Connect configurator to in-cluster archive

unkhz · Jul 25, 2024 · 43daf9b · 43daf9b
1 parent a34bdbc
commit 43daf9b
Show file tree

Hide file tree

Showing 8 changed files with 733 additions and 1,174 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/common-archive-client/lib/client.test.ts b/packages/common-archive-client/lib/client.test.ts
@@ -5,28 +5,15 @@ import * as env from './env'
 
 jest.mock('@trpc/client')
 
-const testCredentials = {
-  type: 'service_account',
-  project_id: 'test',
-  private_key_id: '1',
-  private_key: '-----BEGIN PRIVATE KEY-----test-----END PRIVATE KEY-----',
-  client_email: 'ding@dong.iam.gserviceaccount.com',
-  client_id: '1234',
-  auth_uri: 'https://accounts.google.com/o/oauth2/auth',
-  token_uri: 'https://oauth2.googleapis.com/token',
-  auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs',
-  client_x509_cert_url: 'https://www.googleapis.com/robot/v1/metadata/x509/ding%40dong.iam.gserviceaccount.com',
-}
-
 describe('createClient', () => {
   it('should use env, create client and connect', async () => {
     jest.spyOn(env, 'getEnv').mockReturnValue({
       ARCHIVE_API_HOST: 'localhost',
       ARCHIVE_API_PORT: 1234,
       ARCHIVE_API_PATH: '/teeärpeesee',
       ARCHIVE_API_SSL: true,
-      ARCHIVE_CLIENT_GCLOUD_SCOPE: 'test.app',
-      ARCHIVE_CLIENT_GCLOUD_CREDENTIALS: testCredentials,
+      ARCHIVE_API_CLIENT_ID: 'test.app',
+      ARCHIVE_API_CLIENT_SECRET: '12345',
     })
 
     createClient()

diff --git a/packages/common-archive-client/lib/client.ts b/packages/common-archive-client/lib/client.ts
@@ -2,41 +2,14 @@ import { createTRPCProxyClient, httpBatchLink } from '@trpc/client'
 import type { ArchiveApiRouter } from '@ruuvipuserrin/archive'
 import { getEnv } from './env'
 
-// TODO: consider storing in KV in case of cloudflare worker client
 const cache: Map<string, unknown> = new Map()
 
-async function fetchAuthHeaders() {
+export async function fetchAuthHeaders() {
   const env = getEnv()
-  if (!env.ARCHIVE_CLIENT_GCLOUD_CREDENTIALS) {
-    return {}
+  return {
+    'CF-Access-Client-Id': env.ARCHIVE_API_CLIENT_ID,
+    'CF-Access-Client-Secret': env.ARCHIVE_API_CLIENT_SECRET,
   }
-  try {
-    const { getAccessToken } = await import('web-auth-library/google')
-    const options = {
-      credentials: env.ARCHIVE_CLIENT_GCLOUD_CREDENTIALS,
-      scope: env.ARCHIVE_CLIENT_GCLOUD_SCOPE,
-      cache,
-    }
-    const accessToken = await getAccessToken(options)
-
-    return {
-      Authorization: `Bearer ${accessToken}`,
-    }
-  } catch (err) {
-    console.error(err, (err as any).response)
-    throw err
-  }
-}
-
-let getAuthHeadersPromise: Promise<{ Authorization?: string }> | undefined
-
-export async function getAuthHeaders() {
-  if (!getAuthHeadersPromise) {
-    getAuthHeadersPromise = fetchAuthHeaders().finally(() => {
-      getAuthHeadersPromise = undefined
-    })
-  }
-  return getAuthHeadersPromise
 }
 
 export function createClient() {
@@ -50,9 +23,7 @@ export function createClient() {
     links: [
       httpBatchLink({
         url,
-        headers: async () => ({
-          ...(await getAuthHeaders()),
-        }),
+        headers: async () => fetchAuthHeaders(),
       }),
     ],
   })

diff --git a/packages/common-archive-client/lib/env.test.ts b/packages/common-archive-client/lib/env.test.ts
@@ -1,20 +1,5 @@
 import { getEnv } from './env'
 
-const testCredentials = {
-  type: 'service_account',
-  project_id: 'test',
-  private_key_id: '1',
-  private_key: '-----BEGIN PRIVATE KEY-----test-----END PRIVATE KEY-----',
-  client_email: 'ding@dong.iam.gserviceaccount.com',
-  client_id: '1234',
-  auth_uri: 'https://accounts.google.com/o/oauth2/auth',
-  token_uri: 'https://oauth2.googleapis.com/token',
-  auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs',
-  client_x509_cert_url: 'https://www.googleapis.com/robot/v1/metadata/x509/ding%40dong.iam.gserviceaccount.com',
-}
-
-const base64EncodedStringCredentials = Buffer.from(JSON.stringify(testCredentials)).toString('base64')
-
 describe('getEnv', () => {
   it('should typify selected values', async () => {
     const env = {
@@ -23,16 +8,16 @@ describe('getEnv', () => {
       ARCHIVE_API_HOST: '127.0.0.1',
       ARCHIVE_API_PORT: '4000',
       ARCHIVE_API_PATH: '/trpc',
-      ARCHIVE_CLIENT_GCLOUD_SCOPE: 'test.app',
-      ARCHIVE_CLIENT_GCLOUD_CREDENTIALS: base64EncodedStringCredentials,
+      ARCHIVE_API_CLIENT_ID: 'test.app',
+      ARCHIVE_API_CLIENT_SECRET: '3214125',
     }
     expect(getEnv(env)).toEqual({
       ARCHIVE_API_SSL: true,
       ARCHIVE_API_HOST: '127.0.0.1',
       ARCHIVE_API_PORT: 4000,
       ARCHIVE_API_PATH: '/trpc',
-      ARCHIVE_CLIENT_GCLOUD_SCOPE: 'test.app',
-      ARCHIVE_CLIENT_GCLOUD_CREDENTIALS: testCredentials,
+      ARCHIVE_API_CLIENT_ID: 'test.app',
+      ARCHIVE_API_CLIENT_SECRET: '3214125',
     })
   })
 
@@ -42,7 +27,7 @@ describe('getEnv', () => {
       ARCHIVE_API_SSL: '0',
       ARCHIVE_API_HOST: 92348176,
       ARCHIVE_API_PORT: '4000',
-      ARCHIVE_CLIENT_GCLOUD_SCOPE: 'test.app',
+      ARCHIVE_API_CLIENT_ID: 'test.app',
       ARCHIVE_API_PATH: '/trpc',
     }
     expect(() =>
@@ -55,18 +40,12 @@ describe('getEnv', () => {
     const env = {
       ARCHIVE_API_SSL: '1',
       ARCHIVE_API_HOST: '127.0.0.1',
-      ARCHIVE_API_PORT: '',
       ARCHIVE_API_PATH: '',
-      ARCHIVE_CLIENT_GCLOUD_SCOPE: 'test.app',
-      ARCHIVE_CLIENT_GCLOUD_CREDENTIALS: base64EncodedStringCredentials,
     }
     expect(getEnv(env)).toEqual({
       ARCHIVE_API_SSL: true,
       ARCHIVE_API_HOST: '127.0.0.1',
-      ARCHIVE_API_PORT: 0,
       ARCHIVE_API_PATH: '/trpc',
-      ARCHIVE_CLIENT_GCLOUD_SCOPE: 'test.app',
-      ARCHIVE_CLIENT_GCLOUD_CREDENTIALS: testCredentials,
     })
   })
 })
diff --git a/packages/common-archive-client/lib/env.ts b/packages/common-archive-client/lib/env.ts
@@ -12,28 +12,8 @@ const ZEnv = z.object({
   ARCHIVE_API_HOST: z.string(),
   ARCHIVE_API_PORT: z.coerce.number().optional(),
   ARCHIVE_API_PATH: z.preprocess((value) => (value ? value : undefined), z.string().default('/trpc')),
-  ARCHIVE_CLIENT_GCLOUD_SCOPE: z.string().optional(),
-  /* Base64 encoded JSON */
-  ARCHIVE_CLIENT_GCLOUD_CREDENTIALS: z.preprocess(
-    (base64EncodedString: unknown) =>
-      base64EncodedString
-        ? JSON.parse(new TextDecoder().decode(base64.parse(base64EncodedString as string)))
-        : undefined,
-    z
-      .object({
-        type: z.string(),
-        project_id: z.string(),
-        private_key_id: z.string(),
-        private_key: z.string(),
-        client_email: z.string(),
-        client_id: z.string(),
-        auth_uri: z.string(),
-        token_uri: z.string(),
-        auth_provider_x509_cert_url: z.string(),
-        client_x509_cert_url: z.string(),
-      })
-      .optional(),
-  ),
+  ARCHIVE_API_CLIENT_ID: z.string().optional(),
+  ARCHIVE_API_CLIENT_SECRET: z.string().optional(),
 })
 
 type EnvSource = Record<string, string | undefined>
@@ -43,5 +23,10 @@ function envSource(): EnvSource {
 }
 
 export function getEnv(env = envSource()) {
-  return ZEnv.parse(env)
+  const result = ZEnv.safeParse(env)
+  if (!result.success) {
+    console.error(result.error)
+    throw new Error(`Invalid environment variables: ${result.error.message}`)
+  }
+  return result.data
 }
diff --git a/packages/configurator/.gitignore b/packages/configurator/.gitignore
@@ -6,3 +6,5 @@ node_modules
 /public/build
 /.mf
 .env
+.dev.vars
+.wrangler
diff --git a/packages/configurator/package.json b/packages/configurator/package.json
@@ -5,7 +5,7 @@
   "scripts": {
     "build": "remix build",
     "dev:remix": "remix watch",
-    "dev:miniflare": "cross-env NODE_ENV=development miniflare ./build/index.js --watch",
+    "dev:miniflare": "cross-env NODE_ENV=development wrangler dev",
     "dev": "npm-run-all build --parallel \"dev:*\"",
     "cloudflare:build": "wrangler build",
     "cloudflare:deploy": "wrangler publish",
@@ -22,20 +22,20 @@
     "react-dom": "^18.2.0"
   },
   "devDependencies": {
-    "@cloudflare/workers-types": "^3.18.0",
+    "@cloudflare/workers-types": "^4.20240718.0",
     "@remix-run/dev": "^1.13.0",
     "@remix-run/eslint-config": "^1.13.0",
-    "@types/react": "^18.0.25",
-    "@types/react-dom": "^18.0.8",
+    "@types/react": "^18.3.3",
+    "@types/react-dom": "^18.3.0",
     "eslint": "^8.27.0",
-    "miniflare": "^2.12.1",
+    "miniflare": "^3.20240718.0",
     "npm-run-all": "^4.1.5",
     "postcss": "^8.4.31",
     "postcss-cli": "^10.1.0",
     "postcss-import": "^15.1.0",
     "tailwindcss": "^3.2.7",
     "typescript": "^4.8.4",
-    "wrangler": "^3.1.1"
+    "wrangler": "^3.65.1"
   },
   "engines": {
     "node": ">=16.13"

diff --git a/packages/configurator/wrangler.toml b/packages/configurator/wrangler.toml
@@ -3,13 +3,11 @@ name = "ruuvipuserrin-configurator"
 workers_dev = true
 main = "./build/index.js"
 # https://developers.cloudflare.com/workers/platform/compatibility-dates
-compatibility_date = "2022-04-05"
+compatibility_date = "2022-07-19"
+upload_source_maps = true
 
 [site]
-  bucket = "./public"
+bucket = "./public"
 
 [build]
-  command = "npx nx build"
-
-[miniflare]
-env_path = "../../.env.local"
+command = "npx nx build"