auth & auth-worker wip

.env.sample

@@ -1,6 +1,103 @@
+######
+# DB #
+######
+
+DB_HOST=db
 DB_PORT=3306
 DB_USERNAME=std_notes_user
 DB_PASSWORD=changeme123
 DB_DATABASE=standard_notes_db
+DB_DEBUG_LEVEL=all
+DB_MIGRATIONS_PATH=dist/migrations/*.js
+
+#########
+# CACHE #
+#########
 
 REDIS_PORT=6379
+REDIS_URL=redis://cache
+
+##########
+# SHARED #
+##########
+
+AUTH_JWT_SECRET=changeme123
+
+###############
+# API GATEWAY #
+###############
+
+API_GATEWAY_LOG_LEVEL="info"
+API_GATEWAY_NODE_ENV=production
+API_GATEWAY_VERSION=local
+
+API_GATEWAY_NEW_RELIC_ENABLED=false
+API_GATEWAY_NEW_RELIC_APP_NAME="API Gateway"
+API_GATEWAY_NEW_RELIC_NO_CONFIG_FILE=true
+
+API_GATEWAY_SYNCING_SERVER_JS_URL=http://localhost:3002
+API_GATEWAY_AUTH_SERVER_URL=http://localhost:3003
+API_GATEWAY_WORKSPACE_SERVER_URL=http://localhost:3004
+API_GATEWAY_REVISIONS_SERVER_URL=http://localhost:3005
+
+API_GATEWAY_REDIS_EVENTS_CHANNEL="api-gateway-event"
+
+API_GATEWAY_PORT=3000
+
+########
+# AUTH #
+########
+
+AUTH_SERVER_LOG_LEVEL="info"
+AUTH_SERVER_NODE_ENV="production"
+AUTH_SERVER_VERSION="local"
+
+AUTH_SERVER_PORT=3003
+
+AUTH_SERVER_AUTH_JWT_TTL=60000
+
+AUTH_SERVER_NEW_RELIC_ENABLED=false
+AUTH_SERVER_NEW_RELIC_APP_NAME=Auth
+AUTH_SERVER_NEW_RELIC_NO_CONFIG_FILE=true
+
+AUTH_SERVER_REDIS_EVENTS_CHANNEL="auth-events"
+
+AUTH_SERVER_DISABLE_USER_REGISTRATION=false
+
+AUTH_SERVER_PSEUDO_KEY_PARAMS_KEY=changeme123
+
+AUTH_SERVER_ACCESS_TOKEN_AGE=5184000
+AUTH_SERVER_REFRESH_TOKEN_AGE=31556926
+
+AUTH_SERVER_MAX_LOGIN_ATTEMPTS=6
+AUTH_SERVER_FAILED_LOGIN_LOCKOUT=3600
+
+AUTH_SERVER_EPHEMERAL_SESSION_AGE=259200
+
+# Must be a hex string exactly 32 bytes long
+# e.g. feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+AUTH_SERVER_ENCRYPTION_SERVER_KEY=changeme123
+
+AUTH_SERVER_SYNCING_SERVER_URL=http://localhost:3002
+
+# File Uploads
+AUTH_SERVER_VALET_TOKEN_TTL=7200
+
+# Localstack Setup (Do not change unless you want to use your real AWS account)
+AUTH_SERVER_SNS_TOPIC_ARN="arn:aws:sns:us-east-1:000000000000:auth-local-topic"
+AUTH_SERVER_SNS_ENDPOINT="http://localstack:4566"
+AUTH_SERVER_SNS_DISABLE_SSL=true
+AUTH_SERVER_SNS_SECRET_ACCESS_KEY="x"
+AUTH_SERVER_SNS_ACCESS_KEY_ID="x"
+AUTH_SERVER_SNS_AWS_REGION="us-east-1"
+AUTH_SERVER_SQS_QUEUE_URL="http://localstack:4566/000000000000/auth-local-queue"
+AUTH_SERVER_SQS_AWS_REGION="us-east-1"
+AUTH_SERVER_SQS_ACCESS_KEY_ID="x"
+AUTH_SERVER_SQS_SECRET_ACCESS_KEY="x"
+AUTH_SERVER_SQS_ENDPOINT="http://localstack:4566"
+
+# (Optional) U2F Setup
+AUTH_SERVER_U2F_RELYING_PARTY_ID="localhost"
+AUTH_SERVER_U2F_RELYING_PARTY_NAME="Standard Notes"
+AUTH_SERVER_U2F_EXPECTED_ORIGIN="http://localhost,http://localhost:3001" # address of the app you host locally
+AUTH_SERVER_U2F_REQUIRE_USER_VERIFICATION=false

docker/docker-entrypoint.sh

@@ -3,6 +3,7 @@
 # Setup environment variables
 
 printenv | grep API_GATEWAY_ | sed 's/API_GATEWAY_//g' > /opt/server/packages/api-gateway/.env
+printenv | grep AUTH_SERVER_ | sed 's/AUTH_SERVER_//g' > /opt/server/packages/auth/.env
 
 # Run supervisor
 

docker/supervisord.conf

@@ -8,4 +8,20 @@ command=yarn start:api-gateway
 autostart=true
 autorestart=true
 stdout_logfile=/var/lib/server/logs/api-gateway.log
-stderr_logfile=/var/lib/server/logs/api-gateway.err
+stderr_logfile=/var/lib/server/logs/api-gateway.err
+
+[program:auth]
+directory=/opt/server
+command=docker/wait-for.sh db 3306 && yarn start:auth
+autostart=true
+autorestart=true
+stdout_logfile=/var/lib/server/logs/auth.log
+stderr_logfile=/var/lib/server/logs/auth.err
+
+[program:auth-worker]
+directory=/opt/server
+command=docker/wait-for.sh localhost 3003 && yarn start:auth-worker
+autostart=true
+autorestart=true
+stdout_logfile=/var/lib/server/logs/auth-worker.log
+stderr_logfile=/var/lib/server/logs/auth-worker.err

docker/wait-for.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+host="$1"
+shift
+port="$1"
+shift
+cmd="$@"
+
+while ! nc -vz $host $port; do
+  >&2 echo "$host:$port is unavailable yet - waiting for it to start"
+  sleep 10
+done
+
+>&2 echo "$host:$port is up. Proceeding to startup."