From d3225bc8142d64ccc6c82e34f6f85b5412f4d3ed Mon Sep 17 00:00:00 2001 From: Lordfirespeed <28568841+Lordfirespeed@users.noreply.github.com> Date: Mon, 23 Sep 2024 13:13:52 +0100 Subject: [PATCH] apply configuration changes from keycloak & some production defaults --- server/src/auth/keycloak-client.ts | 5 +++-- server/src/config/default.ts | 22 +++++++++++++--------- server/src/config/development.ts | 11 ----------- server/src/config/index.ts | 2 +- server/src/config/production.ts | 23 ++++++++++++++++++++++- server/src/config/schema.ts | 7 ++++--- server/src/database/index.ts | 4 ++-- 7 files changed, 45 insertions(+), 29 deletions(-) delete mode 100644 server/src/config/development.ts diff --git a/server/src/auth/keycloak-client.ts b/server/src/auth/keycloak-client.ts index 1d67f39..91139a8 100644 --- a/server/src/auth/keycloak-client.ts +++ b/server/src/auth/keycloak-client.ts @@ -13,13 +13,14 @@ function adaptClientConfig(clientConfig: typeof keycloakConfig): ClientMetadata } satisfies ClientMetadata } -export const keycloakIssuer = await Issuer.discover(keycloakConfig.url) +const keycloakIssuerUrl = new URL(`/realms/${keycloakConfig.realm}`, keycloakConfig.baseUrl) +export const keycloakIssuer = await Issuer.discover(keycloakIssuerUrl.toString()) const keycloakClientConfig = adaptClientConfig(keycloakConfig) export const keycloakClient = new keycloakIssuer.Client(keycloakClientConfig) const keycloakAdminClient = new KeycloakAdminClient({ baseUrl: keycloakConfig.adminBaseUrl, - realmName: "durhack", + realmName: keycloakConfig.realm, }) async function fetchKeycloakClientCredentials() { diff --git a/server/src/config/default.ts b/server/src/config/default.ts index 630e510..abc8b0b 100644 --- a/server/src/config/default.ts +++ b/server/src/config/default.ts @@ -3,10 +3,10 @@ import type { ConfigIn } from "./schema" export default { listen: { - host: "127.0.0.1", - port: 3101, + host: "localhost", + port: 3101, // Megateams project has ports 3000-3099 }, - hostname: "http://localhost:3101", + origin: "http://megateams.durhack-dev.com", flags: {}, csrf: { enabled: true, @@ -14,6 +14,7 @@ export default { options: { cookieOptions: { name: "durhack-megateams.x-csrf-token", + domain: "megateams.durhack-dev.com", sameSite: "strict", path: "/", secure: false, @@ -26,12 +27,14 @@ export default { session: { cookie: { name: "durhack-megateams-session", + domain: "megateams.durhack-dev.com", + sameSite: "lax", + path: "/", secure: false, }, }, megateams: { maxTeamMembers: 4, - QRCodeRedemptionURL: "https://megateams.durhack.com/hacker/redeem", QRPresets: { chat: { name: "Chat - 5p", @@ -53,7 +56,7 @@ export default { apiEndpoint: "https://discord.com/api/v10", clientId: "yourDiscordAppClientIdHere", clientSecret: "yourDiscordAppClientSecretHere", - redirectUri: "https://megateams.durhack.com/api/discord/redirect", + redirectUri: "http://megateams.durhack-dev.com/api/discord/redirect", botToken: "yourDiscordBotTokenHere", guildID: "yourDiscordGuildIDHere", inviteLink: "https://discord.gg/xyz", @@ -62,8 +65,8 @@ export default { jsonwebtoken: { accessTokenLifetime: 1800, refreshTokenLifetime: 1209600, - issuer: "https://megateams.durhack.com", - audience: "https://megateams.durhack.com", + issuer: "http://megateams.durhack-dev.com", + audience: "http://megateams.durhack-dev.com", authorities: [ { for: TokenType.accessToken, @@ -83,11 +86,12 @@ export default { ], }, keycloak: { - url: "https://auth.durhack.com/realms/durhack", + realm: "durhack-dev", + baseUrl: "https://auth.durhack.com", adminBaseUrl: "https://admin.auth.durhack.com", clientId: "not-a-real-client-id", clientSecret: "not-a-real-client-secret", responseTypes: ["code"], - redirectUris: ["https://megateams.durhack.com/api/auth/keycloak/callback"], + redirectUris: ["http://megateams.durhack-dev.com/api/auth/keycloak/callback"], }, } satisfies ConfigIn diff --git a/server/src/config/development.ts b/server/src/config/development.ts deleted file mode 100644 index 5c6f6dc..0000000 --- a/server/src/config/development.ts +++ /dev/null @@ -1,11 +0,0 @@ -import type { DeepPartial } from "@server/types/deep-partial" -import type { ConfigIn } from "./schema" - -export default { - megateams: { - QRCodeRedemptionURL: "http://localhost:8080/hacker/redeem", - }, - keycloak: { - redirectUris: ["http://localhost:3101/api/auth/keycloak/callback"], - }, -} satisfies DeepPartial diff --git a/server/src/config/index.ts b/server/src/config/index.ts index 4762f43..367f9e2 100644 --- a/server/src/config/index.ts +++ b/server/src/config/index.ts @@ -30,7 +30,7 @@ export const { session: sessionConfig, discord: discordConfig, keycloak: keycloakConfig, - hostname, + origin, megateams: megateamsConfig, } = config diff --git a/server/src/config/production.ts b/server/src/config/production.ts index 7018aad..26d5431 100644 --- a/server/src/config/production.ts +++ b/server/src/config/production.ts @@ -2,15 +2,36 @@ import type { DeepPartial } from "@server/types/deep-partial" import type { ConfigIn } from "./schema" export default { + origin: "https://megateams.durhack.com", csrf: { options: { cookieOptions: { name: "__Host-durhack-megateams.x-csrf-token", + domain: undefined, + path: "/", secure: true, + sameSite: "strict", }, }, }, session: { - cookie: { secure: true }, + cookie: { + name: "__Host-durhack-megateams-session", + domain: undefined, + path: "/", + secure: true, + sameSite: "lax", + }, + }, + discord: { + redirectUri: "https://megateams.durhack.com/api/discord/redirect", + }, + jsonwebtoken: { + issuer: "https://megateams.durhack.com", + audience: "https://megateams.durhack.com", }, + keycloak: { + realm: "durhack", + redirectUris: ["https://megateams.durhack.com/api/auth/keycloak/redirect"], + } } satisfies DeepPartial diff --git a/server/src/config/schema.ts b/server/src/config/schema.ts index 88376f2..fa40261 100644 --- a/server/src/config/schema.ts +++ b/server/src/config/schema.ts @@ -10,6 +10,7 @@ export const cookie_options_schema = z.object({ sameSite: z.union([z.literal("none"), z.literal("lax"), z.literal("strict")]).optional(), path: z.string().optional(), secure: z.boolean(), + domain: z.string().optional(), }) export const doubleCsrfOptionsSchema = z.object({ @@ -37,7 +38,8 @@ export const qrPresetSchema = z.object({ }) export const keycloakOptionsSchema = z.object({ - url: z.string().url(), + realm: z.string(), + baseUrl: z.string().url(), adminBaseUrl: z.string().url(), clientId: z.string(), clientSecret: z.string(), @@ -58,7 +60,7 @@ export const discordOptionsSchema = z.object({ export const configSchema = z.object({ listen: listenOptionsSchema, - hostname: z.string().url(), + origin: z.string().url(), flags: z.object({}), csrf: z.object({ enabled: z.boolean(), @@ -70,7 +72,6 @@ export const configSchema = z.object({ session: sessionOptionsSchema, megateams: z.object({ maxTeamMembers: z.number().positive(), - QRCodeRedemptionURL: z.string().url(), QRPresets: z.object({}).catchall(qrPresetSchema), }), discord: discordOptionsSchema, diff --git a/server/src/database/index.ts b/server/src/database/index.ts index 1d9d4e5..536fe30 100644 --- a/server/src/database/index.ts +++ b/server/src/database/index.ts @@ -2,7 +2,7 @@ import { ClientError } from "@otterhttp/errors" import { type Prisma, PrismaClient } from "@prisma/client" import { decodeTeamJoinCode } from "@server/common/decode-team-join-code" -import { megateamsConfig } from "@server/config" +import { megateamsConfig, origin } from "@server/config" export type Area = Prisma.AreaGetPayload<{ select: undefined }> export type Megateam = Prisma.MegateamGetPayload<{ select: undefined }> @@ -91,7 +91,7 @@ export const prisma = basePrisma.$extends({ needs: { payload: true }, compute(qrCode) { const redemptionUrlSearchParams = new URLSearchParams({ qr_id: qrCode.payload }) - return `${megateamsConfig.QRCodeRedemptionURL}?${redemptionUrlSearchParams.toString()}` + return `${origin}/hacker/redeem?${redemptionUrlSearchParams.toString()}` }, }, },