From ab97926cd8e09f3aa9e8309be1b0b776ff9537e9 Mon Sep 17 00:00:00 2001 From: 53845714nF Date: Thu, 22 Aug 2024 16:39:51 +0200 Subject: [PATCH 1/5] add pre commit config --- .pre-commit-config.yaml | 51 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..61dd578 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,51 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v2.3.0 + hooks: + - id: check-yaml + - id: end-of-file-fixer + - id: trailing-whitespace + - id: debug-statements + - id: check-merge-conflict + - id: check-added-large-files + + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.39.0 + hooks: + - id: markdownlint + + - repo: https://github.com/psf/black + rev: 22.10.0 + hooks: + - id: black + + - repo: https://github.com/GoogleContainerTools/kaniko + rev: v1.9.0 + hooks: + - id: dockerfile-lint + + - repo: https://github.com/pre-commit/mirrors-golangci-lint + rev: v1.50.0 + hooks: + - id: golangci-lint + + - repo: https://github.com/mikebattaini/pre-commit-makefile + rev: v0.1.0 + hooks: + - id: makefile-lint + + - repo: https://github.com/harness/k8s-operator + rev: v1.0.0 + hooks: + - id: k8s-lint + + - repo: https://github.com/Agilicus/pre-commit-hook-k8svalidate.git + rev: v0.0.8 + hooks: + - id: k8svalidate + files: .yml$ + + - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt + rev: 0.2.1 # or other specific tag + hooks: + - id: yamlfmt \ No newline at end of file From 3f62ae39f0f1fecebfe2e879aa5bb08d9d8e75a8 Mon Sep 17 00:00:00 2001 From: 53845714nF Date: Thu, 22 Aug 2024 17:13:01 +0200 Subject: [PATCH 2/5] add pre commit config --- .pre-commit-config.yaml | 128 +++++++++++++++++++++++++++------------- 1 file changed, 86 insertions(+), 42 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 61dd578..6f8f11a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,51 +1,95 @@ +--- repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.3.0 - hooks: - - id: check-yaml - - id: end-of-file-fixer - - id: trailing-whitespace - - id: debug-statements - - id: check-merge-conflict - - id: check-added-large-files - - - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.39.0 + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v2.3.0 hooks: - - id: markdownlint - - - repo: https://github.com/psf/black - rev: 22.10.0 - hooks: - - id: black - - - repo: https://github.com/GoogleContainerTools/kaniko - rev: v1.9.0 - hooks: - - id: dockerfile-lint + - id: check-yaml + - id: end-of-file-fixer + - id: trailing-whitespace + - id: debug-statements + - id: check-merge-conflict + - id: check-added-large-files - - repo: https://github.com/pre-commit/mirrors-golangci-lint - rev: v1.50.0 - hooks: - - id: golangci-lint - - - repo: https://github.com/mikebattaini/pre-commit-makefile - rev: v0.1.0 - hooks: - - id: makefile-lint + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.39.0 + hooks: + - id: markdownlint - - repo: https://github.com/harness/k8s-operator - rev: v1.0.0 - hooks: - - id: k8s-lint + - repo: https://github.com/psf/black + rev: 22.10.0 + hooks: + - id: black - - repo: https://github.com/Agilicus/pre-commit-hook-k8svalidate.git - rev: v0.0.8 + - repo: https://github.com/Agilicus/pre-commit-hook-k8svalidate.git + rev: v0.2.0 hooks: - id: k8svalidate + args: [--exclude, '**/*.patch.yaml'] files: .yml$ - - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt - rev: 0.2.1 # or other specific tag - hooks: - - id: yamlfmt \ No newline at end of file + - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt + rev: 0.2.1 # or other specific tag + hooks: + - id: yamlfmt + + - repo: https://github.com/tekwizely/pre-commit-golang + rev: master + hooks: + - id: go-build-mod + - id: go-build-pkg + - id: go-build-repo-mod + - id: go-build-repo-pkg + - id: go-mod-tidy + - id: go-mod-tidy-repo + - id: go-sec-mod + - id: go-sec-pkg + - id: go-sec-repo-mod + - id: go-sec-repo-pkg + - id: go-staticcheck-mod + - id: go-staticcheck-pkg + - id: go-staticcheck-repo-mod + - id: go-staticcheck-repo-pkg + - id: go-structslop-mod + - id: go-structslop-pkg + - id: go-structslop-repo-mod + - id: go-structslop-repo-pkg + - id: go-fmt + - id: go-fmt-repo + - id: go-fumpt # replaces go-fmt + - id: go-fumpt-repo # replaces go-fmt-repo + - id: go-imports # replaces go-fmt + - id: go-imports-repo # replaces go-fmt-repo + - id: go-returns # replaces go-imports & go-fmt + - id: go-returns-repo # replaces go-imports-repo & go-fmt-repo + # + # Style Checkers + # + - id: go-lint + - id: go-critic + # + # GolangCI-Lint + # - Fast Multi-Linter + # - Can be configured to replace MOST other hooks + # - Supports repo config file for configuration + # - https://github.com/golangci/golangci-lint + # + - id: golangci-lint + - id: golangci-lint-mod + - id: golangci-lint-pkg + - id: golangci-lint-repo-mod + - id: golangci-lint-repo-pkg + # + # Invoking Custom Go Tools + # - Configured *entirely* through the `args` attribute, ie: + # args: [ go, test, ./... ] + # - Use arg `--hook:error-on-output` to indicate that any output from the tool + # should be treated as an error. + # - Use the `name` attribute to provide better messaging when the hook runs + # - Use the `alias` attribute to be able to invoke your hook via `pre-commit run` + # + - id: my-cmd + - id: my-cmd-mod + - id: my-cmd-pkg + - id: my-cmd-repo + - id: my-cmd-repo-mod + - id: my-cmd-repo-pkg From b2d67a759c05ba91f61471ee4cae89fc2588e8a3 Mon Sep 17 00:00:00 2001 From: 53845714nF Date: Thu, 22 Aug 2024 17:14:22 +0200 Subject: [PATCH 3/5] add pre commit config --- .pre-commit-config.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6f8f11a..909d53b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,12 +6,11 @@ repos: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - - id: debug-statements - id: check-merge-conflict - id: check-added-large-files - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.39.0 + rev: v0.41.0 hooks: - id: markdownlint From 9f676783f51b55b545c0d3a9d4bc5bfc5879e389 Mon Sep 17 00:00:00 2001 From: 53845714nF Date: Thu, 22 Aug 2024 17:44:02 +0200 Subject: [PATCH 4/5] add pre commit config --- .pre-commit-config.yaml | 5 --- Readme.md | 82 +++++++++++++++++++++++++++-------------- 2 files changed, 55 insertions(+), 32 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 909d53b..282f7eb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,11 +14,6 @@ repos: hooks: - id: markdownlint - - repo: https://github.com/psf/black - rev: 22.10.0 - hooks: - - id: black - - repo: https://github.com/Agilicus/pre-commit-hook-k8svalidate.git rev: v0.2.0 hooks: diff --git a/Readme.md b/Readme.md index ea200db..e04c633 100644 --- a/Readme.md +++ b/Readme.md @@ -1,61 +1,89 @@ -# 🔑 Hasura JWT +# 🔑 Hasura JWT ## 🗒️ Description + This app allows you to create JWTs for hasura. And have a minimal signup process via email. It is small (Image size ~10MB) tool written in golang and minimal dependencies. ## Features - - 🧑‍🤝‍🧑 Users are stored in Postgres and accessed via GraphQL - - ✨ Integrates with GraphQL and Hasura Permissions - - 🔑 JWT tokens. - - ✉️ Emails sent via SMTP. - - 👨‍💻 Written 100% in Golang. - - 📦 Easy to deploy with Docker. + +- 🧑‍🤝‍🧑 Users are stored in Postgres and accessed via GraphQL +- ✨ Integrates with GraphQL and Hasura Permissions +- 🔑 JWT tokens. +- ✉️ Emails sent via SMTP. +- 👨‍💻 Written 100% in Golang. +- 📦 Easy to deploy with Docker. ## Usage ### ⚙️ Deployment + There are several ways to deploy this project. There is a ready-made container image on GitHub Packages. 📦 You can use it in your environment. #### 🐳 Docker Compose + There is a Docker Compose File for developers, here the Hasura must be adapted. #### ☸ Kubernetes + There is also a template for Kubernetes. Here you can see how to roll out this app there. -#### 🐹 Build with golang -And last but not least, since it is written in golang, you can export the project to almost all platforms. -(If a platform is explicitly desired, I can create a Github action for it, let me know in an issue) +#### 🐹 Build with golang + +And last but not least, since it is written in golang, +you can export the project to almost all platforms. +(If a platform is explicitly desired, I can create a Github action for it, + let me know in an issue) ### Environment Variables for Hasura JWT - - `HASURA_URL` - Must be set to the URL of your Hasura instance (e.g. `http://localhost:8080/v1/graphql` is also the default value for development). - - `HASURA_SECRET` - Must be set to the admin secret of your Hasura instance. - - `JWT_KEY` - Must be set to a secret key for signing JWTs. - - `EMAIL_VERIFICATION` - Must be set to `false` if you want to disable email verification. Default is `true`. It requires the following SMTP settings. - - `APP_URL` - The URL of the app. It is used for creating the email verification link. Must be reachable from outside. If you are using a reverse proxy, it should be the URL of the reverse proxy. In otherwise it must have `:3000` in the end. - - `SMTP_HOST` - The SMTP host to use for sending emails. - - `SMTP_PORT` - The SMTP port to use for sending emails. The default is `587`. - - `SMTP_USER` - The username to use for authenticating with the SMTP server. It is used as from email address. - - `SMTP_PASSWORD` - The password to use for authenticating with the SMTP server. + +- `HASURA_URL` - Must be set to the URL of your Hasura instance + (e.g. `http://localhost:8080/v1/graphql` is also the default value for development). +- `HASURA_SECRET` - Must be set to the admin secret of your Hasura instance. +- `JWT_KEY` - Must be set to a secret key for signing JWTs. +- `EMAIL_VERIFICATION` - Must be set to `false` if you want to disable email verification. + Default is `true`. It requires the following SMTP settings. +- `APP_URL` - The URL of the app. + It is used for creating the email verification link. + Must be reachable from outside. If you are using a reverse proxy, + it should be the URL of the reverse proxy. + In otherwise it must have `:3000` in the end. +- `SMTP_HOST` - The SMTP host to use for sending emails. +- `SMTP_PORT` - The SMTP port to use for sending emails. The default is `587`. +- `SMTP_USER` - The username to use for authenticating with the SMTP server. + It is used as from email address. +- `SMTP_PASSWORD` - The password to use for authenticating with the SMTP server. ### Environment Variables for Hasura - - `JWT_URL` - Must be set to the URL of your Hasura JWT instance (e.g. `http://localhost:3000`). - - `HASURA_GRAPHQL_UNAUTHORIZED_ROLE` - Set to `anonymous` to get access to the public schema without a token. and also for login and signup mutations. + +- `JWT_URL` - Must be set to the URL of your Hasura JWT instance (e.g. `http://localhost:3000`). +- `HASURA_GRAPHQL_UNAUTHORIZED_ROLE` - Set to `anonymous` to get access to the + public schema without a token, and also for login and signup mutations. ### 📂 Volume - - `/etc/ssl/certs/` - You can map a volume with the certificates to `/etc/ssl/certs/` in the container. -This helps by problems with the SMTP Authentication. Certificates from the Alpine package `ca-certificates` are supported by default. + +You can map a volume with the certificates to `/etc/ssl/certs/` in the container. +This helps by problems with the SMTP Authentication. Certificates from the +Alpine package `ca-certificates` are supported by default. ## 📃 Docs -Please take a look at the GitHub [Wiki](https://github.com/53845714nF/hasura-jwt/wiki) tab there are sequence diagrams for the process (sign up, login) and a database model. + +Please take a look at the GitHub [Wiki](https://github.com/53845714nF/hasura-jwt/wiki) +tab there are sequence diagrams for the process (sign up, login) and a database model. ## 🤖 Similar Projects + There is are similar project like this: - - [Hasura Auth](https://github.com/nhost/hasura-auth/tree/main) - It offers more features but is written in Typescript. - - [Backend-Quickstart](https://github.com/ryaino/Backend-Quickstart) - It's written in Java, but the last commit was 2 years ago. - - [JWT Authentication with Python & Flask ](https://hasura.io/docs/latest/actions/codegen/python-flask/) - It's a Blog post from official Hasura Documentation, there is described how to create JWT with Python and Flask. + +- [Hasura Auth](https://github.com/nhost/hasura-auth/tree/main) - It +offers more features but is written in Typescript. +- [Backend-Quickstart](https://github.com/ryaino/Backend-Quickstart) - +It's written in Java, but the last commit was 2 years ago. +- [Hasura Docs](https://hasura.io/docs/latest/actions/codegen/python-flask/) - + It's a Blog post from official Hasura Documentation, + there is described how to create JWT with Python and Flask. From 124f8e460ffc5ef1b9aab99876d194a8734a1575 Mon Sep 17 00:00:00 2001 From: 53845714nF <{ID}+{username}@users.noreply.github.com> Date: Mon, 23 Dec 2024 20:11:29 +0100 Subject: [PATCH 5/5] new crypto lib --- .gitignore | 3 +- .pre-commit-config.yaml | 65 +------------------ dev_compose.yml | 48 ++++++++++++++ dev_docker_compose.yml | 48 -------------- hasura/metadata/actions.graphql | 1 - .../default/1707348091521_init/up.sql | 2 +- src/go.mod | 2 +- src/go.sum | 4 +- 8 files changed, 57 insertions(+), 116 deletions(-) create mode 100644 dev_compose.yml delete mode 100644 dev_docker_compose.yml diff --git a/.gitignore b/.gitignore index 9f54ee5..1e9dc90 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ todo.md hasura/hasura hasura/hasura.exe -img/ \ No newline at end of file +img/ +.venv diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 282f7eb..86c3641 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,18 +1,12 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.3.0 + rev: v5.0.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - id: check-merge-conflict - - id: check-added-large-files - - - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.41.0 - hooks: - - id: markdownlint - repo: https://github.com/Agilicus/pre-commit-hook-k8svalidate.git rev: v0.2.0 @@ -22,68 +16,15 @@ repos: files: .yml$ - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt - rev: 0.2.1 # or other specific tag + rev: 0.2.3 hooks: - id: yamlfmt - repo: https://github.com/tekwizely/pre-commit-golang - rev: master + rev: v1.0.0-rc.1 hooks: - id: go-build-mod - - id: go-build-pkg - id: go-build-repo-mod - - id: go-build-repo-pkg - id: go-mod-tidy - id: go-mod-tidy-repo - - id: go-sec-mod - id: go-sec-pkg - - id: go-sec-repo-mod - - id: go-sec-repo-pkg - - id: go-staticcheck-mod - - id: go-staticcheck-pkg - - id: go-staticcheck-repo-mod - - id: go-staticcheck-repo-pkg - - id: go-structslop-mod - - id: go-structslop-pkg - - id: go-structslop-repo-mod - - id: go-structslop-repo-pkg - - id: go-fmt - - id: go-fmt-repo - - id: go-fumpt # replaces go-fmt - - id: go-fumpt-repo # replaces go-fmt-repo - - id: go-imports # replaces go-fmt - - id: go-imports-repo # replaces go-fmt-repo - - id: go-returns # replaces go-imports & go-fmt - - id: go-returns-repo # replaces go-imports-repo & go-fmt-repo - # - # Style Checkers - # - - id: go-lint - - id: go-critic - # - # GolangCI-Lint - # - Fast Multi-Linter - # - Can be configured to replace MOST other hooks - # - Supports repo config file for configuration - # - https://github.com/golangci/golangci-lint - # - - id: golangci-lint - - id: golangci-lint-mod - - id: golangci-lint-pkg - - id: golangci-lint-repo-mod - - id: golangci-lint-repo-pkg - # - # Invoking Custom Go Tools - # - Configured *entirely* through the `args` attribute, ie: - # args: [ go, test, ./... ] - # - Use arg `--hook:error-on-output` to indicate that any output from the tool - # should be treated as an error. - # - Use the `name` attribute to provide better messaging when the hook runs - # - Use the `alias` attribute to be able to invoke your hook via `pre-commit run` - # - - id: my-cmd - - id: my-cmd-mod - - id: my-cmd-pkg - - id: my-cmd-repo - - id: my-cmd-repo-mod - - id: my-cmd-repo-pkg diff --git a/dev_compose.yml b/dev_compose.yml new file mode 100644 index 0000000..4417aaa --- /dev/null +++ b/dev_compose.yml @@ -0,0 +1,48 @@ +--- + +services: + postgres: + image: postgres + restart: no + ports: + - 5432:5432 + volumes: + - hasura_ci_db_data:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: postgrespassword + + graphql-engine: + image: hasura/graphql-engine:v2.36.1 + restart: no + ports: + - 8080:8080 + depends_on: + - postgres + environment: + HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:postgrespassword@postgres:5432/postgres + HASURA_GRAPHQL_ENABLE_CONSOLE: 'true' + HASURA_GRAPHQL_ADMIN_SECRET: my-secret + HASURA_GRAPHQL_JWT_SECRET: '{ "type": "HS256", "key": "this-is-a-generic-HS256-secret-key-and-you-should-really-change-it" }' + HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anonymous + JWT_URL: http://hasura-jwt:3000 + + hasura-jwt: + build: + context: ./src + dockerfile: Dockerfile + restart: no + ports: + - 3000:3000 + environment: + JWT_KEY: this-is-a-generic-HS256-secret-key-and-you-should-really-change-it + HASURA_SECRET: my-secret + APP_URL: http://localhost:3000 + EMAIL_VERIFICATION: true + SMTP_HOST: mail.example.com + SMTP_PORT: '587' + SMTP_USER: user@example.com + SMTP_PASSWORD: user_password + + +volumes: + hasura_ci_db_data: diff --git a/dev_docker_compose.yml b/dev_docker_compose.yml deleted file mode 100644 index c0717ca..0000000 --- a/dev_docker_compose.yml +++ /dev/null @@ -1,48 +0,0 @@ -version: "3.11" - -services: - postgres: - image: postgres - restart: no - ports: - - "5432:5432" - volumes: - - hasura_ci_db_data:/var/lib/postgresql/data - environment: - POSTGRES_PASSWORD: postgrespassword - - graphql-engine: - image: hasura/graphql-engine:v2.36.1 - restart: no - ports: - - "8080:8080" - depends_on: - - "postgres" - environment: - HASURA_GRAPHQL_DATABASE_URL: "postgres://postgres:postgrespassword@postgres:5432/postgres" - HASURA_GRAPHQL_ENABLE_CONSOLE: "true" - HASURA_GRAPHQL_ADMIN_SECRET: "my-secret" - HASURA_GRAPHQL_JWT_SECRET: '{ "type": "HS256", "key": "this-is-a-generic-HS256-secret-key-and-you-should-really-change-it" }' - HASURA_GRAPHQL_UNAUTHORIZED_ROLE: "anonymous" - JWT_URL: 'http://hasura-jwt:3000' - - hasura-jwt: - build: - context: ./src - dockerfile: Dockerfile - restart: no - ports: - - "3000:3000" - environment: - JWT_KEY: 'this-is-a-generic-HS256-secret-key-and-you-should-really-change-it' - HASURA_SECRET: 'my-secret' - APP_URL: 'http://localhost:3000' - EMAIL_VERIFICATION: true - SMTP_HOST: 'mail.example.com' - SMTP_PORT: '587' - SMTP_USER: 'user@example.com' - SMTP_PASSWORD: 'user_password' - - -volumes: - hasura_ci_db_data: diff --git a/hasura/metadata/actions.graphql b/hasura/metadata/actions.graphql index 1006508..9d2338c 100644 --- a/hasura/metadata/actions.graphql +++ b/hasura/metadata/actions.graphql @@ -20,4 +20,3 @@ type CreateUserOutput { type JsonWebToken { Token: String! } - diff --git a/hasura/migrations/default/1707348091521_init/up.sql b/hasura/migrations/default/1707348091521_init/up.sql index ca56c39..fb9e507 100644 --- a/hasura/migrations/default/1707348091521_init/up.sql +++ b/hasura/migrations/default/1707348091521_init/up.sql @@ -2,7 +2,7 @@ SET check_function_bodies = false; CREATE FUNCTION public.create_assigned_user_role() RETURNS trigger LANGUAGE plpgsql AS $$ -BEGIN +BEGIN INSERT INTO assigned_user_roles (user_id, user_role_name) VALUES (NEW.id, 'user'); RETURN NEW; diff --git a/src/go.mod b/src/go.mod index 07f4411..8c6f663 100644 --- a/src/go.mod +++ b/src/go.mod @@ -2,6 +2,6 @@ module hasura-jwt go 1.23.0 -require golang.org/x/crypto v0.26.0 +require golang.org/x/crypto v0.31.0 require github.com/golang-jwt/jwt/v5 v5.2.1 diff --git a/src/go.sum b/src/go.sum index b01c380..bb79625 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,4 +1,4 @@ github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=