@fraym/auth 0.1.0

package/README.md

@@ -0,0 +1,139 @@
+# auth-nodejs
+
+Client implementation in javascript for the [auth service](https://github.com/fraym/auth).
+
+## Installation
+
+```shell
+npm i @fraym/auth
+```
+
+## GraphQL
+
+You can access the graphQL api at `http://auth:3000/management/graphql`.
+There is a sandbox available at `http://auth:3000/management/graphql/sandbox`.
+
+You need to add the `Tenant-Id` header in order to use the graphQL Endpoint and the sandbox.
+
+## CLI command
+
+Use the `auth` cli command to automatically apply your permissions to the auth service.
+
+You can specify the address (and port) of the auth service instance you use in the `AUTH_SERVER_ADDRESS` env variable (default: `127.0.0.1:9000`).
+
+The needed schema for auth is a simple enum containing all your permissions. Example:
+
+```graphql
+enum Permission {
+    USER_READ
+    USER_WRITE
+}
+```
+
+### Config
+
+Use a `.env` file or env variables to configure cte clients and the command:
+
+```env
+AUTH_SERVER_ADDRESS=127.0.0.1:9000
+```
+
+## Usage
+
+### Create the client
+
+management client:
+
+```typescript
+const managementClient = await newManagementClient();
+```
+
+## Get all scopes (permissions)
+
+The `clientId` paramenter is optional. If none is given the default client will be used.
+
+```typescript
+const scopes = await managementClient.getScopes();
+```
+
+## Create a scope (permission)
+
+The `clientId` paramenter is optional. If none is given the default client will be used.
+
+```typescript
+await managementClient.createScope("PERMISSION_NAME");
+```
+
+## Delete a scope (permission)
+
+The `clientId` paramenter is optional. If none is given the default client will be used.
+
+```typescript
+await managementClient.deleteScope("PERMISSION_NAME");
+```
+
+## Get all roles
+
+```typescript
+const roles = await managementClient.getRoles("TENANT_ID");
+```
+
+## Upsert a role
+
+```typescript
+await managementClient.upsertRole("TENANT_ID", "ROLE_ID", [
+    {
+        scopeName: "PERMISSION_NAME",
+        // optional: clientId: If none is given the default client will be used
+    },
+]);
+```
+
+## Delete a role
+
+```typescript
+await managementClient.deleteRole("TENANT_ID", "ROLE_ID");
+```
+
+### Gracefully close the clients
+
+You won't lose any data if you don't. Use it for your peace of mind.
+
+```typescript
+client.close();
+```
+
+## Development
+
+You'll need the following apps for a smooth development experience:
+
+-   minikube
+-   lens
+-   okteto
+-   helm
+
+### Running the dev environment
+
+-   Start minikube if not already done:
+
+```shell
+minikube start
+```
+
+-   add mongodb and minio to your lokal kubernetes
+    -   use Makefiles in `./.dev/*`
+-   copy `.env.build` to `.env.build.local`
+    -   add your personal access token (needs read access for private fraym org repositories)
+-   deploy the app to your cluster
+
+```
+make init
+```
+
+-   start okteto
+
+```
+make dev
+```
+
+-   connect your IDE to that okteto instance

package/dist/cmd/auth.d.ts

@@ -0,0 +1,2 @@
+#! /usr/bin/env node
+export {};

package/dist/cmd/auth.js

@@ -0,0 +1,76 @@
+#! /usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const yargs_1 = __importDefault(require("yargs/yargs"));
+const helpers_1 = require("yargs/helpers");
+const dotenv_1 = require("dotenv");
+const graphql_file_loader_1 = require("@graphql-tools/graphql-file-loader");
+const load_1 = require("@graphql-tools/load");
+const graphql_1 = require("graphql");
+const client_1 = require("../management/client");
+const run = async () => {
+    (0, dotenv_1.config)();
+    const argv = await (0, yargs_1.default)((0, helpers_1.hideBin)(process.argv))
+        .config({
+        schemaGlob: "./src/**/*.graphql",
+        serverAddress: "127.0.0.1:9000",
+    })
+        .pkgConf("auth").argv;
+    let schemaGlob = argv.schemaGlob;
+    let serverAddress = argv.serverAddress;
+    if (process.env.AUTH_SCHEMA_GLOB) {
+        schemaGlob = process.env.AUTH_SCHEMA_GLOB;
+    }
+    if (process.env.AUTH_SERVER_ADDRESS) {
+        serverAddress = process.env.AUTH_SERVER_ADDRESS;
+    }
+    const schema = await (0, load_1.loadSchema)(`${schemaGlob}`, {
+        loaders: [new graphql_file_loader_1.GraphQLFileLoader()],
+    });
+    const permissions = getSchemaPermissions(schema);
+    await migratePermissions(permissions, serverAddress);
+};
+const getSchemaPermissions = (schema) => {
+    const permissions = [];
+    schema.toConfig().types.forEach(t => {
+        var _a, _b;
+        if (!(t instanceof graphql_1.GraphQLEnumType)) {
+            return;
+        }
+        const name = t.toString();
+        if (name !== "Permission") {
+            return;
+        }
+        (_b = (_a = t.astNode) === null || _a === void 0 ? void 0 : _a.values) === null || _b === void 0 ? void 0 : _b.forEach(value => {
+            permissions.push(value.name.value);
+        });
+    });
+    return permissions;
+};
+const migratePermissions = async (permissions, serverAddress) => {
+    const managementClient = await (0, client_1.newManagementClient)({ serverAddress });
+    const existingPermissions = (await managementClient.getScopes()).filter(permission => !permission.startsWith("FRAYM_"));
+    console.log("existingPermissions", existingPermissions);
+    const permissionsToCreate = permissions.filter(permission => !existingPermissions.includes(permission));
+    const permissionsToDelete = existingPermissions.filter(permission => !permissions.includes(permission));
+    if (permissionsToCreate.length > 0) {
+        console.log(`Creating ${permissionsToCreate.length} permissions: ${permissionsToCreate}...`);
+        for (let i = 0; i < permissionsToCreate.length; i++) {
+            console.log("i", i);
+            await managementClient.createScope(permissionsToCreate[i]);
+        }
+        console.log(`Created ${permissionsToCreate.length} permissions`);
+    }
+    if (permissionsToDelete.length > 0) {
+        console.log(`Removing ${permissionsToDelete.length} permissions: ${permissionsToDelete}...`);
+        for (let i = 0; i < permissionsToDelete.length; i++) {
+            console.log("i", i);
+            await managementClient.deleteScope(permissionsToDelete[i]);
+        }
+        console.log(`Removed ${permissionsToDelete.length} permissions`);
+    }
+};
+run();

package/dist/config/config.d.ts

@@ -0,0 +1,7 @@
+export interface ClientConfig {
+    serverAddress: string;
+    keepaliveInterval?: number;
+    keepaliveTimeout?: number;
+}
+export declare const getEnvConfig: () => ClientConfig;
+export declare const useConfigDefaults: (config?: ClientConfig) => Required<ClientConfig>;

package/dist/config/config.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useConfigDefaults = exports.getEnvConfig = void 0;
+const dotenv_1 = require("dotenv");
+const getEnvConfig = () => {
+    var _a;
+    (0, dotenv_1.config)();
+    const serverAddress = (_a = process.env.AUTH_SERVER_ADDRESS) !== null && _a !== void 0 ? _a : "";
+    let keepaliveInterval;
+    let keepaliveTimeout;
+    const keepaliveIntervalString = process.env.AUTH_CONNECTION_KEEPALIVE_INTERVAL;
+    const keepaliveTimeoutString = process.env.AUTH_CONNECTION_KEEPALIVE_INTERVAL;
+    if (keepaliveIntervalString) {
+        keepaliveInterval = parseInt(keepaliveIntervalString, 10);
+    }
+    if (keepaliveTimeoutString) {
+        keepaliveTimeout = parseInt(keepaliveTimeoutString, 10);
+    }
+    return {
+        serverAddress,
+        keepaliveInterval,
+        keepaliveTimeout,
+    };
+};
+exports.getEnvConfig = getEnvConfig;
+const useConfigDefaults = (config) => {
+    var _a, _b;
+    if (!config) {
+        config = (0, exports.getEnvConfig)();
+    }
+    return {
+        serverAddress: config.serverAddress,
+        keepaliveTimeout: (_a = config.keepaliveTimeout) !== null && _a !== void 0 ? _a : 3 * 1000,
+        keepaliveInterval: (_b = config.keepaliveInterval) !== null && _b !== void 0 ? _b : 40 * 1000,
+    };
+};
+exports.useConfigDefaults = useConfigDefaults;

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./management/client";
+export { ClientConfig } from "./config/config";

package/dist/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./management/client"), exports);

package/dist/management/client.d.ts

@@ -0,0 +1,13 @@
+import { ClientConfig } from "../config/config";
+import { Role } from "./getRoles";
+import { UpsertRoleScope } from "./upsertRole";
+export interface ManagementClient {
+    createScope: (name: string, clientId?: string) => Promise<void>;
+    deleteScope: (name: string, clientId?: string) => Promise<void>;
+    getScopes: (clientId?: string) => Promise<string[]>;
+    upsertRole: (tenantId: string, id: string, allowedScopes: UpsertRoleScope[]) => Promise<void>;
+    deleteRole: (tenantId: string, id: string) => Promise<void>;
+    getRoles: (tenantId: string) => Promise<Role[]>;
+    close: () => Promise<void>;
+}
+export declare const newManagementClient: (config?: ClientConfig) => Promise<ManagementClient>;

package/dist/management/client.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.newManagementClient = void 0;
+const auth_proto_1 = require("@fraym/auth-proto");
+const grpc_js_1 = require("@grpc/grpc-js");
+const config_1 = require("../config/config");
+const createScope_1 = require("./createScope");
+const deleteRole_1 = require("./deleteRole");
+const deleteScope_1 = require("./deleteScope");
+const getRoles_1 = require("./getRoles");
+const getScopes_1 = require("./getScopes");
+const upsertRole_1 = require("./upsertRole");
+const newManagementClient = async (config) => {
+    config = (0, config_1.useConfigDefaults)(config);
+    const serviceClient = new auth_proto_1.ManagementServiceClient(config.serverAddress, grpc_js_1.credentials.createInsecure(), {
+        "grpc.keepalive_time_ms": config.keepaliveInterval,
+        "grpc.keepalive_timeout_ms": config.keepaliveTimeout,
+        "grpc.keepalive_permit_without_calls": 1,
+    });
+    const createScope = async (name, clientId = "") => {
+        await (0, createScope_1.createNewScope)(name, clientId, serviceClient);
+    };
+    const deleteScope = async (name, clientId = "") => {
+        await (0, deleteScope_1.deleteExistingScope)(name, clientId, serviceClient);
+    };
+    const getScopes = async (clientId = "") => {
+        return await (0, getScopes_1.getAllScopes)(clientId, serviceClient);
+    };
+    const upsertRole = async (tenantId, id, allowedScopes) => {
+        return await (0, upsertRole_1.createOrUpdateRole)(tenantId, id, allowedScopes, serviceClient);
+    };
+    const deleteRole = async (tenantId, id) => {
+        return await (0, deleteRole_1.deleteExistingRole)(tenantId, id, serviceClient);
+    };
+    const getRoles = async (tenantId) => {
+        return await (0, getRoles_1.getAllRoles)(tenantId, serviceClient);
+    };
+    const close = async () => {
+        serviceClient.close();
+    };
+    return {
+        createScope,
+        deleteScope,
+        getScopes,
+        upsertRole,
+        deleteRole,
+        getRoles,
+        close,
+    };
+};
+exports.newManagementClient = newManagementClient;

package/dist/management/createScope.d.ts

@@ -0,0 +1,2 @@
+import { ManagementServiceClient } from "@fraym/auth-proto";
+export declare const createNewScope: (name: string, clientId: string, serviceClient: ManagementServiceClient) => Promise<void>;

package/dist/management/createScope.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createNewScope = void 0;
+const createNewScope = async (name, clientId, serviceClient) => {
+    return new Promise((resolve, reject) => {
+        serviceClient.createScope({
+            name,
+            clientId,
+        }, error => {
+            if (error) {
+                reject(error.message);
+                return;
+            }
+            resolve();
+        });
+    });
+};
+exports.createNewScope = createNewScope;

package/dist/management/deleteRole.d.ts

@@ -0,0 +1,2 @@
+import { ManagementServiceClient } from "@fraym/auth-proto";
+export declare const deleteExistingRole: (tenantId: string, id: string, serviceClient: ManagementServiceClient) => Promise<void>;

package/dist/management/deleteRole.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteExistingRole = void 0;
+const deleteExistingRole = async (tenantId, id, serviceClient) => {
+    return new Promise((resolve, reject) => {
+        serviceClient.deleteRole({
+            tenantId,
+            id,
+        }, error => {
+            if (error) {
+                reject(error.message);
+                return;
+            }
+            resolve();
+        });
+    });
+};
+exports.deleteExistingRole = deleteExistingRole;

package/dist/management/deleteScope.d.ts

@@ -0,0 +1,2 @@
+import { ManagementServiceClient } from "@fraym/auth-proto";
+export declare const deleteExistingScope: (name: string, clientId: string, serviceClient: ManagementServiceClient) => Promise<void>;

package/dist/management/deleteScope.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteExistingScope = void 0;
+const deleteExistingScope = async (name, clientId, serviceClient) => {
+    return new Promise((resolve, reject) => {
+        serviceClient.deleteScope({
+            name,
+            clientId,
+        }, error => {
+            if (error) {
+                reject(error.message);
+                return;
+            }
+            resolve();
+        });
+    });
+};
+exports.deleteExistingScope = deleteExistingScope;

package/dist/management/getRoles.d.ts

@@ -0,0 +1,10 @@
+import { ManagementServiceClient } from "@fraym/auth-proto";
+export interface Role {
+    id: string;
+    allowedScopes: RoleScope[];
+}
+export interface RoleScope {
+    clientId: string;
+    scopeName: string;
+}
+export declare const getAllRoles: (tenantId: string, serviceClient: ManagementServiceClient) => Promise<Role[]>;

package/dist/management/getRoles.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAllRoles = void 0;
+const getAllRoles = async (tenantId, serviceClient) => {
+    return new Promise((resolve, reject) => {
+        serviceClient.getRoles({
+            tenantId,
+        }, (error, response) => {
+            if (error) {
+                reject(error.message);
+                return;
+            }
+            resolve(response.roles);
+        });
+    });
+};
+exports.getAllRoles = getAllRoles;

package/dist/management/getScopes.d.ts

@@ -0,0 +1,2 @@
+import { ManagementServiceClient } from "@fraym/auth-proto";
+export declare const getAllScopes: (clientId: string, serviceClient: ManagementServiceClient) => Promise<string[]>;

package/dist/management/getScopes.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAllScopes = void 0;
+const getAllScopes = async (clientId, serviceClient) => {
+    return new Promise((resolve, reject) => {
+        serviceClient.getScopes({
+            clientId,
+        }, (error, response) => {
+            if (error) {
+                reject(error.message);
+                return;
+            }
+            resolve(response.scopes);
+        });
+    });
+};
+exports.getAllScopes = getAllScopes;

package/dist/management/upsertRole.d.ts

@@ -0,0 +1,6 @@
+import { ManagementServiceClient } from "@fraym/auth-proto";
+export interface UpsertRoleScope {
+    scopeName: string;
+    clientId?: string;
+}
+export declare const createOrUpdateRole: (tenantId: string, id: string, allowedScopes: UpsertRoleScope[], serviceClient: ManagementServiceClient) => Promise<void>;

package/dist/management/upsertRole.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createOrUpdateRole = void 0;
+const createOrUpdateRole = async (tenantId, id, allowedScopes, serviceClient) => {
+    return new Promise((resolve, reject) => {
+        serviceClient.upsertRole({
+            tenantId,
+            id,
+            allowedScopes: allowedScopes.map(scope => {
+                var _a;
+                return {
+                    scopeName: scope.scopeName,
+                    clientId: (_a = scope.clientId) !== null && _a !== void 0 ? _a : "",
+                };
+            }),
+        }, error => {
+            if (error) {
+                reject(error.message);
+                return;
+            }
+            resolve();
+        });
+    });
+};
+exports.createOrUpdateRole = createOrUpdateRole;

package/package.json

@@ -0,0 +1,47 @@
+{
+    "name": "@fraym/auth",
+    "version": "0.1.0",
+    "license": "UNLICENSED",
+    "homepage": "https://github.com/fraym/auth-nodejs",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/fraym/auth-nodejs.git"
+    },
+    "description": "nodejs client implementation for our auth service",
+    "scripts": {
+        "test": "echo \"Error: no test specified\" && exit 0",
+        "format": "prettier --write \"**/*.{ts,tsx,json}\"",
+        "lint": "prettier --check \"**/*.{ts,tsx,json}\"",
+        "build": "npm run clean && tsc && chmod +x dist/cmd/auth.js",
+        "clean": "rm -rf dist",
+        "prepublishOnly": "npm test && npm run lint && npm run build",
+        "preversion": "npm run lint",
+        "cmd": "dist/cmd/auth.js"
+    },
+    "files": [
+        "dist/**/*"
+    ],
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "bin": {
+        "auth": "dist/cmd/auth.js"
+    },
+    "dependencies": {
+        "@fraym/auth-proto": "^0.4.0",
+        "@graphql-tools/graphql-file-loader": "^7.5.11",
+        "@graphql-tools/load": "^7.8.6",
+        "@grpc/grpc-js": "1.7.2",
+        "dotenv": "^16.0.3",
+        "graphql": "^16.6.0",
+        "yargs": "^17.6.2"
+    },
+    "devDependencies": {
+        "@becklyn/prettier": "^1.0.2",
+        "@types/uuid": "^8.3.4",
+        "@types/yargs": "^17.0.13",
+        "prettier": "^2.7.1",
+        "typescript": "^4.8.4",
+        "uuid": "^9.0.0"
+    },
+    "prettier": "@becklyn/prettier"
+}