@wavo-cloud/aws-secrets-manager-helper 0.1.0

package/.circleci/config.yml

@@ -0,0 +1,69 @@
+confiversion: 2
+jobs:
+
+
+  test:
+    docker:
+      - image: circleci/node:10.15
+
+    steps:
+      - checkout
+      - setup_remote_docker
+
+      # Download and cache dependencies
+      - restore_cache: &restore_cache
+          keys:
+          - v1-dependencies-{{ checksum "package.json" }}
+          # fallback to using the latest cache if no exact match is found
+          - v1-dependencies-
+
+      - run: yarn install
+
+      - save_cache:
+          paths:
+            - node_modules
+          key: v1-dependencies-{{ checksum "package.json" }}
+        
+      # run tests!
+      - run:
+          name: Run tests (if possible)
+          command: |
+            if ./node_modules/@wavo-cloud/generator-microservice/shared/util/test-checks.sh; then
+              yarn ci-test
+            fi
+
+  module-push:
+    docker:
+      - image: circleci/node:10.15
+
+    steps:
+      - checkout
+      
+      - restore_cache: *restore_cache
+
+      - run:
+          name: Deploy (if possible)
+          command: |
+            if [ ! -z "${WAVO_CLOUD_WRITE_NPM_TOKEN}" ]; then
+              echo "//registry.npmjs.org/:_authToken=$WAVO_CLOUD_WRITE_NPM_TOKEN" > .npmrc
+              npm whoami
+              npm publish
+            else
+              echo "WAVO_CLOUD_WRITE_NPM_TOKEN not found. Skipping generator module push."
+            fi
+
+
+workflows:
+  version: 2
+  test-and-deploy:
+    jobs:
+    - test:
+          context: org-global
+    - module-push:
+          context: org-global
+          requires:
+            - test
+          
+          filters:
+            branches:
+              only: master

package/.prettierrc

@@ -0,0 +1,9 @@
+{
+  "trailingComma": "es5",
+  "tabWidth": 2,
+  "semi": false,
+  "useTabs": false,
+  "singleQuote": true,
+  "printWidth": 80,
+  "bracketSpacing": true
+}

package/CHANGELOG.md

@@ -0,0 +1,66 @@
+0.2.16
+-----
+- Removed logout on unauthorized hash error 
+- added isWavoUser() function
+
+0.2.12
+-----
+- FIX: added base url to local storage listener logout
+
+0.2.10
+-----
+- added infinite loop fix to auth cookies module
+
+0.2.9
+-----
+- fix: fixed infinite loop for non @wavo.me emails
+
+0.2.8
+-----
+- removed dev console logs
+
+0.2.7
+-----
+- added get apps functionality
+
+0.2.6
+-----
+- added get user function
+
+0.2.5
+-----
+- added token renewal logic to silent checksession auth flow
+
+0.2.4
+-----
+- added support for checkSession on not authenticated
+
+0.2.3
+-----
+- added support for query strings
+
+0.2.0
+-----
+- Added init() function that allows client side to set callback URL for particular service
+
+0.1.5
+-----
+- Getting navbar name from email (since nickname is not always defined on social logins)
+
+0.1.5
+-----
+- Added handling for dev/production config 
+
+0.1.1
+-----
+- Added getAccessToken() getter and refactored constants
+
+
+0.1.0
+-----
+- First fully functional test commit with all basic necessary authentication functionality
+
+
+0.0.0
+-----
+- Initial Commit.

package/Dockerfile

@@ -0,0 +1,19 @@
+FROM node:10.15-alpine
+
+# Create app directory
+RUN mkdir -p /usr/local/src/cloud-app
+WORKDIR /usr/local/src/cloud-app
+
+# Add .npmrc, package.json & yarn.lock
+COPY .npmrc /usr/local/src/cloud-app/.npmrc
+COPY package.json yarn.lock /usr/local/src/cloud-app/
+
+# Install modules with yarn
+RUN yarn
+
+# Copy the code
+COPY . /usr/local/src/cloud-app/
+
+# Let's roll!
+EXPOSE 3000
+CMD [ "yarn", "start" ]

package/README.md

@@ -0,0 +1,46 @@
+# wavo-cloud.auth-ui-helper
+
+> Wavo Cloud Infallible AWS Secrets Manager Helper
+
+## Important Commands
+
+### Building the Dockerfile image
+    $ yarn image-build
+
+
+### Prettify the Source
+    $ yarn prettify
+
+
+### Start the Microservice
+When using this option, node is passed the `--inspect` flag so you can inspect your code with the debugger of your choice. If your microservice is a worker or if you need it to block and wait for the debugger to connect use the "debug mode" instead.
+
+    $ yarn start
+
+Dockerized version (using `docker-compose`):
+
+    $ yarn docker-start
+
+
+### Start the Microservice in Debug Mode
+
+Important: when you run the microservice in debug mode, it is going to be started with node's `--inspect-brk` flag. 
+**This implies that the microservice will block and wait for a debugger to connect to port 5858 and resume code execution.**
+
+    $ yarn debug
+
+Dockerized version (using `docker-compose`):
+
+    $ yarn docker-debug
+
+    
+### Running the Tests
+
+Important: when you run the microservice in debug mode, it is going to be started with node's `--inspect-brk` flag. 
+**This implies that the microservice will block and wait for a debugger to connect to port 5858 and resume code execution.**
+
+    $ yarn test
+    
+Dockerized version (using `docker-compose`):
+
+    $ yarn docker-test

package/app/index.js

@@ -0,0 +1,2 @@
+'use strict'
+module.exports = require('./utils/awsSecretsManager')

package/app/utils/awsSecretsManager.js

@@ -0,0 +1,104 @@
+const AWS = require('aws-sdk')
+
+const region = 'us-east-1'
+const clientIdsSecretId = 'wavo/self_serve/client_list'
+const client = new AWS.SecretsManager({
+  region,
+})
+
+// attempts to parse secret
+async function parseSecret(secretString) {
+  let parsedSecret = {}
+  try {
+    parsedSecret = JSON.parse(secretString)
+    return parsedSecret
+  } catch (error) {
+    parsedSecret.error = 'Could not parse client secret'
+    return parsedSecret
+  }
+}
+
+// gets a defined secret value from aws secrets manager
+// returns JSON where JSON is the secret
+async function getSecretValue(secretId) {
+  let promiseError
+  const data = await client
+    .getSecretValue({ SecretId: secretId })
+    .promise()
+    .catch(error => {
+      promiseError = error
+    })
+
+  if (promiseError) {
+    if (promiseError.code === 'DecryptionFailureException') {
+      promiseError.message =
+        "Secrets Manager can't decrypt the protected secret text using the provided KMS key."
+      throw promiseError
+    } else if (promiseError.code === 'InternalServiceErrorException') {
+      promiseError.message = 'An error occurred on the server side.'
+      throw promiseError
+    } else if (promiseError.code === 'InvalidParameterException') {
+      promiseError.message = 'You provided an invalid value for a parameter.'
+      throw promiseError
+    } else if (promiseError.code === 'InvalidRequestException') {
+      promiseError.message =
+        'You provided a parameter value that is not valid for the current state of the resource.'
+      throw promiseError
+    } else if (promiseError.code === 'ResourceNotFoundException') {
+      promiseError.message = "We can't find the resource that you asked for."
+      throw promiseError
+    }
+  } else if ('SecretString' in data) {
+    return parseSecret(data.SecretString)
+  } else {
+    const buff = Buffer.from(data.SecretBinary, 'base64')
+    return parseSecret(buff.toString('ascii'))
+  }
+}
+
+// gets the secret keying where client secrets are stored
+// returns JSON where JSON is the secret
+async function getClientSecretIds() {
+  return getSecretValue(clientIdsSecretId)
+}
+
+// gets a specific client secret holding their API keys
+// returns JSON where JSON is the secret
+async function getClientSecret(clientId) {
+  const clientSecretIds = await getClientSecretIds()
+  return getSecretValue(clientSecretIds[clientId])
+}
+
+// gets all client secrets holding their API keys
+// returns [{ clientId: String, secretId: String, ...secret }]
+// skips all that are missing a region or organization
+async function getAllClientSecrets() {
+  const clientSecretIds = await getClientSecretIds()
+  if (!clientSecretIds) {
+    console.log('No clients found')
+    return []
+  }
+  const parsedClientSecrets = await Promise.all(
+    Object.keys(clientSecretIds).map(async clientId => {
+      const result = await getSecretValue(clientSecretIds[clientId])
+      result.id = clientId
+      result.secretId = clientSecretIds[clientId]
+      return result
+    })
+  )
+  return parsedClientSecrets.filter(clientSecret => {
+    if (clientSecret.organization && clientSecret.region && !clientSecret.error)
+      return true
+    console.log(
+      `Client secret at ${clientSecret.secretId} is missing organization or region`
+    )
+    return false
+  })
+}
+
+module.exports = {
+  getClientSecretIds,
+  getClientSecret,
+  getAllClientSecrets,
+  getSecretValue,
+}

package/docker-compose.test.yml

@@ -0,0 +1,17 @@
+version: "3.3"
+
+services:
+  app:
+    build: .
+    ports:
+      - "3000:3000"
+    entrypoint: yarn test
+    networks:
+      - appnet
+    environment:
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY
+  
+networks:
+  appnet:
+  

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@wavo-cloud/aws-secrets-manager-helper",
+  "version": "0.1.0",
+  "description": "Wavo Cloud Infallible AWS Secrets Manager Helper",
+  "license": "UNLICENSED",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Wavo/wavo-cloud.aws-secrets-manager-helper.git"
+  },
+  "wavoCloud": {
+    "enableK8sDeployment": false,
+    "name": "wavo-cloud.aws-secrets-manager-helper"
+  },
+  "main": "app/index.js",
+  "scripts": {
+    "image-build": "./node_modules/@wavo-cloud/generator-microservice/shared/util/image-build.sh",
+    "image-push": "./node_modules/@wavo-cloud/generator-microservice/shared/util/image-push.sh",
+    "k8s-deploy": "./node_modules/@wavo-cloud/generator-microservice/shared/util/k8s-deploy.sh",
+    "prettier": "node ./node_modules/prettier/bin-prettier.js --write --single-quote --print-width 120 --no-semi '**/*.js'",
+    "test": "NODE_ENV=${NODE_ENV-test} node ./node_modules/mocha/bin/mocha --recursive --require mock-local-storage",
+    "docker-dev-up": "docker-compose -f ./docker-compose.dev.yml up",
+    "docker-dev-down": "docker-compose -f ./docker-compose.dev.yml down",
+    "docker-test": "docker-compose -f ./docker-compose.test.yml down; docker-compose -f ./docker-compose.test.yml build && docker-compose -f ./docker-compose.test.yml run --rm app; R=$?; docker-compose -f ./docker-compose.test.yml down; [ $R -eq 0 ]",
+    "ci-test": "yarn docker-test"
+  },
+  "devDependencies": {
+    "@wavo-cloud/generator-microservice": "^2.5.0",
+    "chai": "^4.2.0",
+    "eslint": "^5.6.0",
+    "eslint-config-prettier": "^3.1.0",
+    "mocha": "^5.2.0",
+    "mock-local-storage": "^1.1.7",
+    "prettier": "^1.14.3",
+    "webpack": "^4.27.1",
+    "webpack-cli": "^3.1.2"
+  },
+  "dependencies": {
+    "auth0-js": "^9.8.0",
+    "aws-sdk": "^2.713.0",
+    "js-cookie": "^2.2.0",
+    "jsonwebtoken": "^8.5.1",
+    "jwt-decode": "^2.2.0"
+  }
+}

package/test/aws.test.js

@@ -0,0 +1,19 @@
+const {
+  getAllClientSecrets,
+} = require('../app/utils/awsSecretsManager')
+const expect = require('chai').expect
+
+const clientIdsSecretId = 'wavo/self_serve/client_list'
+
+describe('Test Secrets Manager Helper', async () => {
+  /**
+   * This function call tests all of the helper functions
+   */
+  it('should get all client secrets', async () => {
+    const clientSecrets = await getAllClientSecrets()
+    expect(Array.isArray(clientSecrets)).to.be.true
+    expect(clientSecrets.length).to.be.above(0)
+    expect(clientSecrets[0].clientId).to.not.be.null
+    expect(clientSecrets[0].secretId).to.not.be.null
+  })
+})