Skip to content

Commit

Permalink
Merge pull request #389 from suculent/thinx-staging
Browse files Browse the repository at this point in the history 
staging latest fixes (github oauth)
  • Loading branch information
@suculent
suculent authored May 11, 2022
2 parents b15e194 + 78cffcd commit d788958
Show file tree
Hide file tree
Showing 16 changed files with 584 additions and 399 deletions.
1 change: 0 additions & 1 deletion docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ fi
set -e

if [[ ${ENVIRONMENT} == "test" ]]; then
echo "[thinx-entrypoint] Running in TEST MODE!"
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
chmod +x ./cc-test-reporter

Expand Down
1 change: 1 addition & 0 deletions lib/router.auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ module.exports = function (app) {
console.log(`[OID:${user_data.owner}] [LOGIN_INVALID] Password mismatch.`);
auditLogError(user_data.owner, "password_mismatch");
alog.log(req.session.owner, "Password mismatch.");
stored_response.status(401);
Util.responder(stored_response, false, "password_mismatch");
}
return true;
Expand Down
72 changes: 43 additions & 29 deletions lib/router.github.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,34 +15,36 @@ const app_config = Globals.app_config();
var AuditLog = require("../lib/thinx/audit"); var alog = new AuditLog();
var User = require("../lib/thinx/owner"); var user = new User();

const Util = require("./thinx/util");

//
// OAuth2 for GitHub
//

var githubOAuth;

if (typeof (process.env.GITHUB_CLIENT_SECRET) !== "undefined" && process.env.GITHUB_CLIENT_SECRET !== null) {
try {
let specs = {
githubClient: process.env.GITHUB_CLIENT_ID,
githubSecret: process.env.GITHUB_CLIENT_SECRET,
baseURL: github_ocfg.base_url, // should be rather gotten from global config!
loginURI: '/api/oauth/github',
callbackURI: '/api/oauth/github/callback',
scope: 'user'
};
githubOAuth = require('./thinx/oauth-github.js')(specs);
} catch (e) {
console.log(`[debug] [oauth] [github] github_ocfg init error: ${e}`);
}
}

module.exports = function (app) {

/*
* OAuth 2 with GitHub
*/

var githubOAuth;

if (typeof (process.env.GITHUB_CLIENT_SECRET) !== "undefined" && process.env.GITHUB_CLIENT_SECRET !== null) {
try {
let specs = {
githubClient: process.env.GITHUB_CLIENT_ID,
githubSecret: process.env.GITHUB_CLIENT_SECRET,
baseURL: github_ocfg.base_url, // should be rather gotten from global config!
loginURI: '/api/oauth/github',
callbackURI: '/api/oauth/github/callback',
scope: 'user'
};
githubOAuth = require('./thinx/oauth-github.js')(specs);
} catch (e) {
console.log(`[debug] [oauth] [github] github_ocfg init error: ${e}`);
}
}

function validateGithubUser(response, token, userWrapper) {

let owner_id = userWrapper.owner; // must not be nil
Expand Down Expand Up @@ -157,7 +159,22 @@ module.exports = function (app) {
if (typeof (original_response) !== "undefined") original_response.end("test-ok");
});

githubOAuth.on('token', (oauth_token_string/* , resp, _res, req */) => {
githubOAuth.on('token', (oauth_token_string, resp, /* _res, req */) => {

if (!Util.isDefined(oauth_token_string)) {
console.log("[github] debug token event without token", { oauth_token_string }, resp);
original_response.redirect(
app_config.public_url + '/error.html?success=failed&title=Sorry&reason=Intruder%20alert.'
);

return;
}

if (typeof (oauth_token_string) === "object") {
console.log("[github] oauth token response:", oauth_token_string);
original_response.status(401).end();
return;
}

let oauth_token_array = oauth_token_string.split("&");
let access_token = oauth_token_array[0].replace("access_token=", "");
Expand All @@ -166,6 +183,7 @@ module.exports = function (app) {

if (typeof (access_token) === "undefined") {
console.log("[debug] [github] [token] No token, exiting.");
original_response.status(401).end();
return;
}

Expand Down Expand Up @@ -263,16 +281,12 @@ module.exports = function (app) {

// Callback service parsing the authorization token and asking for the access token
app.get('/api/oauth/github/callback', function (req, res) {

// save original response to callbacks in this code path... when callback is called, response is used to reply (except for error)
secureGithubCallbacks(res, () => {
if (githubOAuth.callback === "function") {
githubOAuth.callback(req, res);
} else {
console.log("[warning] githubOAuth.callback(req, res); is not a function");
res.status(401).end();
}
}); // save original response to callbacks in this code path... when callback is called, response is used to reply

githubOAuth.callback(req, res, (err) => {
console.log("[spec] GitHub OAuth result", err);
//res.end(); // why does not the res end?
});
});
});

};
3 changes: 2 additions & 1 deletion lib/router.google.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ module.exports = function (app) {
*/

function createUserWithGoogle(req, ores, odata, userWrapper, access_token) {
console.log("Creating new user...");
console.log("[google] Creating new user...");

// No e-mail to validate.
var will_require_activation = true;
Expand All @@ -73,6 +73,7 @@ module.exports = function (app) {

const ourl = app_config.public_url + "/auth.html?t=" + token + "&g=true"; // require GDPR consent
console.log(ourl);
console.log("Redirecting to:", ourl);
ores.redirect(ourl);
});
}
Expand Down
5 changes: 5 additions & 0 deletions lib/router.user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ module.exports = function (app) {
req.session.destroy((err) => {
console.log(err);
});
res.status(401);
Util.responder(res, success, message);
} else {
res.redirect(message.redirectURL);
Expand All @@ -25,6 +26,7 @@ module.exports = function (app) {
user.password_reset(req.query.owner, req.query.reset_key, (success, message) => {
if (!success) {
req.session.destroy((/*err*/) => {
res.status(401);
Util.responder(res, success, message);
});
} else {
Expand All @@ -37,6 +39,7 @@ module.exports = function (app) {
user.password_reset_init(req.body.email, (success, message) => {
if (!success) {
req.session.destroy();
res.status(401);
}
console.log("[debug] password_reset_init", success, message);
Util.responder(res, success, message);
Expand All @@ -50,6 +53,7 @@ module.exports = function (app) {
console.log(cid, "[debug] set_password callback", success, message);
if (!success) {
if (typeof (req.session) !== "undefined") req.session.destroy();
res.status(401);
}
console.log(cid, "[debug] set_password respond with success, message", success, message);
Util.responder(res, success, message);
Expand All @@ -64,6 +68,7 @@ module.exports = function (app) {
if (err) {
let errString = err.toString();
console.log(`[OID:${owner}] Chat message failed with error ${errString}`);
res.status(400);
} else {
console.log(`[OID:${owner}] Chat message sent.`);
}
Expand Down
167 changes: 86 additions & 81 deletions lib/thinx/builder.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -471,6 +471,67 @@ module.exports = class Builder {
return true;
}

generate_thinx_json(api_envs, device, api_key, commit_id, git_tag, XBUILD_PATH) {

// Load template
var thinx_json = JSON.parse(
fs.readFileSync(
__dirname + "/../../builder.thinx.dist.json"
)
);

if (typeof (api_envs) === "undefined" || api_envs === null) {
console.log("[builder] No env vars to apply...");
api_envs = [];
}

if (api_envs.count > 0) {
console.log("[builder] Applying environment vars...");
for (var object in api_envs) {
var key = Object.keys(object)[0];
console.log("Setting " + key + " to " + object[key]);
thinx_json[key] = object[key];
}
} else {
console.log("[builder] No environment vars to apply...");
}

// Attach/replace with important data
thinx_json.THINX_ALIAS = device.alias;
thinx_json.THINX_API_KEY = api_key; // inferred from last_key_hash

// Replace important data...
thinx_json.THINX_COMMIT_ID = commit_id.replace("\n", "");
thinx_json.THINX_FIRMWARE_VERSION_SHORT = git_tag.replace("\n", "");

var REPO_NAME = XBUILD_PATH.replace(/^.*[\\\/]/, '').replace(".git", "");

thinx_json.THINX_FIRMWARE_VERSION = REPO_NAME + ":" + git_tag.replace("\n", "");
thinx_json.THINX_APP_VERSION = thinx_json.THINX_FIRMWARE_VERSION;

thinx_json.THINX_OWNER = device.owner;
thinx_json.THINX_PLATFORM = device.platform;
thinx_json.LANGUAGE_NAME = JSON2H.languageNameForPlatform(device.platform);
thinx_json.THINX_UDID = device.udid;

// Attach/replace with more specific data...");
thinx_json.THINX_CLOUD_URL = app_config.api_url.replace("https://", "").replace("http://", "");
thinx_json.THINX_MQTT_URL = app_config.mqtt.server.replace("mqtt://", ""); // due to problem with slashes in json and some libs on platforms
thinx_json.THINX_AUTO_UPDATE = true; // device.autoUpdate
thinx_json.THINX_MQTT_PORT = app_config.mqtt.port;
thinx_json.THINX_API_PORT = app_config.port;
thinx_json.THINX_ENV_SSID = "";
thinx_json.THINX_ENV_PASS = "";

if (typeof (app_config.secure_port) !== "undefined") {
thinx_json.THINX_API_PORT_SECURE = app_config.secure_port;
}

thinx_json.THINX_AUTO_UPDATE = device.auto_update;
thinx_json.THINX_FORCED_UPDATE = false;

return thinx_json;
}

run_build(br, notifiers, callback, transmit_key) {

Expand Down Expand Up @@ -710,27 +771,7 @@ module.exports = class Builder {

console.log("[builder] REPO_VERSION (TAG+REV) [unused var]: '" + REPO_VERSION.replace(/\n/g, "") + "'");

var header_file = null;
try {
console.log("Finding", HEADER_FILE_NAME, "in", XBUILD_PATH);
var h_file = finder.from(XBUILD_PATH).findFiles(HEADER_FILE_NAME);
if ((typeof (h_file) !== "undefined") && h_file !== null) {
header_file = h_file[0];
}
console.log("[builder] found header_file: " + header_file);
} catch (e) {
console.log("Exception while getting header, use FINDER!: " + e);
blog.state(build_id, owner, udid, "error");
}

if (header_file === null) {
header_file = XBUILD_PATH / HEADER_FILE_NAME;
console.log("header_file empty, assigning path:", header_file);
}

console.log("[builder] Final header_file:", header_file);

var REPO_NAME = XBUILD_PATH.replace(/^.*[\\\/]/, '').replace(".git", "");


//
// Fetch API Envs and create header file
Expand All @@ -743,63 +784,7 @@ module.exports = class Builder {
// must not be blocking
}

// --> extract from here

// Load template
var thinx_json = JSON.parse(
fs.readFileSync(
__dirname + "/../../builder.thinx.dist.json"
)
);

if (typeof (api_envs) === "undefined" || api_envs === null) {
console.log("[builder] No env vars to apply...");
api_envs = [];
}

if (api_envs.count > 0) {
console.log("[builder] Applying environment vars...");
for (var object in api_envs) {
var key = Object.keys(object)[0];
console.log("Setting " + key + " to " + object[key]);
thinx_json[key] = object[key];
}
} else {
console.log("[builder] No environment vars to apply...");
}

// Attach/replace with important data
thinx_json.THINX_ALIAS = device.alias;
thinx_json.THINX_API_KEY = api_key; // inferred from last_key_hash

// Replace important data...
thinx_json.THINX_COMMIT_ID = commit_id.replace("\n", "");
thinx_json.THINX_FIRMWARE_VERSION_SHORT = git_tag.replace("\n", "");
thinx_json.THINX_FIRMWARE_VERSION = REPO_NAME + ":" + git_tag.replace("\n", "");
thinx_json.THINX_APP_VERSION = thinx_json.THINX_FIRMWARE_VERSION;

thinx_json.THINX_OWNER = device.owner;
thinx_json.THINX_PLATFORM = device.platform;
thinx_json.LANGUAGE_NAME = JSON2H.languageNameForPlatform(device.platform);
thinx_json.THINX_UDID = udid;

// Attach/replace with more specific data...");
thinx_json.THINX_CLOUD_URL = app_config.api_url.replace("https://", "").replace("http://", "");
thinx_json.THINX_MQTT_URL = app_config.mqtt.server.replace("mqtt://", ""); // due to problem with slashes in json and some libs on platforms
thinx_json.THINX_AUTO_UPDATE = true; // device.autoUpdate
thinx_json.THINX_MQTT_PORT = app_config.mqtt.port;
thinx_json.THINX_API_PORT = app_config.port;
thinx_json.THINX_ENV_SSID = "";
thinx_json.THINX_ENV_PASS = "";

if (typeof (app_config.secure_port) !== "undefined") {
thinx_json.THINX_API_PORT_SECURE = app_config.secure_port;
}

thinx_json.THINX_AUTO_UPDATE = device.auto_update;
thinx_json.THINX_FORCED_UPDATE = false;

// <-- extract to here
let thinx_json = this.generate_thinx_json(api_envs, device, api_key, commit_id, git_tag, XBUILD_PATH);

console.log("[builder] Writing template to thinx_build.json...");

Expand All @@ -815,6 +800,26 @@ module.exports = class Builder {
return;
}

var header_file = null;
try {
console.log("Finding", HEADER_FILE_NAME, "in", XBUILD_PATH);
var h_file = finder.from(XBUILD_PATH).findFiles(HEADER_FILE_NAME);
if ((typeof (h_file) !== "undefined") && h_file !== null) {
header_file = h_file[0];
}
console.log("[builder] found header_file: " + header_file);
} catch (e) {
console.log("Exception while getting header, use FINDER!: " + e);
blog.state(build_id, owner, udid, "error");
}

if (header_file === null) {
header_file = XBUILD_PATH / HEADER_FILE_NAME;
console.log("header_file empty, assigning path:", header_file);
}

console.log("[builder] Final header_file:", header_file);

if ((platform != "mongoose") || (platform != "python") || (platform != "nodejs")) {
console.log("[builder] Generating C-headers from into", header_file);
if (fs.existsSync(header_file)) {
Expand All @@ -824,14 +829,14 @@ module.exports = class Builder {
}
}

// <--- cut until here as configureBuildForDevice(header_file, device, api_envs, api_key, git_tag, commit_id, REPO_NAME, udid, platform)

callback(true, {
response: "build_started",
build_id: build_id
}); // last callback before executing

// start the build in background
//
// start the build in background (device, br, udid, build_id, owner, ROOT, fcid, git, sanitized_branch, XBUILD_PATH, api_envs...)
//

var fcid = "000000";
if (typeof (device.fcid) !== "undefined") {
Expand Down
Loading

0 comments on commit d788958

Please sign in to comment.