Merge remote-tracking branch 'origin/main' into improvement/clean-up-…

…filters-code
CrowdDotDev · Jul 13, 2023 · 7cdf093 · 7cdf093
2 parents b2c8da2 + 8b2f03f
commit 7cdf093
Show file tree

Hide file tree

Showing 97 changed files with 2,371 additions and 993 deletions.
diff --git a/backend/config/custom-environment-variables.json b/backend/config/custom-environment-variables.json
@@ -129,6 +129,7 @@
     "appId": "CROWD_GITHUB_APP_ID",
     "clientId": "CROWD_GITHUB_CLIENT_ID",
     "clientSecret": "CROWD_GITHUB_CLIENT_SECRET",
+    "callbackUrl": "CROWD_GITHUB_CALLBACK_URL",
     "privateKey": "CROWD_GITHUB_PRIVATE_KEY",
     "webhookSecret": "CROWD_GITHUB_WEBHOOK_SECRET",
     "isCommitDataEnabled": "CROWD_GITHUB_IS_COMMIT_DATA_ENABLED"
@@ -180,8 +181,7 @@
     "secretAccessKey": "CROWD_OPENSEARCH_AWS_SECRET_ACCESS_KEY"
   },
   "auth0": {
-    "domain": "CROWD_AUTH0_DOMAIN",
     "clientId": "CROWD_AUTH0_CLIENT_ID",
-    "cert": "CROWD_AUTH0_CERT"
+    "jwks": "CROWD_AUTH0_JWKS"
   }
 }
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -99,6 +99,7 @@
     "html-to-text": "^8.2.1",
     "json2csv": "^5.0.7",
     "jsonwebtoken": "8.5.1",
+    "jwks-rsa": "^3.0.1",
     "lodash": "4.17.21",
     "moment": "2.29.4",
     "moment-timezone": "^0.5.34",
@@ -108,6 +109,7 @@
     "openapi-comment-parser": "^1.0.0",
     "passport": "0.6.0",
     "passport-facebook": "3.0.0",
+    "passport-github2": "^0.1.12",
     "passport-google-oauth": "2.0.0",
     "passport-google-oauth20": "^2.0.0",
     "passport-slack": "0.0.7",

diff --git a/backend/src/api/auth/authSocial.ts b/backend/src/api/auth/authSocial.ts
@@ -1,6 +1,6 @@
 import passport from 'passport'
 import { getServiceChildLogger } from '@crowd/logging'
-import { API_CONFIG, GOOGLE_CONFIG } from '../../conf'
+import { API_CONFIG, GITHUB_CONFIG, GOOGLE_CONFIG } from '../../conf'
 import AuthService from '../../services/auth/authService'
 
 const log = getServiceChildLogger('AuthSocial')
@@ -46,6 +46,26 @@ export default (app, routes) => {
       })(req, res)
     })
   }
+
+  if (GITHUB_CONFIG.clientId) {
+    routes.get(
+      '/auth/social/github',
+      passport.authenticate('github', {
+        scope: ['user:email', 'read:user'],
+        session: false,
+      }),
+      () => {
+        // The request will be redirected for authentication, so this
+        // function will not be called.
+      },
+    )
+
+    routes.get('/auth/social/github/callback', (req, res) => {
+      passport.authenticate('github', (err, jwtToken) => {
+        handleCallback(res, err, jwtToken)
+      })(req, res)
+    })
+  }
 }
 
 function handleCallback(res, err, jwtToken) {

diff --git a/backend/src/api/auth/ssoCallback.ts b/backend/src/api/auth/ssoCallback.ts
@@ -1,31 +1,44 @@
 import jwt from 'jsonwebtoken'
+import jwksClient from 'jwks-rsa'
 import AuthService from '../../services/auth/authService'
 import { AUTH0_CONFIG } from '../../conf'
 import Error401 from '../../errors/Error401'
 
+const jwks = jwksClient({
+  jwksUri: AUTH0_CONFIG.jwks,
+  cache: true,
+  cacheMaxEntries: 5,
+  cacheMaxAge: 86400000,
+})
+
+async function getKey(header, callback) {
+  jwks.getSigningKey(header.kid, (err, key: any) => {
+    const signingKey = key.publicKey || key.rsaPublicKey
+    callback(null, signingKey)
+  })
+}
+
 export default async (req, res) => {
   const { idToken, invitationToken, tenantId } = req.body
 
   try {
     const verifyToken = new Promise((resolve, reject) => {
-      const publicKey = AUTH0_CONFIG.cert.replaceAll('"', '').replace(/\\n/g, '\n')
-      jwt.verify(idToken, publicKey, { algorithms: ['RS256'] }, (err, decoded) => {
-        // If error verifying token
+      jwt.verify(idToken, getKey, { algorithms: ['RS256'] }, (err, decoded) => {
         if (err) {
           reject(new Error401())
         }
 
-        // If token matches auth0 validation criteria
-        const { aud, iss } = decoded as any
-        if (aud !== AUTH0_CONFIG.clientId || !iss.includes(AUTH0_CONFIG.domain)) {
+        const { aud } = decoded as any
+
+        if (aud !== AUTH0_CONFIG.clientId) {
           reject(new Error401())
         }
 
-        // If token validation passed
         resolve(decoded)
       })
     })
     const data: any = await verifyToken
+
     // Signin with data
     const token: string = await AuthService.signinFromSSO(
       'auth0',

diff --git a/backend/src/api/webhooks/github.ts b/backend/src/api/webhooks/github.ts
@@ -35,7 +35,7 @@ export default async (req, res) => {
 
     await sendNodeWorkerMessage(
       integration.tenantId,
-      new NodeWorkerProcessWebhookMessage(integration.tenantId, result.id),
+      new NodeWorkerProcessWebhookMessage(integration.tenantId, result.id, undefined, true),
     )
 
     await req.responseHandler.success(req, res, {}, 204)

diff --git a/backend/src/conf/configTypes.ts b/backend/src/conf/configTypes.ts
@@ -79,9 +79,8 @@ export interface ApiConfiguration {
 }
 
 export interface Auth0Configuration {
-  domain: string
   clientId: string
-  cert: string
+  jwks: string
 }
 
 export interface PlansConfiguration {
@@ -144,6 +143,7 @@ export interface GithubConfiguration {
   webhookSecret: string
   isCommitDataEnabled: string
   globalLimit?: number
+  callbackUrl: string
 }
 
 export interface SendgridConfiguration {