Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Move tokens from memory to DataStax DB #171

Merged
merged 44 commits into from
Aug 3, 2021
Merged

Move tokens from memory to DataStax DB #171

merged 44 commits into from
Aug 3, 2021

Conversation

eddiejaoude
Copy link
Member

@eddiejaoude eddiejaoude commented Jul 24, 2021
edited by Cahllagerfeld
Loading

closes #165
closes #173

  • write tests
  • save data to db

Merge after #137c

Cahl Todos

  • authService to database
  • Repair delete-token test

Cahllagerfeld and others added 25 commits June 26, 2021 15:35
@Cahllagerfeld
refactor: new Astraservice
f7ef3f4
@Cahllagerfeld
style: remove log
cfb27a3
@Cahllagerfeld
style: add js-doc
15fa97f
@Cahllagerfeld
refactor: configure namespace by header for standup
33ed254
@Cahllagerfeld
Merge branch 'main' into issue-137
de873ad
@Cahllagerfeld
feat: JWT-Client-Based Authentication
26cb288
@Cahllagerfeld
feat: add scopes guard
ef5886d
@Cahllagerfeld
fix: fixed todos
8074056
@Cahllagerfeld
feat: add keyspace interceptor
47b6c9c
@Cahllagerfeld
test: update unittests
281abae
@Cahllagerfeld
test: adjust unittests
2320df9
@Cahllagerfeld
test: adjust unittests
f96db25
@Cahllagerfeld
test: adjust unittests
21885fa
@Cahllagerfeld
test: adjust unittests
cd4c0f2
@Cahllagerfeld
test: update e2e-tests
513303c
@Cahllagerfeld
feat: github-module to new feature
a88488c
@Cahllagerfeld
feat: add new logic to discord module
6319239
@Cahllagerfeld
feat: add new auth logic to calendar module
dc17308
@Cahllagerfeld
docs: change order for swagger
2cddd68
@Cahllagerfeld
test: fix existing e2e tests
cb523e0
@Cahllagerfeld
Merge branch 'main' into issue-137
ad61af4
@Cahllagerfeld
fix: add missing catch
d0ad64a
@eddiejaoude
Merge pull request #167 from Cahllagerfeld/issue-137c
ede725b 
Issue 137c
@eddiejaoude
fix: read/write scopes (#137)
ae18fa7
@eddiejaoude
fix: auth tests (#165)
8e44321
@eddiejaoude eddiejaoude changed the base branch from main to issue-137c July 24, 2021 02:26
eddiejaoude
eddiejaoude commented Jul 24, 2021
View reviewed changes
test/features/auth.feature Outdated
| accessToken | "TYPE:JWT" |
| expiresIn | "TYPE:NUMBER" |
When add bearer token to the header
# And restart app
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This causes the test to fail until the tokens are persisted in the DB

@eddiejaoude eddiejaoude marked this pull request as draft July 24, 2021 06:21
@Cahllagerfeld
Copy link
Member

Do you want to merge this is branch 137c or do you want to merge this in main, when 137c is in main?

@eddiejaoude
Copy link
Member Author

we can do either, ideally into main when 137c has been merged.

I think we have 2 options in preferred order:

  1. if 137c is already merged into main, then we can point this in main
  2. if 137c is not ready, we can merge this into 137c it will just make it even bigger

Cahllagerfeld
Cahllagerfeld reviewed Jul 29, 2021
View reviewed changes
src/auth/auth.service.ts Outdated
let tokens: string[];
try {
tokens = await this.astraService
.get<string[]>('tokens', keyspace, 'tokens')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

store the tokens as keys in the collection, not within a function

@Cahllagerfeld
Copy link
Member

I'll take a look at this PR during the weekend, had quite much to do this week so I didnt find time for it :(

@eddiejaoude
Copy link
Member Author

No problem, that would be great 👍 I can look at it with you also

Base automatically changed from issue-137c to main July 31, 2021 09:19
@Cahllagerfeld Cahllagerfeld self-assigned this Aug 1, 2021
Cahllagerfeld
Cahllagerfeld reviewed Aug 1, 2021
View reviewed changes
Copy link
Member

@Cahllagerfeld Cahllagerfeld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some questions to it.

src/auth/auth.service.ts Outdated
} catch (e) {
throw new HttpException('Invalid client id', HttpStatus.BAD_REQUEST);
this.jwtService.verify(token);
response.status(HttpStatus.OK).json({ valid: true });
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For now I'm just validating if the token is valid.

  • Do we have to do more checks here?
  • How should the response look like at this endpoint? Is it just returning {valid: true/false} Or does it return more information?
  • Does this endpoint needs to be secured, or can anybody post data to it for checking if it is valid?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great questions, here are my thoughts

How should the response look like at this endpoint? Is it just returning {valid: true/false} Or does it return more information?

I think that is fine to have a simple { valid: true|false }

Does this endpoint needs to be secured, or can anybody post data to it for checking if it is valid?

I think this should be protected otherwise someone could try to brute force it. Is it possible to do an OR for either of the guards?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the token-guard for using only with the bot to be consistent with all Auth-Endpoints

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok sure 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

response.status(HttpStatus.OK)

I think it might make more sense to have the response code decision made in the controller and the service to just return the boolean

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Cahllagerfeld
Cahllagerfeld reviewed Aug 2, 2021
View reviewed changes
Copy link
Member

@Cahllagerfeld Cahllagerfeld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the PR is reviewable now. From my side its ready to merge

test/features/auth.feature Show resolved Hide resolved
test/support/regexes.ts Show resolved Hide resolved
@Cahllagerfeld
Copy link
Member

Ready for merge in my opinion!! :D

@eddiejaoude
Copy link
Member Author

Looking great 💥 , 2 small comments 🤓

@Cahllagerfeld Cahllagerfeld marked this pull request as ready for review August 3, 2021 16:02
Cahllagerfeld
Cahllagerfeld approved these changes Aug 3, 2021
View reviewed changes
Copy link
Member

@Cahllagerfeld Cahllagerfeld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think all open points are implemented now

@eddiejaoude
Copy link
Member Author

Awesome! Let's merge 🎉

@eddiejaoude eddiejaoude merged commit a117d93 into main Aug 3, 2021
@eddiejaoude eddiejaoude deleted the issue-165 branch August 3, 2021 16:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Cahllagerfeld Cahllagerfeld Cahllagerfeld approved these changes

Assignees

@Cahllagerfeld Cahllagerfeld

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

create new endpoint on the auth module to validate tokens. Move tokens from memory to database
2 participants
@eddiejaoude @Cahllagerfeld