Merge pull request #47 from Canner/feature/auth-route

Feature: provide getting auth token and user profile api for client-server used.

Author: oscar60310

labs/playground1/vulcan.yaml

@@ -36,3 +36,5 @@ rate-limit:
     max: 10000
 enforce-https:
   enabled: false
+auth:
+  enabled: false

package.json

@@ -49,10 +49,10 @@
     "@types/from2": "^2.3.1",
     "@types/glob": "^7.2.0",
     "@types/inquirer": "^8.0.0",
-    "@types/is-base64": "^1.1.1",
     "@types/jest": "27.4.1",
     "@types/js-yaml": "^4.0.5",
     "@types/koa": "^2.13.4",
+    "@types/koa-bodyparser": "^4.3.8",
     "@types/koa-compose": "^3.2.5",
     "@types/koa-router": "^7.4.4",
     "@types/koa-sslify": "^4.0.3",

packages/integration-testing/src/example1/example1-1.spec.ts

@@ -0,0 +1,36 @@
+import { VulcanBuilder } from '@vulcan-sql/build';
+import { VulcanServer } from '@vulcan-sql/serve';
+import * as supertest from 'supertest';
+import projectConfig from './projectConfig';
+
+let server: VulcanServer;
+
+afterEach(async () => {
+  await server?.close();
+});
+
+it.each([
+  [
+    '436193eb-f686-4105-ad7b-b5945276c14a',
+    [
+      {
+        id: '436193eb-f686-4105-ad7b-b5945276c14a',
+        name: 'ivan',
+      },
+    ],
+  ],
+  ['2dc839e0-0f65-4dba-ac38-4eaf023d0008', []],
+])(
+  'Example1: Build and serve should work',
+  async (userId, expected) => {
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const agent = supertest(httpServer);
+    const result = await agent.get(`/api/user/${userId}`);
+    expect(JSON.stringify(result.body)).toEqual(JSON.stringify(expected));
+  },
+  10000
+);

packages/integration-testing/src/example1/example1-2.spec.ts

@@ -0,0 +1,52 @@
+import { IBuildOptions, VulcanBuilder } from '@vulcan-sql/build';
+import { ServeConfig, VulcanServer } from '@vulcan-sql/serve';
+
+import * as supertest from 'supertest';
+import defaultConfig from './projectConfig';
+
+let server: VulcanServer;
+
+const projectConfig: ServeConfig & IBuildOptions = {
+  ...defaultConfig,
+  auth: {
+    enabled: true,
+    options: {
+      basic: {
+        'users-list': [
+          {
+            name: 'user1',
+            // md5('test1')
+            md5Password: '5a105e8b9d40e1329780d62ea2265d8a',
+            attr: {
+              role: 'admin',
+            },
+          },
+        ],
+      },
+    },
+  },
+};
+
+afterEach(async () => {
+  await server.close();
+});
+
+it('Example1-2: authenticate user identity by POST /auth/token API', async () => {
+  const builder = new VulcanBuilder(projectConfig);
+  await builder.build();
+  server = new VulcanServer(projectConfig);
+  const httpServer = (await server.start())['http'];
+
+  const agent = supertest(httpServer);
+  const result = await agent
+    .post('/auth/token')
+    .send({
+      type: 'basic',
+      username: 'user1',
+      password: 'test1',
+    })
+    .set('Accept', 'application/json');
+  expect(result.body).toEqual({
+    token: 'dXNlcjE6dGVzdDE=',
+  });
+}, 10000);

packages/integration-testing/src/example1/example1-3.spec.ts

@@ -0,0 +1,134 @@
+import { IBuildOptions, VulcanBuilder } from '@vulcan-sql/build';
+import { ServeConfig, VulcanServer } from '@vulcan-sql/serve';
+import * as supertest from 'supertest';
+import defaultConfig from './projectConfig';
+
+describe('Example1-3: get user profile by GET /auth/user-profile API with Authorization', () => {
+  let server: VulcanServer;
+  let projectConfig: ServeConfig & IBuildOptions;
+
+  beforeEach(async () => {
+    projectConfig = {
+      ...defaultConfig,
+      auth: {
+        enabled: true,
+        options: {
+          basic: {
+            'users-list': [
+              {
+                name: 'user1',
+                // md5('test1')
+                md5Password: '5a105e8b9d40e1329780d62ea2265d8a',
+                attr: {
+                  role: 'admin',
+                },
+              },
+            ],
+          },
+        },
+      },
+    };
+  });
+
+  afterEach(async () => {
+    await server?.close();
+  });
+
+  it('Example1-3-1: set Authorization in header with default options', async () => {
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const agent = supertest(httpServer);
+    const result = await agent
+      .get('/auth/user-profile')
+      .set('Authorization', 'basic dXNlcjE6dGVzdDE=');
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+
+  it('Example1-3-2: set Authorization in querying with default options', async () => {
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const auth = Buffer.from(
+      JSON.stringify({ Authorization: 'basic dXNlcjE6dGVzdDE=' })
+    ).toString('base64');
+
+    const agent = supertest(httpServer);
+    const result = await agent.get(`/auth/user-profile?auth=${auth}`);
+
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+
+  it('Example1-3-3: set Authorization in querying with specific auth "key" options', async () => {
+    projectConfig['auth-source'] = {
+      options: {
+        key: 'x-auth',
+      },
+    };
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const auth = Buffer.from(
+      JSON.stringify({ Authorization: 'basic dXNlcjE6dGVzdDE=' })
+    ).toString('base64');
+
+    const agent = supertest(httpServer);
+    const result = await agent.get(`/auth/user-profile?x-auth=${auth}`);
+
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+
+  it('Example1-3-4: set Authorization in json payload specific auth "x-key" options', async () => {
+    projectConfig['auth-source'] = {
+      options: {
+        key: 'x-auth',
+        in: 'payload',
+      },
+    };
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const auth = Buffer.from(
+      JSON.stringify({ Authorization: 'basic dXNlcjE6dGVzdDE=' })
+    ).toString('base64');
+
+    const agent = supertest(httpServer);
+
+    const result = await agent
+      .get('/auth/user-profile')
+      .send({
+        ['x-auth']: auth,
+      })
+      .set('Accept', 'application/json');
+
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+});

packages/integration-testing/src/example1/buildAndServe.spec.ts packages/integration-testing/src/example1/projectConfig.ts

@@ -1,20 +1,15 @@
-import {
-  VulcanBuilder,
-  IBuildOptions,
-  SchemaReaderType,
-} from '@vulcan-sql/build';
+import { SchemaReaderType } from '@vulcan-sql/build';
 import {
   ArtifactBuilderProviderType,
   ArtifactBuilderSerializerType,
   TemplateProviderType,
   DocumentSpec,
 } from '@vulcan-sql/core';
-import { VulcanServer, ServeConfig, APIProviderType } from '@vulcan-sql/serve';
+import { APIProviderType } from '@vulcan-sql/serve';
 import * as path from 'path';
-import * as supertest from 'supertest';
 import faker from '@faker-js/faker';
 
-const projectConfig: ServeConfig & IBuildOptions = {
+export default {
   name: 'example project 1',
   description: 'Vulcan project for integration testing',
   version: '0.0.1',
@@ -48,37 +43,8 @@ const projectConfig: ServeConfig & IBuildOptions = {
   'enforce-https': {
     enabled: false,
   },
+  auth: {
+    enabled: false,
+  },
   port: faker.datatype.number({ min: 20000, max: 30000 }),
 };
-
-let server: VulcanServer;
-
-afterEach(async () => {
-  await server?.close();
-});
-
-it.each([
-  [
-    '436193eb-f686-4105-ad7b-b5945276c14a',
-    [
-      {
-        id: '436193eb-f686-4105-ad7b-b5945276c14a',
-        name: 'ivan',
-      },
-    ],
-  ],
-  ['2dc839e0-0f65-4dba-ac38-4eaf023d0008', []],
-])(
-  'Example1: Build and serve should work',
-  async (userId, expected) => {
-    const builder = new VulcanBuilder(projectConfig);
-    await builder.build();
-    server = new VulcanServer(projectConfig);
-    const httpServer = (await server.start())['http'];
-
-    const agent = supertest(httpServer);
-    const result = await agent.get(`/api/user/${userId}`);
-    expect(JSON.stringify(result.body)).toEqual(JSON.stringify(expected));
-  },
-  10000
-);

packages/serve/src/lib/app.ts

@@ -1,6 +1,7 @@
 import { APISchema } from '@vulcan-sql/core';
 import * as Koa from 'koa';
 import * as KoaRouter from 'koa-router';
+import * as koaParseBody from 'koa-bodyparser';
 import { uniq } from 'lodash';
 import {
   RestfulRoute,
@@ -32,6 +33,9 @@ export class VulcanApplication {
     this.app = new Koa();
     this.restfulRouter = new KoaRouter();
     this.graphqlRouter = new KoaRouter();
+
+    // add koa parser body for parsing POST json and form data
+    this.app.use(koaParseBody());
   }
 
   /**

packages/serve/src/lib/auth/httpBasicAuthenticator.ts

@@ -9,6 +9,7 @@ import {
 } from '@vulcan-sql/serve/models';
 import { VulcanExtensionId, VulcanInternalExtension } from '@vulcan-sql/core';
 import { isEmpty } from 'lodash';
+import 'koa-bodyparser';
 
 interface AuthUserOptions {
   /* user name */
@@ -21,7 +22,7 @@ interface HTPasswdFileOptions {
   /** password file path */
   ['path']: string;
   /** each user information */
-  ['users']: Array<AuthUserOptions>;
+  ['users']?: Array<AuthUserOptions>;
 }
 
 export interface AuthUserListOptions {
@@ -87,26 +88,39 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
     }
   }
 
-  public async authenticate(context: KoaContext) {
+  public async getTokenInfo(ctx: KoaContext) {
+    const username = ctx.request.body!['username'] as string;
+    const password = ctx.request.body!['password'] as string;
+    if (!username || !password)
+      throw new Error('please provide "username" and "password".');
+
+    const token = Buffer.from(`${username}:${password}`).toString('base64');
+
+    return {
+      token: token,
+    };
+  }
+
+  public async authCredential(context: KoaContext) {
     const incorrect = {
       status: AuthStatus.INDETERMINATE,
       type: this.getExtensionId()!,
     };
     if (isEmpty(this.options)) return incorrect;
 
-    const authRequest = context.request.headers['authorization'];
+    const authorize = context.request.headers['authorization'];
     if (
-      !authRequest ||
-      !authRequest.toLowerCase().startsWith(this.getExtensionId()!)
+      !authorize ||
+      !authorize.toLowerCase().startsWith(this.getExtensionId()!)
     )
       return incorrect;
 
     // validate request auth token
-    const token = authRequest.trim().split(' ')[1];
+    const token = authorize.trim().split(' ')[1];
     const bareToken = Buffer.from(token, 'base64').toString();
 
     try {
-      return await this.verify(bareToken);
+      return await this.validate(bareToken);
     } catch (err) {
       // if not found matched user credential, add WWW-Authenticate and return failed
       context.set('WWW-Authenticate', this.getExtensionId()!);
@@ -118,7 +132,7 @@ export class BasicAuthenticator extends BaseAuthenticator<BasicOptions> {
     }
   }
 
-  private async verify(baredToken: string) {
+  private async validate(baredToken: string) {
     const username = baredToken.split(':')[0] || '';
     // bare password from Basic specification
     const password = baredToken.split(':')[1] || '';