feat(tenant-management): integrate auth0

GH-47

services/tenant-management-service/migrations/pg/migrations/20240925102459-add-table-tenant-configs.js

@@ -8,46 +8,52 @@ var path = require('path');
 var Promise;
 
 /**
-  * We receive the dbmigrate dependency from dbmigrate initially.
-  * This enables us to not have to rely on NODE_PATH.
-  */
-exports.setup = function(options, seedLink) {
+ * We receive the dbmigrate dependency from dbmigrate initially.
+ * This enables us to not have to rely on NODE_PATH.
+ */
+exports.setup = function (options, seedLink) {
   dbm = options.dbmigrate;
   type = dbm.dataType;
   seed = seedLink;
   Promise = options.Promise;
 };
 
-exports.up = function(db) {
-  var filePath = path.join(__dirname, 'sqls', '20240925102459-add-table-tenant-configs-up.sql');
-  return new Promise( function( resolve, reject ) {
-    fs.readFile(filePath, {encoding: 'utf-8'}, function(err,data){
+exports.up = function (db) {
+  var filePath = path.join(
+    __dirname,
+    'sqls',
+    '20240925102459-add-table-tenant-configs-up.sql',
+  );
+  return new Promise(function (resolve, reject) {
+    fs.readFile(filePath, {encoding: 'utf-8'}, function (err, data) {
       if (err) return reject(err);
       console.log('received data: ' + data);
 
       resolve(data);
     });
-  })
-  .then(function(data) {
+  }).then(function (data) {
     return db.runSql(data);
   });
 };
 
-exports.down = function(db) {
-  var filePath = path.join(__dirname, 'sqls', '20240925102459-add-table-tenant-configs-down.sql');
-  return new Promise( function( resolve, reject ) {
-    fs.readFile(filePath, {encoding: 'utf-8'}, function(err,data){
+exports.down = function (db) {
+  var filePath = path.join(
+    __dirname,
+    'sqls',
+    '20240925102459-add-table-tenant-configs-down.sql',
+  );
+  return new Promise(function (resolve, reject) {
+    fs.readFile(filePath, {encoding: 'utf-8'}, function (err, data) {
       if (err) return reject(err);
       console.log('received data: ' + data);
 
       resolve(data);
     });
-  })
-  .then(function(data) {
+  }).then(function (data) {
     return db.runSql(data);
   });
 };
 
 exports._meta = {
-  "version": 1
+  version: 1,
 };

services/tenant-management-service/package.json

@@ -101,10 +101,12 @@
         "@loopback/build": "^11.0.2",
         "@loopback/eslint-config": "^15.0.2",
         "@loopback/testlab": "^7.0.2",
+        "@types/auth0": "^3.3.10",
         "@types/jsonwebtoken": "^9.0.5",
         "@types/moment": "^2.13.0",
         "@types/node": "^18.11.9",
         "@types/pdfkit": "^0.13.4",
+        "auth0": "^4.10.0",
         "eslint": "^8.57.0",
         "nodemon": "^2.0.21",
         "nyc": "^15.1.0",

services/tenant-management-service/src/component.ts

@@ -34,7 +34,10 @@ import {
   EventConnectorBinding,
   LEAD_TOKEN_VERIFIER,
   SYSTEM_USER,
+
   TenantManagementServiceBindings,
+  WEBHOOK_CONFIG,
+  WEBHOOK_VERIFIER,
 } from './keys';
 import {ITenantManagementServiceConfig} from './types';
 import {InvoiceController} from './controllers/invoice.controller';
@@ -45,6 +48,8 @@ import {
   LeadController,
   PingController,
   TenantController,
+  TenantConfigController,
+  TenantConfigTenantController,
 } from './controllers';
 import {
   Address,
@@ -83,8 +88,12 @@ import {
   OnboardingService,
   ProvisioningService,
 } from './services';
-import { IdpController } from './controllers/idp.controller';
-import { KeycloakIdpProvider } from './providers/idp/idp-keycloak.provider';
+import {IdpController} from './controllers/idp.controller';
+import { Auth0IdpProvider, KeycloakIdpProvider } from './providers/idp';
+import { WebhookVerifierProvider } from './interceptors';
+import { DEFAULT_SIGNATURE_HEADER, DEFAULT_TIMESTAMP_HEADER, DEFAULT_TIMESTAMP_TOLERANCE } from './utils';
+import { ProvisioningWebhookHandler } from './services/webhook';
+
 export class TenantManagementServiceComponent implements Component {
   constructor(
     @inject(CoreBindings.APPLICATION_INSTANCE)
@@ -124,7 +133,7 @@ export class TenantManagementServiceComponent implements Component {
       ResourceRepository,
       TenantRepository,
       WebhookSecretRepository,
-      TenantConfigRepository
+      TenantConfigRepository,
     ];
 
     this.models = [
@@ -141,7 +150,7 @@ export class TenantManagementServiceComponent implements Component {
       TenantOnboardDTO,
       VerifyLeadResponseDTO,
       WebhookDTO,
-      TenantConfig
+      TenantConfig,
     ];
 
     this.controllers = [
@@ -151,18 +160,37 @@ export class TenantManagementServiceComponent implements Component {
       LeadTenantController,
       LeadController,
       PingController,
-      TenantController
+      TenantController,
+      IdpController,
+      TenantConfigController,
+      TenantConfigTenantController,
     ];
 
     this.bindings = [
       Binding.bind(LEAD_TOKEN_VERIFIER).toProvider(LeadTokenVerifierProvider),
       Binding.bind(SYSTEM_USER).toProvider(SystemUserProvider),
+      Binding.bind(TenantManagementServiceBindings.IDP_KEYCLOAK).toProvider(KeycloakIdpProvider),
+      Binding.bind(TenantManagementServiceBindings.IDP_AUTH0).toProvider(Auth0IdpProvider),
       createServiceBinding(ProvisioningService),
       createServiceBinding(OnboardingService),
       createServiceBinding(LeadAuthenticator),
       createServiceBinding(CryptoHelperService),
       Binding.bind('services.NotificationService').toClass(NotificationService),
       createServiceBinding(InvoicePDFGenerator),
+      Binding.bind(WEBHOOK_VERIFIER).toProvider(WebhookVerifierProvider),
+      Binding.bind(TenantManagementServiceBindings.IDP_KEYCLOAK).toProvider(
+        KeycloakIdpProvider,
+      ),
+
+      Binding.bind(SYSTEM_USER).toProvider(SystemUserProvider),
+      Binding.bind(WEBHOOK_CONFIG).to({
+        signatureHeaderName: DEFAULT_SIGNATURE_HEADER,
+        timestampHeaderName: DEFAULT_TIMESTAMP_HEADER,
+        timestampTolerance: DEFAULT_TIMESTAMP_TOLERANCE,
+      }),
+      Binding.bind('services.NotificationService').toClass(NotificationService),
+      createServiceBinding(ProvisioningWebhookHandler),
+      createServiceBinding(CryptoHelperService),
     ];
 
     this.addClassBindingIfNotPresent(EventConnectorBinding.key, EventConnector);

services/tenant-management-service/src/controllers/idp.controller.ts

@@ -1,66 +1,65 @@
-import { extensions, Getter, inject, intercept } from '@loopback/core';
-import { getModelSchemaRef, post, requestBody } from '@loopback/rest';
+import {inject, intercept} from '@loopback/core';
+import {getModelSchemaRef, post, requestBody} from '@loopback/rest';
 import {
-    CONTENT_TYPE,
-    OPERATION_SECURITY_SPEC,
-    rateLimitKeyGenPublic,
-    STATUS_CODE,
+  CONTENT_TYPE,
+  OPERATION_SECURITY_SPEC,
+  rateLimitKeyGenPublic,
+  STATUS_CODE,
 } from '@sourceloop/core';
-import { authorize } from 'loopback4-authorization';
-import { ratelimit } from 'loopback4-ratelimiter';
-import { TenantManagementServiceBindings, WEBHOOK_VERIFIER } from '../keys';
-import { IdpDetailsDTO } from '../models/dtos/idp-details-dto.model';
-import { ConfigureIdpFunc, IdPKey, IWebhookHandler } from '../types';
-import { KeycloakIdpProvider } from '../providers/idp/idp-keycloak.provider';
+import {authorize} from 'loopback4-authorization';
+import {ratelimit} from 'loopback4-ratelimiter';
+import {TenantManagementServiceBindings} from '../keys';
+import {IdpDetailsDTO} from '../models/dtos/idp-details-dto.model';
+import {ConfigureIdpFunc, IdPKey} from '../types';
 
 const basePath = '/manage/users';
 export class IdpController {
-    constructor(
-        @inject(TenantManagementServiceBindings.IDP_KEYCLOAK)
-        private readonly idpKeycloakProvider:ConfigureIdpFunc<IdpDetailsDTO>
-    ) { }
-    @intercept(WEBHOOK_VERIFIER)
-    @ratelimit(true, {
-        max: parseInt(process.env.WEBHOOK_API_MAX_ATTEMPTS ?? '10'),
-        keyGenerator: rateLimitKeyGenPublic,
-    })
-    @authorize({
-        permissions: ['*'],
-    })
-    @post(`${basePath}`, {
-        security: OPERATION_SECURITY_SPEC,
-        responses: {
-            [STATUS_CODE.NO_CONTENT]: {
-                description: 'Webhook success',
-            },
+  constructor(
+    @inject(TenantManagementServiceBindings.IDP_KEYCLOAK)
+    private readonly idpKeycloakProvider: ConfigureIdpFunc<IdpDetailsDTO>,
+    @inject(TenantManagementServiceBindings.IDP_AUTH0)
+    private readonly idpAuth0Provider: ConfigureIdpFunc<IdpDetailsDTO>,
+  ) {}
+  // @intercept(WEBHOOK_VERIFIER)
+  @ratelimit(true, {
+    max: parseInt(process.env.WEBHOOK_API_MAX_ATTEMPTS ?? '10'),
+    keyGenerator: rateLimitKeyGenPublic,
+  })
+  @authorize({
+    permissions: ['*'],
+  })
+  @post(`${basePath}`, {
+    security: OPERATION_SECURITY_SPEC,
+    responses: {
+      [STATUS_CODE.NO_CONTENT]: {
+        description: 'Webhook success',
+      },
+    },
+  })
+  async idpConfigure(
+    @requestBody({
+      content: {
+        [CONTENT_TYPE.JSON]: {
+          schema: getModelSchemaRef(IdpDetailsDTO, {
+            title: 'IdpDetailsDTO',
+          }),
         },
+      },
     })
-    async idpConfigure(
-        @requestBody({
-            content: {
-                [CONTENT_TYPE.JSON]: {
-                    schema: getModelSchemaRef(IdpDetailsDTO, {
-                        title: 'IdpDetailsDTO',
-                    }),
-                },
-            },
-        })
-        payload: IdpDetailsDTO,
-    ): Promise<void> {
-        switch (payload.identityProvider) {
-            case IdPKey.AUTH0:
-
-                break;
-            case IdPKey.COGNITO:
-
-                break;
-            case IdPKey.KEYCLOAK:
-                await this.idpKeycloakProvider(payload);
-                break;
-
-            default:
-                break;
-        }
+    payload: IdpDetailsDTO,
+  ): Promise<void> {
+    switch (payload.identityProvider) {
+      case IdPKey.AUTH0:
+        await this.idpAuth0Provider(payload);
+        break;
+      case IdPKey.COGNITO:
+        break;
+      case IdPKey.KEYCLOAK:
+        await this.idpKeycloakProvider(payload);
+        break;
 
+      default:
+        break;
     }
+  }
 }