Giter VIP home page Giter VIP logo

auth-service's Introduction

auth-service

Auth service.

CircleCI XO code style



## !!! NOTHING TO SHOW, YET. WORK IN PROGRESS. !!!

---

Summary

auth-service is a tiny, re-usable authentication service to be used in any microservices' environment.

It is built on top of express , passport and JWT, therefore easy to extend and integrate.

Basic functionality

  • Registration of a user
  • Login (and return a JWT token)
  • Verify JWT token
  • Logout
  • Mark a user as deleted (cannot login anymore)
  • Mark a user as undeleted (can login again)
  • Verify the users email
  • Send password reset email
  • Password reset
  • Return the user's profile

Authentication Providers

  • Local database (MongoDB)

Social Authentication Providers

Current, only the local strategy is implemented (saving the user in the given MongoDB instance), but it should be pretty straightforward to extend auth-service with other authentication provider, such as:

  • GitHub
  • auth0
  • saml
  • oauth/oauth2
  • DropBox
  • Google
  • Facebook
  • LinkedIn
  • OpenId
  • ...

Just have a look at passports.js and the supported strategies.

Installation

$ docker run -it stefanwalther/auth-service

Configuration

auth-service can be configured by the following environment variables:

General:

  • PORT - The port to run the REST API (defaults to 3010).
  • JWT_SECRET - The secret used for JWT, defaults to foo'
  • NODE_ENV - Environment settings for the service (production, development or test), defaults to development.

Features:

  • ENABLE_AUDIT_LOG - Enable or disable audit-log.
  • REGISTRATION__DOMAIN_FILTER - Filter domains for the registration process, can be a wildcard ('*'), a single domain (e.g. 'foo.bar') or a list of domains (e.g. 'foo.com,bar.com')

MongoDB:

Provide the connection to MongoDB either by providing a full connection string:

  • MONGODB_CONNECTION_STRING - The full MongoDB connection string.

or by providing details of the connection:

  • MONGODB_DATABASE - The MongoDB database, defaults to db.
  • MONGODB_HOST - MongoDB host, defaults to localhost.
  • MONGODB_PORT - MongoDB port, defaults to 27017.
  • MONGODB_DEBUG - Whether to use the Mongoose debug mode or not, defaults to false.

NATS-Streaming:

  • NATS_STREAMING_HOST - The NATS-Streaming host, defaults to localhost.
  • NATS_STREAMING_PORT - The NATS-Streaming port, defaults to 4222.

Nodemailer: (e.g for sending an account verification message):

  • NODEMAILER_TRANSPORT - The transport for Nodemailer (possible options: postmark).

Depending on the transporter for Nodemailer the following options can be set:

Postmark:

  • POSTMARK_API_TOKEN - Postmark`s Server API Token.

Nodemailer settings only need to be set if one of the following options are set to true:

Usage

API

All endpoints are documented through OpenApi/Swagger using

http://localhost:3010/api-docs

Contribute

Development environment

Start the development environment

To start the development environment, go for

$ make up

This will essentially:

Only required services

If you only want to run required services (e.g. MongoDB, RabbitMQ, etc.) and run the node.js process on your machine, then go for

$ make up-deps

Then start the server using

$ npm run start:watch

The API is available at http://localhost:3010

Run tests

Run tests

Running and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:

Start MongoDB:
The following command will spin up a MongoDB instance to be used in the integration tests at port 27018 (to prevent conflicts with the default port).

$ npm run dc-dev-up

Then run one of the following options:

Run integration tests:

Spins up all required dependent services to run the integration tests and runs the integration tests:

$ make build-run-integration-tests

Run unit tests:

$ make build-run-unit-tests
Update docs & readme

Building docs

(This project's readme.md is generated by verb, please don't edit the readme directly. Any changes to the readme must be made in the .verb.md readme template.)

To generate the readme, run the following command:

make gen-readme

About

Author

Stefan Walther

License

MIT

auth-service's People

Contributors

dependabot-preview[bot] avatar dependabot[bot] avatar greenkeeper[bot] avatar renovate-bot avatar renovate[bot] avatar stefanwalther avatar swr-bot avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

auth-service's Issues

Feature: Prevent user to interactively login

To be able to handle system users, some kind of a flag is necessary, that a user cannot login and is treated as a system user.

Such a user:

  • Cannot be deleted
  • Cannot be updated (by any other user than the user itself)
  • Has a flag is_system_user

Dependency deprecation warning: codeclimate-test-reporter (npm)

On registry https://registry.npmjs.org/, the "latest" version (v0.5.1) of dependency codeclimate-test-reporter has the following deprecation notice:

codeclimate-test-reporter has been deprecated in favor of our new unified test-reporter. Please visit https://docs.codeclimate.com/docs/configuring-test-coverage for details on setting up the new test-reporter.

Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.

Affected package file(s): package.json

If you don't care about this, you can close this issue and not be warned about codeclimate-test-reporter's deprecation again. If you would like to completely disable all future deprecation warnings then add the following to your config:

"suppressNotifications": ["deprecationWarningIssues"]

An in-range update of mongoose is breaking the build 🚨

Version 4.9.3 of mongoose just got published.

Branch Build failing 🚨
Dependency mongoose
Current Version 4.9.2
Type dependency

This version is covered by your current version range and after updating it in your project the build failed.

As mongoose is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this πŸ’ͺ

Status Details
  • ❌ ci/circleci Your tests failed on CircleCI Details
Commits

The new version differs by 17 commits .

  • 86d6f73 chore: release 4.9.3
  • 5eb8692 perf(populate): dont clone whole options every time
  • f6dd89f docs(schematype): explain custom message with required function
  • 12425b5 fix(populate): only apply refPath duplicate id optimization if not array
  • ca59b9c test(populate): repro #5114
  • 0a7be41 docs(schematypes): explain some subtleties with arrays
  • 79fdf6a Merge pull request #5129 from monkbroc/patch-1
  • fe20693 Merge pull request #5131 from krmannix/master
  • f4d7ad6 fix(document): copy non-objects to _doc when init()
  • cede3b4 test(document): repro #5111
  • 04fb701 feat(document): add isDirectSelected() to minimize isSelected() changes
  • 2d6bf66 test(document): repro #5063
  • 0a03288 docs(discriminator): use message in discriminator docs re: #5113
  • eee1f04 document.js fixes for functions prepended with $
  • 65f6178 docs(schematype): explain how to use isAsync with validate()

There are 17 commits in total. See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

An in-range update of nodemailer is breaking the build 🚨

Version 3.1.7 of nodemailer just got published.

Branch Build failing 🚨
Dependency nodemailer
Current Version 3.1.6
Type dependency

This version is covered by your current version range and after updating it in your project the build failed.

As nodemailer is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this πŸ’ͺ

Status Details
  • ❌ ci/circleci Your tests failed on CircleCI Details
Commits

The new version differs by 1 commits .

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Move to Koa

Add middleware

  • cors
  • compression
  • favicon
  • helmet
  • passport-strategy.local

Dependency deprecation warning: crypto (npm)

On registry https://registry.npmjs.org/, the "latest" version (v1.0.1) of dependency crypto has the following deprecation notice:

This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in.

Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.

Please take the actions necessary to rename or substitute this deprecated package and commit to your base branch. If you wish to ignore this deprecation warning and continue using crypto as-is, please add it to your ignoreDeps array in Renovate config before closing this issue, otherwise another issue will be recreated the next time Renovate runs.

An in-range update of mongoose is breaking the build 🚨

Version 4.8.6 of mongoose just got published.

Branch Build failing 🚨
Dependency mongoose
Current Version 4.8.5
Type dependency

This version is covered by your current version range and after updating it in your project the build failed.

As mongoose is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this πŸ’ͺ

Status Details
  • ❌ ci/circleci Your tests failed on CircleCI Details
Commits

The new version differs by 9 commits .

  • 36d099c chore: release 4.8.6
  • 2a3902d fix(applyHooks): dont wrap a function if it is already wrapped
  • a19145b docs(document): remove text that implies that transform is false by default
  • 00e6b94 Merge branch 'master' of github.com:Automattic/mongoose
  • 59c6d3e fix(document): ensure nested docs' toObject() clones
  • 7d34448 test(document): repro #5008
  • be08602 Merge pull request #5013 from FredericoSFerreira/master
  • a5f9168 chore: now working on 4.8.6
  • ed0eb42 Add Dashbox new case We use mongoose in production

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

UnhandledPromiseRejectionWarning: Error: connect ECONNREFUSED 127.0.0.1:27017

Trying to run docker run -it stefanwalther/auth-service on a windows machine and getting:

(node:23) UnhandledPromiseRejectionWarning: Error: connect ECONNREFUSED 127.0.0.1:27017
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1104:14)
(node:23) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:23) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

any ideas what to do?

An in-range update of mongoose is breaking the build 🚨

Version 4.9.1 of mongoose just got published.

Branch Build failing 🚨
Dependency mongoose
Current Version 4.9.0
Type dependency

This version is covered by your current version range and after updating it in your project the build failed.

As mongoose is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this πŸ’ͺ

Status Details
  • ❌ ci/circleci Your tests failed on CircleCI Details
Commits

The new version differs by 22 commits .

  • 4f864cf chore: release 4.9.1
  • 74cdbdd Merge pull request #5080 from zoellner/master
  • 249653b fix(populate): avoid duplicate ids in dynref queries
  • dae6192 test: fix flakey test
  • 79bf54a fix: upgrade driver -> 2.2.25
  • fa2caf5 fix(model): get promise each time save() is called rather than once
  • 7d6c259 test: add coverage for #5070
  • 2a0df9a fix(connection): make connect return value consistent
  • 1a5fffb fix(timestamps): handle nested timestamp paths
  • 4efe0dc test(timestamps): repro #5051
  • dd3182f docs(validation): add some more detail re: isAsync
  • 91866a8 Merge pull request #5072 from sjorssnoeren/gh-5068
  • 80b325c fix(query): handle $type for arrays
  • 0a88085 fix(update): dont double-call setters on arrays
  • 9105d85 test(update): repro #5041

There are 22 commits in total. See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

An in-range update of codecov is breaking the build 🚨

Version 2.0.2 of codecov just got published.

Branch Build failing 🚨
Dependency codecov
Current Version 2.0.1
Type devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As codecov is β€œonly” a devDependency of this project it might not break production or downstream projects, but β€œonly” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this πŸ’ͺ

Status Details
  • ❌ ci/circleci A command timed out during your tests Details
Commits

The new version differs by 10 commits .

  • 1a5741f v2.0.2
  • 458cc21 Merge pull request #52 from codecov/fix/version
  • e7a3a72 Adding v to the start of version
  • e90abf3 Take version from package.json
  • a6bdf01 Merge pull request #50 from ryanlntn/patch-1
  • dc8867c Fix typo in unknown service provider error message
  • 0d34b02 Updating Change Log
  • 2d56b9c Merge pull request #33 from Radagaisus/patch-1
  • 93a383e Fixing test
  • 17f2b92 Update README.md distinquish -> distinguish

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Dependency deprecation warning: codeclimate-test-reporter (nvm)

On registry https://registry.npmjs.org/, the "latest" version (v0.5.1) of dependency codeclimate-test-reporter has the following deprecation notice:

codeclimate-test-reporter has been deprecated in favor of our new unified test-reporter. Please visit https://docs.codeclimate.com/docs/configuring-test-coverage for details on setting up the new test-reporter.

Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.

Please take the actions necessary to rename or substitute this deprecated package and commit to your base branch. If you wish to ignore this deprecation warning and continue using codeclimate-test-reporter as-is, please add it to your ignoreDeps array in Renovate config before closing this issue, otherwise another issue will be recreated the next time Renovate runs.

Affected package file(s): package.json

An in-range update of mongoose-connection-promise is breaking the build 🚨

Version 0.1.4 of mongoose-connection-promise just got published.

Branch Build failing 🚨
Dependency mongoose-connection-promise
Current Version 0.1.3
Type dependency

This version is covered by your current version range and after updating it in your project the build failed.

mongoose-connection-promise is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this πŸ’ͺ

Status Details
  • ❌ ci/circleci Your tests failed on CircleCI Details
Commits

The new version differs by 15 commits.

  • 6255f78 Bump version / update dependencies
  • 653830f chore: upgrade dependencies
  • a819d9b chore: update mongoose version
  • 1c717e1 chore: update dependencies
  • 9c0dbbf chore(package): update eslint to version 4.1.0 (#7)
  • 0729d87 chore(package): update gulp-format-md to version 1.0.0 (#8)
  • c0c57f9 fix(package): update eslint-config-space-single to version 0.2.0 (#4)
  • 8575883 docs: Test details II
  • d94e2e4 Update README.md
  • b25fc53 docs: Test details
  • e801e0f fix(package): update eslint-config-space-single to version 0.0.5 (#2)
  • 7702d40 chore(package): update codecov to version 2.0.1 (#3)
  • e2f97f9 chore: Add husky
  • 6e79dd6 chore: Add some todos
  • 86a310d docs: Add motivation

See the full diff

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.