asd

nhost · Feb 11, 2024 · 23acd90 · 23acd90
1 parent eb381b5
commit 23acd90
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 24 deletions.
diff --git a/build/dev/docker/docker-compose.yaml b/build/dev/docker/docker-compose.yaml
@@ -1,23 +1,38 @@
 version: "3.8"
 services:
     auth:
-        image: nhost/hasura-auth:0.22.0
+        image: nhost/hasura-auth:0.0.0-dev
+        # image: nhost/hasura-auth:0.25.0
+        command: serve
         depends_on:
             graphql:
                 condition: service_healthy
             postgres:
                 condition: service_healthy
+        ports:
+            - mode: ingress
+              target: 4000
+              published: "4000"
+              protocol: tcp
         environment:
             NODE_ENV: development
             AUTH_API_PREFIX: ""
-            HASURA_GRAPHQL_DATABASE_URL: "postgres://postgres:postgres@127.0.0.1:5432/local"
-            POSTGRES_CONNECTION: "postgres://postgres:postgres@127.0.0.1:5432/local"
+            HASURA_GRAPHQL_DATABASE_URL: "postgres://postgres:postgres@postgres:5432/local"
             HASURA_GRAPHQL_JWT_SECRET: '{"type":"HS256", "key":"5152fa850c02dc222631cca898ed1485821a70912a6e3649c49076912daa3b62182ba013315915d64f40cddfbb8b58eb5bd11ba225336a6af45bbae07ca873f3","issuer":"hasura-auth"}'
             HASURA_GRAPHQL_ADMIN_SECRET: nhost-admin-secret
-            HASURA_GRAPHQL_GRAPHQL_URL: http://127.0.0.1:8080/v1/graphql
+            HASURA_GRAPHQL_GRAPHQL_URL: http://graphql:8080/v1/graphql
             AUTH_PORT: 4000
             AUTH_SERVER_URL: http://127.0.0.2:4000
             AUTH_USER_DEFAULT_ALLOWED_ROLES: 'me,user,editor'
+            AUTH_SMTP_AUTH_METHOD: LOGIN
+            AUTH_SMTP_HOST: mailhog
+            AUTH_SMTP_PASS: password
+            AUTH_SMTP_PORT: "1025"
+            AUTH_SMTP_SECURE: "false"
+            AUTH_SMTP_SENDER: hasura-auth@example.com
+            AUTH_SMTP_USER: user
+            AUTH_LOG_LEVEL: debug
+            AUTH_CLIENT_URL: 'http://localhost:3000'
         healthcheck:
             test:
                 - CMD

diff --git a/flake.nix b/flake.nix
@@ -61,10 +61,10 @@
           ];
         };
 
-        node_modules = pkgs.stdenv.mkDerivation {
+        node_modules-builder = pkgs.stdenv.mkDerivation {
           inherit version;
 
-          pname = "node_modules";
+          pname = "node_modules-builder";
 
           nativeBuildInputs = with pkgs; [
             nodePackages.pnpm
@@ -80,7 +80,7 @@
           };
 
           buildPhase = ''
-            pnpm install
+            pnpm install --frozen-lockfile
           '';
 
           installPhase = ''
@@ -89,6 +89,14 @@
           '';
         };
 
+        node_modules-prod = node_modules-builder.overrideAttrs (oldAttrs: {
+          name = "node_modules-prod";
+
+          buildPhase = ''
+            pnpm install --frozen-lockfile --prod
+          '';
+        });
+
 
         name = "hasura-auth";
         description = "Nhost's Auth Service";
@@ -154,13 +162,17 @@
             pname = "node-${name}";
 
             buildInputs = with pkgs; [
+              pkgs.nodejs-slim_18
+            ];
+
+            nativeBuildInputs = with pkgs; [
               nodePackages.pnpm
             ];
 
             src = node-src;
 
             buildPhase = ''
-              ln -s ${node_modules}/node_modules node_modules
+              ln -s ${node_modules-builder}/node_modules node_modules
               pnpm build
             '';
 
@@ -170,8 +182,7 @@
               cp -r migrations $out/migrations
               cp -r email-templates $out/email-templates
               cp package.json $out/package.json
-              ln -s ${node_modules}/node_modules $out/node_modules
-              ln -sf ${pkgs.nodePackages.pnpm}/bin/pnpm $out/bin/pnpm
+              ln -s ${node_modules-prod}/node_modules $out/node_modules
             '';
           };
 
@@ -183,7 +194,9 @@
             ] ++ buildInputs;
 
             postInstall = ''
-              wrapProgram $out/bin/hasura-auth --suffix PATH : ${node-auth}/bin/pnpm
+              wrapProgram $out/bin/hasura-auth \
+                  --suffix PATH : ${pkgs.nodejs-slim_18}/bin \
+                  --prefix NODE_SERVER_PATH : ${node-auth}
             '';
           };
 

diff --git a/go/cmd/serve.go b/go/cmd/serve.go
@@ -85,21 +85,25 @@ func CommandServe() *cli.Command {
 	}
 }
 
-func getNodeServer(ctx context.Context, nodeServerPath string, port int) *exec.Cmd {
+func getNodeServer(cCtx *cli.Context) *exec.Cmd {
 	env := os.Environ()
 	found := false
+	authPort := strconv.Itoa(cCtx.Int(flagPort) + 1)
 	for i, v := range env {
 		if strings.HasPrefix(v, "AUTH_PORT=") {
 			found = true
-			env[i] = "AUTH_PORT=" + strconv.Itoa(port+1)
+			env[i] = "AUTH_PORT=" + authPort
 		}
 	}
 	if !found {
-		env = append(env, "AUTH_PORT="+strconv.Itoa(port+1))
+		env = append(env, "AUTH_PORT="+authPort)
 	}
+	env = append(env, "NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-bundle.crt")
+	env = append(env, "PWD="+cCtx.String(flagNodeServerPath))
+	env = append(env, "AUTH_VERSION="+cCtx.App.Version)
 
-	cmd := exec.CommandContext(ctx, "pnpm", "start")
-	cmd.Dir = nodeServerPath
+	cmd := exec.CommandContext(cCtx.Context, "node", "./dist/start.js")
+	cmd.Dir = cCtx.String(flagNodeServerPath)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	cmd.Env = env
@@ -166,7 +170,7 @@ func serve(cCtx *cli.Context) error {
 	ctx, cancel := context.WithCancel(cCtx.Context)
 	defer cancel()
 
-	nodeServer := getNodeServer(ctx, cCtx.String(flagNodeServerPath), cCtx.Int(flagPort))
+	nodeServer := getNodeServer(cCtx)
 	go func() {
 		defer cancel()
 		if err := nodeServer.Run(); err != nil {

diff --git a/src/openapi/responses.ts b/src/openapi/responses.ts
@@ -61,5 +61,5 @@ export const UnauthorizedErrorModel = Joi.object<ErrorPayload>({
 }).meta({ className: 'UnauthorizedError' });
 
 export const VersionModel = Joi.string()
-  .example(process.env.npm_package_version)
+  .example(process.env.AUTH_VERSION)
   .meta({ className: 'Version' });
diff --git a/test/routes/misc/custom-claims.test.ts b/test/routes/misc/custom-claims.test.ts
@@ -4,7 +4,7 @@ import * as faker from 'faker';
 import { patchMetadata } from '@/utils';
 import { escapeValueToPg, ENV } from '@/utils';
 
-import { request } from '../../server';
+import { request, resetEnvironment } from '../../server';
 import { decodeAccessToken } from '../../utils';
 
 describe('custom JWT claims', () => {
@@ -13,6 +13,8 @@ describe('custom JWT claims', () => {
   const projects = [...Array(3).keys()].map(faker.datatype.uuid);
 
   beforeAll(async () => {
+    await resetEnvironment();
+
     client = new Client({
       connectionString: ENV.HASURA_GRAPHQL_DATABASE_URL,
     });
@@ -21,7 +23,7 @@ describe('custom JWT claims', () => {
       await client.query(`
       CREATE TABLE IF NOT EXISTS public.profiles (
         id uuid PRIMARY KEY
-            CONSTRAINT fk_user REFERENCES auth.users(id) 
+            CONSTRAINT fk_user REFERENCES auth.users(id)
             ON UPDATE CASCADE ON DELETE CASCADE,
         organisation_id uuid);
       CREATE TABLE public.organisations (id uuid primary key default gen_random_uuid());

diff --git a/test/routes/misc/tokens.test.ts b/test/routes/misc/tokens.test.ts
@@ -2,13 +2,14 @@ import { StatusCodes } from 'http-status-codes';
 import { Client } from 'pg';
 
 import { ENV } from '../../../src/utils/env';
-import { request } from '../../server';
+import { request, resetEnvironment } from '../../server';
 import { isValidAccessToken } from '../../utils';
 
 describe('token', () => {
   let client: Client;
 
   beforeAll(async () => {
+    await resetEnvironment();
     client = new Client({
       connectionString: ENV.HASURA_GRAPHQL_DATABASE_URL,
     });

diff --git a/test/routes/signin/passwordless/email.test.ts b/test/routes/signin/passwordless/email.test.ts
@@ -3,7 +3,7 @@ import { StatusCodes } from 'http-status-codes';
 import { Client } from 'pg';
 import rfc2047 from 'rfc2047';
 import { ENV } from '../../../../src/utils/env';
-import { request } from '../../../server';
+import { request, resetEnvironment } from '../../../server';
 import {
   deleteAllMailHogEmails,
   expectUrlParameters,
@@ -14,6 +14,8 @@ describe('passwordless email (magic link)', () => {
   let client: Client;
 
   beforeAll(async () => {
+    await resetEnvironment();
+
     client = new Client({
       connectionString: ENV.HASURA_GRAPHQL_DATABASE_URL,
     });

diff --git a/test/routes/user/deanonymize.test.ts b/test/routes/user/deanonymize.test.ts
@@ -199,8 +199,8 @@ describe('email-password', () => {
   it('should fail to deanonymize user with already existing email', async () => {
     // set env vars
     await request.post('/change-env').send({
-      DISABLE_NEW_USERS: false,
-      ANONYMOUS_USERS_ENABLED: true,
+      AUTH_DISABLE_NEW_USERS: false,
+      AUTH_ANONYMOUS_USERS_ENABLED: true,
     });
 
     const email = 'joedoe@example.com';