Merge pull request #1043 from jetstreamapp/feat/jetstream-authentication

Jetstream Authentication

.env.example

@@ -2,72 +2,87 @@
 ###### REQUIRED ######
 
 ENVIRONMENT='development'
-# Example key - not used in any real environments
-JETSTREAM_SESSION_SECRET='15a845f36512d850dfd223af8809873c'
+
+# SFDC API VERSION TO USE
+NX_SFDC_API_VERSION='62.0'
+
+# trace, debug (default), info, warn, error, fatal, silent
+LOG_LEVEL='trace'
+
+# Session signing secret - minimum of 32 characters
+# Generate using: `openssl rand -base64 32`
+JETSTREAM_SESSION_SECRET=''
+# Backup key to allow session rotation
+JETSTREAM_SESSION_SECRET_BACKUP=''
+# Auth secret - used to sign encrypt CSRF tokens for authentication pages
+# Generate using: `openssl rand -base64 32`
+JETSTREAM_AUTH_SECRET=''
+# Secret used to encrypt OTP tokens for storage in the database
+JETSTREAM_AUTH_OTP_SECRET=''
+
+# JETSTREAM URLS
+# If developing, then these will be localhost
+# If running locally but not developing the platform, use port `:3333` for all of these
 JETSTREAM_CLIENT_URL='http://localhost:4200/app'
 JETSTREAM_SERVER_DOMAIN='localhost:3333'
 JETSTREAM_SERVER_URL='http://localhost:3333'
 JETSTREAM_POSTGRES_DBURI='postgres://postgres@localhost:5432/postgres'
 
-# trace, debug (default), info, warn, error, fatal, silent - determines how much server logging is done
-LOG_LEVEL='trace'
+# Used in landing page to redirect to the correct URL
+# If running locally but not developing the platform, use port `:3333` for all of these
+NEXT_PUBLIC_CLIENT_URL='http://localhost:4200/app'
+NEXT_PUBLIC_SERVER_URL='http://localhost:3333'
 
-# PLAYWRIGHT INTEGRATION TEST LOGIN
-E2E_LOGIN_USERNAME='[email protected]'
-E2E_LOGIN_PASSWORD='TODO'
-E2E_LOGIN_URL='https://jetstream-e2e-dev-ed.develop.my.salesforce.com'
+# OAUTH FOR LOGGING IN TO THE APP
+# You can provide your own keys by creating a connected app in your dev or production org.
+# Salesforce - Scopes: email, profile, openid
+AUTH_SFDC_CLIENT_ID='3MVG9riCAn8HHkYWGpu4WgDxYOW_9snDbMX1MD9hZ5Hd9NZ4yIKUhecgKe.bLizoOuSZGUwL.214Oyhcfd..1'
+AUTH_SFDC_CLIENT_SECRET='3DC73F32C7385596DF9625F914D96A2CADC68F074010D658C122A774A9EC6AA3'
+
+# Google - Scopes: email, profile, openid
+AUTH_GOOGLE_CLIENT_ID=''
+AUTH_GOOGLE_CLIENT_SECRET=''
 
 # SALESFORCE CONFIGURATION
-# You can provide your own key by creating a connected app in your dev or production org.
-# Ensure api, web, refresh_token scopes are included
+# You can provide your own keys by creating a connected app in your dev or production org.
+# Scopes: api, web, refresh_token
 SFDC_CALLBACK_URL='http://localhost:3333/oauth/sfdc/callback'
-SFDC_CONSUMER_KEY='3MVG9tSqyyAXNH5ItQtuplEg40Ks_MLSG37L1PV.TLDjsCbdp7EDonFUW0csSDDrutnfuxKH5OKSXSbhiGPv5'
-SFDC_CONSUMER_SECRET='F77C1B4AF03CF51B290A591766F4C430E3136949A636D4AA5339F8EB6A40052A'
+SFDC_CONSUMER_KEY='3MVG9riCAn8HHkYWGpu4WgDxYOW_9snDbMX1MD9hZ5Hd9NZ4yIKUhecgKe.bLizoOuSZGUwL.214Oyhcfd..1'
+SFDC_CONSUMER_SECRET='3DC73F32C7385596DF9625F914D96A2CADC68F074010D658C122A774A9EC6AA3'
+
+###### OPTIONAL ######
 
-# API VERSION TO USE
-SFDC_API_VERSION='58.0'
+# PLAYWRIGHT INTEGRATION TEST LOGIN
+E2E_LOGIN_USERNAME='[email protected]'
+E2E_LOGIN_PASSWORD=''
+E2E_LOGIN_URL='https://jetstream-e2e-dev-ed.develop.my.salesforce.com'
 
 # If set to true, then authentication will be bypassed
 # You will use a test account instead of a real account - only works if running locally
-EXAMPLE_USER_OVERRIDE=true
-
-# Auth0 configuration - Free public account, you can replace with your own if you want
-AUTH0_CLIENT_ID='305Mn5azd97CZrHDf5SflQCZlEeEKfTU'
-AUTH0_CLIENT_SECRET='CmOSq3HVhUVZhjmnlLy4IHk46E1XuhVXAxcx9Epjm38opRy-ycaBlJujkDlhL7zu'
-AUTH0_DOMAIN='dev-ce6oji5b.us.auth0.com'
-AUTH0_M2M_DOMAIN='dev-ce6oji5b.us.auth0.com'
+EXAMPLE_USER_OVERRIDE='true'
+EXAMPLE_USER_PASSWORD='EXAMPLE_123!'
 
-# AUTH0 APPLICATION CONFIGURATION
-# LOGO:         https://getjetstream.app/assets/images/jetstream-logo.svg
-# CALLBACK URL: http://localhost:3333/oauth/callback, http://localhost:3333/oauth/identity/link/callback, jetstream://localhost/oauth/callback
-# LOGOUT URLS:  https://staging.getjetstream.app, http://localhost:3333, jetstream://localhost/oauth/callback
-
-###### OPTIONAL ######
-
-PRISMA_DEBUG='false'
-
-NX_PUBLIC_AUTH_AUDIENCE='http://getjetstream.app/app_metadata'
 NX_PUBLIC_ROLLBAR_KEY=''
 NX_PUBLIC_AMPLITUDE_KEY=''
 
-# Used to save feedback as a github issue and run some build commands
-# Also required for the release process
-GITHUB_TOKEN=''
-
+# Credentials for sending emails
+# If you are not using the example user, then you may need to configure this for MFA
 MAILGUN_API_KEY=''
+JETSTREAM_EMAIL_DOMAIN=''
+JETSTREAM_EMAIL_FROM_NAME=''
+JETSTREAM_EMAIL_REPLY_TO=''
 
 # Used to generate blog when building landing page
 CONTENTFUL_HOST='cdn.contentful.com'
 CONTENTFUL_SPACE=''
 CONTENTFUL_TOKEN=''
 
-# Required to use Google integration
+# Required to use Google within application
 GOOGLE_APP_ID=''
 GOOGLE_API_KEY=''
 GOOGLE_CLIENT_ID=''
 GOOGLE_CLIENT_SECRET=''
 GOOGLE_REDIRECT_URI='http://localhost:3333/oauth/google/callback'
-GOOGLE_ENC_KEY=''
 
 ROLLBAR_SERVER_TOKEN=''
 
@@ -79,3 +94,7 @@ ALGOLIA_API_KEY=''
 HONEYCOMB_ENABLED=false
 HONEYCOMB_API_KEY=''
 
+# Nx 18 enables using plugins to infer targets by default
+# This is disabled for existing workspaces to maintain compatibility
+# For more info, see: https://nx.dev/concepts/inferred-tasks
+NX_ADD_PLUGINS=false

.eslintrc.json

@@ -36,7 +36,9 @@
   "overrides": [
     {
       "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
-      "rules": {}
+      "rules": {
+        "no-empty-pattern": "off"
+      }
     },
     {
       "files": ["*.tsx"],

.github/workflows/ci.yml

@@ -12,8 +12,9 @@ env:
   CONTENTFUL_TOKEN: ${{ secrets.CONTENTFUL_TOKEN }}
   NX_CLOUD_DISTRIBUTED_EXECUTION: false
   NX_PUBLIC_AMPLITUDE_KEY: ${{ secrets.NX_PUBLIC_AMPLITUDE_KEY }}
-  NX_PUBLIC_AUTH_AUDIENCE: http://getjetstream.app/app_metadata
   NX_PUBLIC_ROLLBAR_KEY: ${{ secrets.NX_PUBLIC_ROLLBAR_KEY }}
+  NEXT_PUBLIC_CLIENT_URL: 'http://localhost:3333/app'
+  NEXT_PUBLIC_SERVER_URL: 'http://localhost:3333'
 
 jobs:
   # Build application
@@ -62,32 +63,29 @@ jobs:
     needs: build-and-test
     runs-on: ubuntu-latest
     env:
-      LOG_LEVEL: warn
-      AUTH0_CLIENT_ID: 'shxza1G0595Ut2htmAd3NfbMMsqelrE5'
-      AUTH0_CLIENT_SECRET: 'NOT-NEEDED'
-      AUTH0_DOMAIN: 'getjetstream-dev.us.auth0.com'
+      NX_CLOUD_DISTRIBUTED_EXECUTION: false
+      AUTH_SFDC_CLIENT_ID: ${{ secrets.SFDC_CONSUMER_KEY }}
+      AUTH_SFDC_CLIENT_SECRET: ${{ secrets.SFDC_CONSUMER_SECRET }}
       E2E_LOGIN_PASSWORD: ${{ secrets.E2E_LOGIN_PASSWORD }}
       E2E_LOGIN_URL: 'https://jetstream-e2e-dev-ed.develop.my.salesforce.com'
       E2E_LOGIN_USERNAME: '[email protected]'
       EXAMPLE_USER_OVERRIDE: true
+      EXAMPLE_USER_PASSWORD: 'EXAMPLE_123!'
       GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
       GOOGLE_APP_ID: ${{ secrets.GOOGLE_APP_ID }}
       GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
       GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
-      JETSTREAM_POSTGRES_DBURI: postgres://postgres:postgres@localhost:5432/postgres
-      JETSTREAM_SESSION_SECRET: ${{ secrets.JETSTREAM_SESSION_SECRET }}
+      JETSTREAM_AUTH_OTP_SECRET: ${{ secrets.JETSTREAM_AUTH_OTP_SECRET }}
+      JETSTREAM_AUTH_SECRET: ${{ secrets.JETSTREAM_AUTH_SECRET }}
       JETSTREAM_CLIENT_URL: http://localhost:3333/app
+      JETSTREAM_POSTGRES_DBURI: postgres://postgres:postgres@localhost:5432/postgres
       JETSTREAM_SERVER_DOMAIN: localhost:3333
       JETSTREAM_SERVER_URL: http://localhost:3333
-      NX_PUBLIC_AMPLITUDE_KEY: ${{ secrets.NX_PUBLIC_AMPLITUDE_KEY }}
-      NX_PUBLIC_AUTH_AUDIENCE: http://getjetstream.app/app_metadata
-      NX_CLOUD_DISTRIBUTED_EXECUTION: false
-      NX_PUBLIC_ROLLBAR_KEY: ${{ secrets.NX_PUBLIC_ROLLBAR_KEY }}
+      JETSTREAM_SESSION_SECRET: ${{ secrets.JETSTREAM_SESSION_SECRET }}
+      SFDC_API_VERSION: '62.0'
       SFDC_CALLBACK_URL: http://localhost:3333/oauth/sfdc/callback
       SFDC_CONSUMER_KEY: ${{ secrets.SFDC_CONSUMER_KEY }}
       SFDC_CONSUMER_SECRET: ${{ secrets.SFDC_CONSUMER_SECRET }}
-      SFDC_ENC_KEY: ${{ secrets.SFDC_ENC_KEY }}
-      SFDC_API_VERSION: '58.0'
 
     services:
       postgres:

Dockerfile

@@ -42,6 +42,10 @@ RUN yarn build:core && \
 RUN yarn install --production=true && \
     yarn add cross-env npm-run-all --save-dev
 
+# FIXME: figure out why this is not included
+# Add missing dependencies
+RUN yarn add @react-email/components
+
 # Final stage for app image
 FROM base
 

README.md

@@ -70,6 +70,17 @@ This project was generated using [Nx](https://nx.dev) - This repository is consi
 2. If you are using docker, make sure you have Docker installed.
 3. If you want to run the dev server, make sure you have yarn version 1 installed.
 
+### Installing Dependencies
+
+### Setting up your environment
+
+Run this script to copy `.env.example` to `.env` which will generate encryption keys which are required to run the application.
+You will be asked some questions which will determine some of the environment variables.
+
+```bash
+yarn scripts:generate-env
+```
+
 📓 You can choose to skip authentication locally by setting the environment variable `EXAMPLE_USER_OVERRIDE=true`. This is set to true by default in the `.env.example` file.
 🌟 To use this, don't click the login button, but instead just go to `http://localhost:3333/app` or `http://localhost:4200/app` (if running the react development server) directly.
 
@@ -91,16 +102,17 @@ docker compose up
 
 - Jetstream will be running at `http://localhost:3333`
 - Postgres will be running on port `5555` if you wanted to connect to it locally.
-- When you click "Login", you should immediately be logged in without having to sign in.
-  - You can set `EXAMPLE_USER_OVERRIDE` if you want to disable this behavior
+- You can login with the `Example` user
+  - The username is `[email protected]`
+  - The password is contained in the `.env` file
 - If assets on the page don't load, do a hard refresh (hold cmd or shift and press refresh)
   - This might happen if you have re-built the image and the browser has cached the page with now missing resources.
 
 ### Running without Docker
 
 Use this option if you want to contribute to the codebase.
 
-Jetstream relies on a Postgres database, so you either need to [run Postgresql locally](https://www.postgresql.org/download/) or use a managed provider such as one from the list below. Optionally you can run jetstream in a Docker container which includes Postgresql.
+Jetstream relies on a Postgres database, so you either need to [run Postgresql locally](https://www.postgresql.org/download/), in a docker container, or use a managed provider such as one from the list below. Optionally you can run jetstream in a Docker container which includes Postgresql.
 
 - [Render](https://render.com/) (Jetstream is hosted here)
 - [elephantsql](https://www.elephantsql.com/plans.html)

apps/api/.env.production

@@ -1,8 +1,5 @@
 ENVIRONMENT="production"
 
-AUTH0_DOMAIN="auth.getjetstream.app"
-AUTH0_M2M_DOMAIN="getjetstream.us.auth0.com"
-
 CONTENTFUL_HOST="cdn.contentful.com"
 
 GOOGLE_REDIRECT_URI="https://getjetstream.app/oauth/google/callback"
@@ -13,9 +10,8 @@ JETSTREAM_CLIENT_URL="https://getjetstream.app/app"
 JETSTREAM_SERVER_DOMAIN="getjetstream.app"
 JETSTREAM_SERVER_URL="https://getjetstream.app"
 
-NX_PUBLIC_AUTH_AUDIENCE="http://getjetstream.app/app_metadata"
 NX_BRANCH="main"
-NX_SFDC_API_VERSION="61.0"
+NX_SFDC_API_VERSION="62.0"
 
-SFDC_API_VERSION="61.0"
+SFDC_API_VERSION="62.0"
 SFDC_CALLBACK_URL="https://getjetstream.app/oauth/sfdc/callback"

apps/api/.eslintrc.json

@@ -1,10 +1,12 @@
 {
   "extends": ["../../.eslintrc.json"],
-  "ignorePatterns": ["!**/*"],
+  "ignorePatterns": ["!**/*", "src/assets/**"],
   "overrides": [
     {
       "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
-      "rules": {}
+      "rules": {
+        "no-empty-pattern": "off"
+      }
     },
     {
       "files": ["*.ts", "*.tsx"],