add initial version of auth service

images/auth/.gitignore

@@ -0,0 +1 @@
+service.yaml

images/auth/Dockerfile

@@ -0,0 +1,36 @@
+FROM golang:1.13 as builder
+
+# Create and change to the app directory.
+WORKDIR /app
+
+# Retrieve application dependencies using go modules.
+# Allows container builds to reuse downloaded dependencies.
+COPY go.* ./
+RUN go mod download
+
+# Copy local code to the container image.
+COPY *.go ./
+
+# Copy public assets to the container image.
+COPY public ./public
+
+# Build the binary.
+# -mod=readonly ensures immutable go.mod and go.sum in container builds.
+RUN CGO_ENABLED=0 GOOS=linux go build -mod=readonly -v -o server
+
+
+#
+
+
+# Use the official Alpine image for a lean production container.
+FROM alpine:3
+RUN apk add --no-cache ca-certificates
+
+# Copy the binary to the production image from the builder stage.
+COPY --from=builder /app/server /server
+
+# Copy public assets to the container image.
+COPY  --from=builder /app/public ./public
+
+# Run the web service on container startup.
+CMD ["/server"]

images/auth/README.md

@@ -0,0 +1,41 @@
+```bash
+export KUDA_AUTH_API_KEY="your auth API key"
+export KUDA_AUTH_DOMAIN="your auth domain"
+export KUDA_AUTH_TOS_URL="your terms and service url"
+export KUDA_AUTH_PP_URL="your privacy policy url"
+```
+
+## Build
+
+```bash
+docker build \
+  -t gcr.io/kuda-project/auth \
+  -f ./Dockerfile \
+  .
+```
+
+## Run
+
+```bash
+docker run --rm \
+  -e KUDA_AUTH_API_KEY=$KUDA_AUTH_API_KEY \
+  -e KUDA_AUTH_DOMAIN=$KUDA_AUTH_DOMAIN \
+  -e KUDA_AUTH_TOS_URL=$KUDA_AUTH_TOS_URL \
+  -e KUDA_AUTH_PP_URL=$KUDA_AUTH_PP_URL \
+  -e PORT=80 \
+  -p 8080:80 \
+  gcr.io/kuda-project/auth
+```
+
+## Deploy
+
+```bash
+KUDA_AUTH_TOS_URL=$(echo $KUDA_AUTH_TOS_URL | sed 's/\//\\\//g')
+KUDA_AUTH_PP_URL=$(echo $KUDA_AUTH_PP_URL | sed 's/\//\\\//g')
+cp service.tpl.yaml service.yaml
+sed -i'.bak' "s/value: <your-auth-api-key>/value: $KUDA_AUTH_API_KEY/g" service.yaml
+sed -i'.bak' "s/value: <your-auth-domain>/value: $KUDA_AUTH_DOMAIN/g" service.yaml
+sed -i'.bak' "s/value: <your-tos-url>/value: $KUDA_AUTH_TOS_URL/g" service.yaml
+sed -i'.bak' "s/value: <your-pp-url>/value: $KUDA_AUTH_PP_URL/g" service.yaml
+rm service.yaml.bak
+```

images/auth/go.mod

@@ -0,0 +1,3 @@
+module github.com/cyrildiagne/kuda/images/auth
+
+go 1.13

images/auth/main.go

@@ -0,0 +1,59 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"os"
+)
+
+var authPage string
+
+// AuthConfig represents the AuthConfig Document.
+type AuthConfig struct {
+	APIKey            string
+	AuthDomain        string
+	TermsOfServiceURL template.URL
+	PrivacyPolicyURL  template.URL
+}
+
+func home(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, authPage)
+}
+
+func main() {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", home)
+
+	// Retrieve the auth env variables.
+	config := AuthConfig{
+		APIKey:            os.Getenv("KUDA_AUTH_API_KEY"),
+		AuthDomain:        os.Getenv("KUDA_AUTH_DOMAIN"),
+		TermsOfServiceURL: template.URL(os.Getenv("KUDA_AUTH_TOS_URL")),
+		PrivacyPolicyURL:  template.URL(os.Getenv("KUDA_AUTH_PP_URL")),
+	}
+
+	// Process template with values.
+	t, err := template.ParseFiles("./public/index.html")
+	if err != nil {
+		log.Fatal(err)
+	}
+	w := new(bytes.Buffer)
+	t.Execute(w, config)
+	authPage = w.String()
+
+	// Setup static serving.
+	fileServer := http.FileServer(http.Dir("./public"))
+	mux.Handle("/public/", http.StripPrefix("/public", fileServer))
+
+	// Start server
+	port := os.Getenv("PORT")
+	if port == "" {
+		port = "8080"
+	}
+	fmt.Println("Listening on port", port)
+	err = http.ListenAndServe(":"+port, mux)
+	log.Fatal(err)
+}

images/auth/public/index.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8" />
+    <title>Authentication</title>
+    <script src="https://www.gstatic.com/firebasejs/7.6.1/firebase-app.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/7.6.1/firebase-auth.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/ui/4.3.0/firebase-ui-auth.js"></script>
+    <link
+      type="text/css"
+      rel="stylesheet"
+      href="https://www.gstatic.com/firebasejs/ui/4.3.0/firebase-ui-auth.css"
+    />
+  </head>
+  <body>
+    <div>
+      <button id="sign-out" style="display:none;">Sign out</button>
+      <pre id="account-details"></pre>
+    </div>
+
+    <div id="firebaseui-auth-container" style="display:none;"></div>
+
+    <script>
+      const config = {
+        apiKey: "{{.APIKey}}",
+        authDomain: "{{.AuthDomain}}",
+        termsOfServiceURL: "{{.TermsOfServiceURL}}",
+        privacyPolicyURL: "{{.PrivacyPolicyURL}}"
+      };
+    </script>
+    <script src="/public/index.js"></script>
+  </body>
+</html>

images/auth/public/index.js

@@ -0,0 +1,66 @@
+let uiContainer;
+let currentUser;
+
+// Setup Firebase UI.
+const uiConfig = {
+  callbacks: {
+    signInSuccessWithAuthResult: (authResult, redirectUrl) => false
+  },
+  signInOptions: [
+    firebase.auth.EmailAuthProvider.PROVIDER_ID,
+    firebase.auth.GithubAuthProvider.PROVIDER_ID
+  ],
+  signInFlow: "popup",
+  tosUrl: config.termsOfServiceURL,
+  privacyPolicyUrl: config.privacyPolicyURL
+};
+
+function handleAuthChanged(user) {
+  if (user) {
+    currentUser = user;
+    uiContainer.style.display = "none";
+    user.getIdToken().then(accessToken => {
+      document.getElementById("sign-out").style.display = "inline";
+      document.getElementById("account-details").textContent = JSON.stringify(
+        currentUser,
+        null,
+        "  "
+      );
+    });
+  } else {
+    currentUser = null;
+    // User is signed out.
+    document.getElementById("sign-out").style.display = "none";
+    document.getElementById("account-details").textContent = "";
+    // show Firebase UI.
+    uiContainer.style.display = "block";
+  }
+}
+
+window.onload = () => {
+  uiContainer = document.getElementById("firebaseui-auth-container");
+
+  firebase.initializeApp({
+    apiKey: config.apiKey,
+    authDomain: config.authDomain
+  });
+
+  // Listen to change in auth state so it displays the correct UI for when
+  // the user is signed in or not.
+  firebase.auth().onAuthStateChanged(handleAuthChanged);
+
+  // Signout
+  const signOutButton = document.getElementById("sign-out");
+  signOutButton.addEventListener("click", () => {
+    firebase
+      .auth()
+      .signOut()
+      .then(res => {
+        ui.start("#firebaseui-auth-container", uiConfig);
+      });
+  });
+
+  // Start Firebase UI.
+  ui = new firebaseui.auth.AuthUI(firebase.auth());
+  ui.start("#firebaseui-auth-container", uiConfig);
+};

images/auth/service.tpl.yaml

@@ -0,0 +1,19 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: auth
+  namespace: kuda
+spec:
+  template:
+    spec:
+      containers:
+        - image: gcr.io/kuda-project/auth
+          env:
+            - name: KUDA_AUTH_API_KEY
+              value: <your-auth-api-key>
+            - name: KUDA_AUTH_DOMAIN
+              value: <your-auth-domain>
+            - name: KUDA_AUTH_TOS_URL
+              value: <your-tos-url>
+            - name: KUDA_AUTH_PP_URL
+              value: <your-pp-url>

images/auth/skaffold.yaml

@@ -0,0 +1,11 @@
+apiVersion: skaffold/v1
+kind: Config
+build:
+  artifacts:
+  - image: gcr.io/kuda-project/auth
+    docker:
+      dockerfile: ./Dockerfile
+deploy:
+  kubectl:
+    manifests:
+      - service.yaml