-if (env.useInternalServer) {
-  internalApp = express();
-
-  internalApp.use(express.json());
-  internalApp.use(express.urlencoded({ extended: true }));
-}
-
-const validateApiKey = (token) => {
-  return env.apiKeys.includes(token);
-};
-
-internalApp.post(apiPath + '/config', async (req, res) => {
-  try {
-    const apiKey = extractAuthToken(req);
-    if (!validateApiKey(apiKey)) {
-      res.status(401).send('Unauthorized');
-      return;
-    }
-
-    res.json(await apiController.config(req.body));
-  } catch (err) {
-    res.status(500).json({
-      error: err.message,
-    });
-  }
-});
-
-internalApp.get(apiPath + '/config', async (req, res) => {
-  try {
-    const apiKey = extractAuthToken(req);
-    if (!validateApiKey(apiKey)) {
-      res.status(401).send('Unauthorized');
-      return;
-    }
-
-    res.json(await apiController.getConfig(req.query));
-  } catch (err) {
-    res.status(500).json({
-      error: err.message,
-    });
-  }
-});
-
-internalApp.delete(apiPath + '/config', async (req, res) => {
-  try {
-    const apiKey = extractAuthToken(req);
-    if (!validateApiKey(apiKey)) {
-      res.status(401).send('Unauthorized');
-      return;
-    }
-    await apiController.deleteConfig(req.body);
-    res.status(200).end();
-  } catch (err) {
-    res.status(500).json({
-      error: err.message,
-    });
-  }
-});
-
-let internalServer = server;
-if (env.useInternalServer) {
-  internalServer = internalApp.listen(env.internalHostPort, async () => {
-    console.log(
-      `🚀 The path of the righteous internal server: http://${env.internalHostUrl}:${env.internalHostPort}`
-    );
-  });
-}
-
-module.exports = {
-  server,
-  internalServer,
-};

package/src/read-config.js

@@ -1,24 +0,0 @@
-const fs = require('fs');
-const path = require('path');
-
-module.exports = async function (preLoadedConfig) {
-  if (preLoadedConfig.startsWith('./')) {
-    preLoadedConfig = path.resolve(process.cwd(), preLoadedConfig);
-  }
-  const files = await fs.promises.readdir(preLoadedConfig);
-  const configs = [];
-  for (let idx in files) {
-    const file = files[idx];
-    if (file.endsWith('.js')) {
-      const config = require(path.join(preLoadedConfig, file));
-      const rawMetadata = await fs.promises.readFile(
-        path.join(preLoadedConfig, path.parse(file).name + '.xml'),
-        'utf8'
-      );
-      config.rawMetadata = rawMetadata;
-      configs.push(config);
-    }
-  }
-
-  return configs;
-};

package/src/saml/claims.js

@@ -1,40 +0,0 @@
-const mapping = [
-  {
-    attribute: 'id',
-    schema:
-      'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier',
-  },
-  {
-    attribute: 'email',
-    schema:
-      'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
-  },
-  {
-    attribute: 'firstName',
-    schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
-  },
-  {
-    attribute: 'lastName',
-    schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
-  },
-];
-
-const map = (claims) => {
-  const profile = {
-    raw: claims,
-  };
-
-  mapping.forEach((m) => {
-    if (claims[m.attribute]) {
-      profile[m.attribute] = claims[m.attribute];
-    } else if (claims[m.schema]) {
-      profile[m.attribute] = claims[m.schema];
-    }
-  });
-
-  return profile;
-};
-
-module.exports = {
-  map,
-};