Skip to content

Commit

Permalink
improved auth performance and efficiency, now sends groups to fleetba…
Browse files Browse the repository at this point in the history
…se api
  • Loading branch information
roncodes committed Jul 19, 2024
1 parent 8a593a4 commit 9713446
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 30 deletions.
1 change: 1 addition & 0 deletions lib/config.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ import { Config } from '@verdaccio/legacy-types';
export interface FleetbaseRegistryAuthConfig extends Config {
fleetbaseHost: string;
fleetbaseApiKey: string;
protectedPrefixes: string;
}
3 changes: 3 additions & 0 deletions lib/index.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ export default class FleetbaseAuthPlugin implements IPluginAuth<Config> {
private config;
private fleetbaseClient;
private logger;
private protectedPrefixes;
private defaultProtectedPrefixes;
constructor(config: Config, options: any);
isNotProtectedPackage(packageName: string): boolean;
authenticate(identity: string, password: string, callback: Callback): Promise<void>;
adduser(identity: string, password: string, callback: Callback): Promise<void>;
allow_access(user: RemoteUser, pkg: (Config & PackageAccess) | (AllowAccess & PackageAccess), callback: AuthAccessCallback): Promise<void>;
Expand Down
34 changes: 24 additions & 10 deletions lib/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,31 @@ class FleetbaseAuthPlugin {
config;
fleetbaseClient;
logger;
protectedPrefixes;
defaultProtectedPrefixes = '@fleetbase,fleetbase,@flb,@fleetbase-extension,@flb-extension';
constructor(config, options) {
this.config = Object.assign(config, config.auth['@fleetbase/verdaccio-fleetbase-auth']);
this.logger = options.logger;
this.logger.debug({
config: JSON.stringify({
fleetbaseHost: (0, getConfigValue_1.default)('FLEETBASE_HOST', this.config),
fleetbaseApiKey: (0, getConfigValue_1.default)('FLEETBASE_API_KEY', this.config),
}, null, 4),
}, 'FLEETBASE CLIENT ENV/CONFIG VARS: @{config}');
this.fleetbaseClient = (0, fleetbaseClient_1.createFleetbaseClient)(this.config);
this.protectedPrefixes = (0, getConfigValue_1.default)('PROTECTED_PREFIXES', this.config) ?? '@fleetbase,fleetbase,@flb,@fleetbase-extension,@flb-extension';
}
isNotProtectedPackage(packageName) {
const prefixes = this.protectedPrefixes.split(',');
for (const prefix of prefixes) {
if (packageName.startsWith(prefix)) {
return false;
}
}
return true;
}
async authenticate(identity, password, callback) {
this.logger.debug({ identity }, 'Auth::authenticate() - Authenticating user with identity: @{identity}');
try {
const response = await this.fleetbaseClient.post('auth/authenticate', { identity, password });
this.logger.debug({ response: response.data }, 'Auth::authenticate() - Response from Fleetbase: @{response}');
const { groups } = response.data;
this.logger.debug({ groups: JSON.stringify(groups) }, 'Auth::authenticate() -Groups: @{groups}');
callback(null, groups ?? []);
this.logger.debug({ groups: JSON.stringify(groups) }, 'Auth::authenticate() - Groups: @{groups}');
callback(null, groups);
}
catch (error) {
const errorMessage = error instanceof Error ? error.message : 'Authentication failed for creating developer account';
Expand All @@ -55,8 +61,16 @@ class FleetbaseAuthPlugin {
// Allow access should check with Fleetbase API and see that registry user has access to the extension
this.logger.debug({ user }, 'Auth::allow_access() - User: @{user}');
this.logger.debug({ pkg }, 'Auth::allow_access() - Package: @{pkg}');
// If not a protected package just allow access without server check
if (this.isNotProtectedPackage(pkg.name)) {
this.logger.debug({ packageName: pkg.name }, 'Auth::allow_access() - (No Check) Access Allowed: @{packageName}');
callback(null, true);
return;
}
// Check with server if access is allowed
try {
const response = await this.fleetbaseClient.post('auth/check-access', { identity: user.name });
this.logger.debug({ packageName: pkg.name, identity: user.name, groups: user.groups }, 'Auth::allow_access() Request Params: { identity: @{identity}, package: @{packageName}, groups: @{groups} }');
const response = await this.fleetbaseClient.post('auth/check-access', { identity: user.name, package: pkg.name, groups: user.groups });
this.logger.debug({ response: response.data }, 'Auth::allow_access() - Response from Fleetbase: @{response}');
const { allowed } = response.data;
this.logger.debug({ allowed }, 'Auth::allow_access() - Allowed: @{allowed}');
Expand All @@ -75,7 +89,7 @@ class FleetbaseAuthPlugin {
this.logger.debug({ user }, 'Auth::allow_publish() - User: @{user}');
this.logger.debug({ pkg }, 'Auth::allow_publish() - Package: @{pkg}');
try {
const response = await this.fleetbaseClient.post('auth/check-publish', { identity: user.name, package: pkg.name });
const response = await this.fleetbaseClient.post('auth/check-publish', { identity: user.name, package: pkg.name, groups: user.groups });
this.logger.debug({ response: response.data }, 'Auth::allow_publish() - Response from Fleetbase: @{response}');
const { allowed } = response.data;
this.logger.debug({ allowed }, 'Auth::allow_publish() - Allowed: @{allowed}');
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@fleetbase/verdaccio-fleetbase-auth",
"version": "0.0.2",
"version": "0.0.3",
"description": "Authentication to verdaccio for Fleetbase extension developers.",
"keywords": [
"verdaccio",
Expand Down
5 changes: 3 additions & 2 deletions src/config.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { Config } from '@verdaccio/legacy-types';

export interface FleetbaseRegistryAuthConfig extends Config {
fleetbaseHost: string;
fleetbaseApiKey: string;
fleetbaseHost: string;
fleetbaseApiKey: string;
protectedPrefixes: string;
}
47 changes: 30 additions & 17 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,24 @@ export default class FleetbaseAuthPlugin implements IPluginAuth<Config> {
private config: FleetbaseRegistryAuthConfig;
private fleetbaseClient: IFleetbaseClient;
private logger: Logger;
private protectedPrefixes: string;
private defaultProtectedPrefixes: string = '@fleetbase,fleetbase,@flb,@fleetbase-extension,@flb-extension';

public constructor(config: Config, options: any) {
this.config = Object.assign(config, config.auth['@fleetbase/verdaccio-fleetbase-auth']);
this.logger = options.logger;
this.logger.debug(
{
config: JSON.stringify(
{
fleetbaseHost: getConfigValue('FLEETBASE_HOST', this.config),
fleetbaseApiKey: getConfigValue('FLEETBASE_API_KEY', this.config),
},
null,
4
),
},
'FLEETBASE CLIENT ENV/CONFIG VARS: @{config}'
);
this.fleetbaseClient = createFleetbaseClient(this.config);
this.protectedPrefixes = getConfigValue('PROTECTED_PREFIXES', this.config) ?? '@fleetbase,fleetbase,@flb,@fleetbase-extension,@flb-extension';
}

public isNotProtectedPackage(packageName: string): boolean {
const prefixes = this.protectedPrefixes.split(',');
for (const prefix of prefixes) {
if (packageName.startsWith(prefix)) {
return false;
}
}
return true;
}

public async authenticate(identity: string, password: string, callback: Callback): Promise<void> {
Expand All @@ -37,9 +37,9 @@ export default class FleetbaseAuthPlugin implements IPluginAuth<Config> {
const response = await this.fleetbaseClient.post('auth/authenticate', { identity, password });
this.logger.debug({ response: response.data }, 'Auth::authenticate() - Response from Fleetbase: @{response}');
const { groups } = response.data;
this.logger.debug({ groups: JSON.stringify(groups) }, 'Auth::authenticate() -Groups: @{groups}');
this.logger.debug({ groups: JSON.stringify(groups) }, 'Auth::authenticate() - Groups: @{groups}');

callback(null, groups ?? []);
callback(null, groups);
} catch (error) {
const errorMessage = error instanceof Error ? error.message : 'Authentication failed for creating developer account';
const conflict = getConflict(errorMessage);
Expand Down Expand Up @@ -67,8 +67,21 @@ export default class FleetbaseAuthPlugin implements IPluginAuth<Config> {
// Allow access should check with Fleetbase API and see that registry user has access to the extension
this.logger.debug({ user }, 'Auth::allow_access() - User: @{user}');
this.logger.debug({ pkg }, 'Auth::allow_access() - Package: @{pkg}');

// If not a protected package just allow access without server check
if (this.isNotProtectedPackage(pkg.name)) {
this.logger.debug({ packageName: pkg.name }, 'Auth::allow_access() - (No Check) Access Allowed: @{packageName}');
callback(null, true);
return;
}

// Check with server if access is allowed
try {
const response = await this.fleetbaseClient.post('auth/check-access', { identity: user.name });
this.logger.debug(
{ packageName: pkg.name, identity: user.name, groups: user.groups },
'Auth::allow_access() Request Params: { identity: @{identity}, package: @{packageName}, groups: @{groups} }'
);
const response = await this.fleetbaseClient.post('auth/check-access', { identity: user.name, package: pkg.name, groups: user.groups });
this.logger.debug({ response: response.data }, 'Auth::allow_access() - Response from Fleetbase: @{response}');
const { allowed } = response.data;
this.logger.debug({ allowed }, 'Auth::allow_access() - Allowed: @{allowed}');
Expand All @@ -88,7 +101,7 @@ export default class FleetbaseAuthPlugin implements IPluginAuth<Config> {
this.logger.debug({ user }, 'Auth::allow_publish() - User: @{user}');
this.logger.debug({ pkg }, 'Auth::allow_publish() - Package: @{pkg}');
try {
const response = await this.fleetbaseClient.post('auth/check-publish', { identity: user.name, package: pkg.name });
const response = await this.fleetbaseClient.post('auth/check-publish', { identity: user.name, package: pkg.name, groups: user.groups });
this.logger.debug({ response: response.data }, 'Auth::allow_publish() - Response from Fleetbase: @{response}');
const { allowed } = response.data;
this.logger.debug({ allowed }, 'Auth::allow_publish() - Allowed: @{allowed}');
Expand Down

0 comments on commit 9713446

Please sign in to comment.