@boxyhq/saml-jackson 0.2.4 → 0.3.0-beta.246

package/.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Questions
-    url: https://github.com/boxyhq/jackson/discussions
-    about: Ask a general question about the project on our GitHub Discussion page

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,43 +0,0 @@
----
-name: Feature request
-about: Suggest a feature or idea
-title: ""
-labels: enhancement
-assignees: ""
----
-
-> Please check if your Feature Request has not been already raised in the [Discussions Tab](https://github.com/boxyhq/jackson/discussions), as we would like to reduce duplicates. If it has been already raised, simply upvote it 🔼.
-
-### Is your proposal related to a problem?
-
-<!--
-  Provide a clear and concise description of what the problem is.
-  For example, "I'm always frustrated when..."
--->
-
-(Write your answer here.)
-
-### Describe the solution you'd like
-
-<!--
-  Provide a clear and concise description of what you want to happen.
--->
-
-(Describe your proposed solution here.)
-
-### Describe alternatives you've considered
-
-<!--
-  Let us know about other solutions you've tried or researched.
--->
-
-(Write your answer here.)
-
-### Additional context
-
-<!--
-  Is there anything else you can add about the proposal?
-  You might want to link to related issues here, if you haven't already.
--->
-
-(Write your answer here.)

package/.github/pull_request_template.md

@@ -1,31 +0,0 @@
-## What does this PR do?
-
-<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
-
-Fixes # (issue)
-
-## Type of change
-
-<!-- Please delete options that are not relevant. -->
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
-- [ ] This change requires a documentation update
-
-## How should this be tested?
-
-<!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -->
-
-- [ ] Test A
-- [ ] Test B
-
-## Checklist:
-
-- [ ] My code follows the style guidelines of this project
-- [ ] I have performed a self-review of my own code and corrected any misspellings
-- [ ] I have commented my code, particularly in hard-to-understand areas
-- [ ] I have made corresponding changes to the documentation
-- [ ] My changes generate no new warnings
-- [ ] I have added tests that prove my fix is effective or that my feature works
-- [ ] New and existing unit tests pass locally with my changes

package/.github/workflows/codesee-arch-diagram.yml

@@ -1,81 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-
-name: CodeSee Map
-
-jobs:
-  test_map_action:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    name: Run CodeSee Map Analysis
-    steps:
-      - name: checkout
-        id: checkout
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: ${{ github.event.pull_request.head.ref }}
-          fetch-depth: 0
-
-      # codesee-detect-languages has an output with id languages.
-      - name: Detect Languages
-        id: detect-languages
-        uses: Codesee-io/codesee-detect-languages-action@latest
-
-      - name: Configure JDK 16
-        uses: actions/setup-java@v2
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).java }}
-        with:
-          java-version: '16'
-          distribution: 'zulu'
-
-      # CodeSee Maps Go support uses a static binary so there's no setup step required.
-
-      - name: Configure Node.js 14
-        uses: actions/setup-node@v2
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).javascript }}
-        with:
-          node-version: '14'
-
-      - name: Configure Python 3.x
-        uses: actions/setup-python@v2
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).python }}
-        with:
-          python-version: '3.x'
-          architecture: 'x64'
-
-      - name: Configure Ruby '3.x'
-        uses: ruby/setup-ruby@v1
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).ruby }}
-        with:
-          ruby-version: '3.0'
-
-      # CodeSee Maps Rust support uses a static binary so there's no setup step required.
-
-      - name: Generate Map
-        id: generate-map
-        uses: Codesee-io/codesee-map-action@latest
-        with:
-          step: map
-          github_ref: ${{ github.ref }}
-          languages: ${{ steps.detect-languages.outputs.languages }}
-
-      - name: Upload Map
-        id: upload-map
-        uses: Codesee-io/codesee-map-action@latest
-        with:
-          step: mapUpload
-          api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }}
-          github_ref: ${{ github.ref }}
-      
-      - name: Insights
-        id: insights
-        uses: Codesee-io/codesee-map-action@latest
-        with:
-          step: insights
-          api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }}
-          github_ref: ${{ github.ref }}

package/.github/workflows/main.yml

@@ -1,123 +0,0 @@
-# This is a basic workflow to help you get started with Actions
-
-name: CI
-
-# Controls when the workflow will run
-on:
-  # Triggers the workflow on push or pull request events but only for the main branch
-  push:
-    branches:
-      - '*'
-  pull_request:
-    types: [opened, synchronize, reopened]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [16.x]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
-    services:
-      postgres:
-        image: postgres:13
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_PASSWORD: ""
-          POSTGRES_HOST_AUTH_METHOD: "trust"
-        # Set health checks to wait until postgres has started
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      redis:
-        image: redis:6.2.5-alpine
-        ports:
-          - 6379:6379
-      mongo:
-        image: mongo:4.4.10
-        ports:
-          - 27017:27017
-      mysql:
-        image: mysql:5.7
-        ports:
-          - 3307:3306
-        env:
-          MYSQL_DATABASE: mysql
-          MYSQL_ROOT_PASSWORD: mysql
-      maria:
-        image: mariadb:10.4.22
-        ports:
-          - 3306:3306
-        env:
-          MARIADB_DATABASE: mysql
-          MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"
-          
-    steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
-      with:
-        always-auth: true
-        node-version: ${{ matrix.node-version }}
-        registry-url: https://registry.npmjs.org
-        scope: '@boxyhq'
-        cache: 'npm'
-    - run: npm ci
-    - run: npm run test
-    - run: |
-        publishTag="latest"
-        if [[ "$GITHUB_REF" == *\/release ]]
-        then
-          echo "Release branch"
-        else
-          echo "Dev branch"
-          publishTag="beta"
-          versionSuffixTag="-beta.${GITHUB_RUN_NUMBER}"
-          sed "s/\(^[ ]*\"version\"\:[ ]*\".*\)\",/\1${versionSuffixTag}\",/" < package.json > package.json.new
-          mv package.json.new package.json
-        fi
-        npm publish --tag $publishTag --access public
-      env:
-        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-  build:
-    needs: publish
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check Out Repo 
-        uses: actions/checkout@v2
-
-      - name: Get short SHA
-        id: slug
-        run: echo "::set-output name=sha7::$(echo ${GITHUB_SHA} | cut -c1-7)"
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: ./
-          file: ./Dockerfile
-          push: true
-          tags: ${{ github.repository }}:latest,${{ github.repository }}:${{ steps.slug.outputs.sha7 }}
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

package/_dev/docker-compose.yml

@@ -1,37 +0,0 @@
-# this file is a helper to run all the supported dbs locally, the data is ephemeral since no host volumes will be mounted
-version: "3.6"
-services:
-  postgres:
-    image: postgres:13
-    ports:
-      - "5432:5432"
-    restart: always
-    environment:
-      POSTGRES_PASSWORD: ""
-      POSTGRES_HOST_AUTH_METHOD: trust
-  redis:
-    image: redis:6.2.5-alpine
-    ports:
-      - "6379:6379"
-    restart: always
-  mongo:
-    image: mongo:4.4.10
-    ports:
-      - "27017:27017"
-    restart: always
-  mysql:
-    image: mysql:5.7
-    ports:
-      - "3307:3306"
-    restart: always
-    environment:
-      MYSQL_DATABASE: mysql
-      MYSQL_ROOT_PASSWORD: mysql
-  maria:
-    image: mariadb:10.4.22
-    ports:
-      - "3306:3306"
-    restart: always
-    environment:
-      MARIADB_DATABASE: mysql
-      MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"

package/map.js

@@ -1 +0,0 @@
-module.exports = (test) => test.replace(/\.test\.js$/, '.js');

package/prettier.config.js

@@ -1,4 +0,0 @@
-module.exports = {
-  singleQuote: true,
-  trailingComma: 'es5',
-};

package/src/controller/api.js

@@ -1,167 +0,0 @@
-const saml = require('../saml/saml.js');
-const x509 = require('../saml/x509.js');
-const dbutils = require('../db/utils.js');
-const { indexNames } = require('./utils.js');
-const { JacksonError } = require('./error.js');
-
-const crypto = require('crypto');
-
-let configStore;
-
-const extractHostName = (url) => {
-  try {
-    const pUrl = new URL(url);
-    if (pUrl.hostname.startsWith('www.')) {
-      return pUrl.hostname.substring(4);
-    }
-    return pUrl.hostname;
-  } catch (err) {
-    return null;
-  }
-};
-
-const config = async (body) => {
-  const { rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } =
-    body;
-
-  if (!rawMetadata) {
-    throw new JacksonError('Please provide rawMetadata', 400);
-  }
-
-  if (!defaultRedirectUrl) {
-    throw new JacksonError('Please provide a defaultRedirectUrl', 400);
-  }
-
-  if (!redirectUrl) {
-    throw new JacksonError('Please provide redirectUrl', 400);
-  }
-
-  if (!tenant) {
-    throw new JacksonError('Please provide tenant', 400);
-  }
-
-  if (!product) {
-    throw new JacksonError('Please provide product', 400);
-  }
-
-  const idpMetadata = await saml.parseMetadataAsync(rawMetadata);
-
-  // extract provider
-  let providerName = extractHostName(idpMetadata.entityID);
-  if (!providerName) {
-    providerName = extractHostName(
-      idpMetadata.sso.redirectUrl || idpMetadata.sso.postUrl
-    );
-  }
-
-  idpMetadata.provider = providerName ? providerName : 'Unknown';
-
-  let clientID = dbutils.keyDigest(
-    dbutils.keyFromParts(tenant, product, idpMetadata.entityID)
-  );
-  let clientSecret;
-
-  let exists = await configStore.get(clientID);
-  if (exists) {
-    clientSecret = exists.clientSecret;
-  } else {
-    clientSecret = crypto.randomBytes(24).toString('hex');
-  }
-
-  const certs = await x509.generate();
-  if (!certs) {
-    throw new Error('Error generating x59 certs');
-  }
-
-  await configStore.put(
-    clientID,
-    {
-      idpMetadata,
-      defaultRedirectUrl,
-      redirectUrl: JSON.parse(redirectUrl), // redirectUrl is a stringified array
-      tenant,
-      product,
-      clientID,
-      clientSecret,
-      certs,
-    },
-    {
-      // secondary index on entityID
-      name: indexNames.entityID,
-      value: idpMetadata.entityID,
-    },
-    {
-      // secondary index on tenant + product
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    }
-  );
-
-  return {
-    client_id: clientID,
-    client_secret: clientSecret,
-    provider: idpMetadata.provider,
-  };
-};
-
-const getConfig = async (body) => {
-  const { clientID, tenant, product } = body;
-
-  if (clientID) {
-    const samlConfig = await configStore.get(clientID);
-    if (!samlConfig) {
-      return {};
-    }
-
-    return { provider: samlConfig.idpMetadata.provider };
-  } else {
-    const samlConfigs = await configStore.getByIndex({
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    });
-    if (!samlConfigs || !samlConfigs.length) {
-      return {};
-    }
-
-    return { provider: samlConfigs[0].idpMetadata.provider };
-  }
-};
-
-const deleteConfig = async (body) => {
-  const { clientID, clientSecret, tenant, product } = body;
-
-  if (clientID) {
-    if (!clientSecret) {
-      throw new JacksonError('Please provide clientSecret', 400);
-    }
-    const samlConfig = await configStore.get(clientID);
-    if (!samlConfig) {
-      return;
-    }
-    if (samlConfig.clientSecret === clientSecret) {
-      await configStore.delete(clientID);
-    } else {
-      throw new JacksonError('clientSecret mismatch', 400);
-    }
-  } else {
-    const samlConfigs = await configStore.getByIndex({
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    });
-    if (!samlConfigs || !samlConfigs.length) {
-      return;
-    }
-    for (const conf of samlConfigs) {
-      await configStore.delete(conf.clientID);
-    }
-  }
-};
-
-module.exports = (opts) => {
-  configStore = opts.configStore;
-  return {
-    config,
-    getConfig,
-    deleteConfig,
-  };
-};

package/src/controller/error.js

@@ -1,12 +0,0 @@
-class JacksonError extends Error {
-  constructor(message, statusCode = 500) {
-    super(message);
-
-    this.name = this.constructor.name;
-    this.statusCode = statusCode;
-
-    Error.captureStackTrace(this, this.constructor);
-  }
-}
-
-module.exports = { JacksonError };

package/src/controller/oauth/allowed.js

@@ -1,19 +0,0 @@
-module.exports = {
-  redirect: (redirectUrl, redirectUrls) => {
-    const url = new URL(redirectUrl);
-
-    for (const idx in redirectUrls) {
-      const rUrl = new URL(redirectUrls[idx]);
-      // TODO: Check pathname, for now pathname is ignored
-      if (
-        rUrl.protocol === url.protocol &&
-        rUrl.hostname === url.hostname &&
-        rUrl.port === url.port
-      ) {
-        return true;
-      }
-    }
-
-    return false;
-  },
-};

package/src/controller/oauth/code-verifier.js

@@ -1,16 +0,0 @@
-const crypto = require('crypto');
-
-const transformBase64 = (input) => {
-  return input.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
-};
-
-const encode = (code_challenge) => {
-  return transformBase64(
-    crypto.createHash('sha256').update(code_challenge).digest('base64')
-  );
-};
-
-module.exports = {
-  encode,
-  transformBase64,
-};

package/src/controller/oauth/redirect.js

@@ -1,18 +0,0 @@
-module.exports = {
-  error: (res, redirectUrl, err) => {
-    var url = new URL(redirectUrl);
-    url.searchParams.set('error', err);
-
-    res.redirect(url);
-  },
-
-  success: (redirectUrl, params) => {
-    const url = new URL(redirectUrl);
-
-    for (const [key, value] of Object.entries(params)) {
-      url.searchParams.set(key, value);
-    }
-
-    return url.href;
-  },
-};