Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up ng-dev auth and service #720

Closed
wants to merge 8 commits into from
Closed

Set up ng-dev auth and service #720

wants to merge 8 commits into from

Conversation

josephperrott
Copy link
Member

No description provided.

@josephperrott
feat(apps): create ng-dev token functions
8e31989 
Establish a base set of ng-dev token functions allowing for the request, validation and revocation of newly defined ng-dev tokens.

These tokens will be used to allow ng-dev users to authenticate and request data from or actions to be performed by the dev-infra
firebase instance.
@josephperrott
feat(ng-dev): create auth subcommand for ng-dev
aa8ce80 
Create a set of auth commands to login to the ng-dev service.  Currently only supports logging in, logging out
and restoring a logged in session.
@josephperrott josephperrott added the action: review The PR is still awaiting reviews from at least one requested reviewer label Jul 14, 2022
@josephperrott josephperrott requested a review from devversion July 14, 2022 20:22
devversion
devversion reviewed Jul 15, 2022
View reviewed changes
apps/functions/index.ts Outdated Show resolved Hide resolved
apps/functions/ng-dev/BUILD.bazel Show resolved Hide resolved
apps/functions/ng-dev/ng-dev-token.ts Outdated Show resolved Hide resolved
apps/functions/ng-dev/ng-dev-token.ts Outdated Show resolved Hide resolved
apps/functions/ng-dev/ng-dev-token.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/ng-dev-token.ts Outdated
/** Save the token to the file system as a base64 encoded string. */
async function saveTokenToFileSystem(data: NgDevToken) {
await mkdir(tokenDir, {recursive: true});
await writeFile(tokenPath, Buffer.from(JSON.stringify(data), 'utf8').toString('base64'));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you considered using some actual encrypting here where we store the secret in the bundled ng-dev tool. This is obviously not safe, but it's much more difficult to figure out if a token is stolen, compared to just decoding base64 (where it's also super easy to see if something is base64 or not :D)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had not thought about it too much, but we definitely can if you would like. We would have to be shipping to the key for the encryption as well.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think this is worth doing. It's low-effort and makes potentially leaked keys much more difficult to become useful for attackers.

ng-dev/auth/shared/node-handler.ts Show resolved Hide resolved
ng-dev/auth/shared/node-handler.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/oauth.ts Show resolved Hide resolved
ng-dev/auth/shared/oauth.ts Show resolved Hide resolved
@josephperrott josephperrott requested a review from devversion July 15, 2022 15:28
devversion
devversion reviewed Jul 17, 2022
View reviewed changes
apps/functions/ng-dev/ng-dev-token.ts Outdated Show resolved Hide resolved
apps/functions/ng-dev/ng-dev-token.ts Outdated Show resolved Hide resolved
ng-dev/auth/login/cli.ts Outdated Show resolved Hide resolved
ng-dev/auth/logout/cli.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/firebase.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/node-handler.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/node-handler.ts Show resolved Hide resolved
ng-dev/auth/shared/node-handler.ts Show resolved Hide resolved
ng-dev/auth/shared/node-handler.ts Show resolved Hide resolved
ng-dev/auth/shared/node-handler.ts Show resolved Hide resolved
devversion
devversion approved these changes Jul 18, 2022
View reviewed changes
Copy link
Member

@devversion devversion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice!! some minor final comments

ng-dev/auth/shared/oauth.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/oauth.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/oauth.ts Outdated Show resolved Hide resolved
ng-dev/auth/shared/oauth.ts Outdated Show resolved Hide resolved
@josephperrott josephperrott force-pushed the setup-ng-dev-auth branch 2 times, most recently from a9815b3 to 1993089 Compare July 20, 2022 14:21
@josephperrott josephperrott added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Jul 20, 2022
@josephperrott
Copy link
Member Author

This PR was merged into the repository by commit 114c5a9.

josephperrott added a commit that referenced this pull request Jul 20, 2022
@josephperrott
feat(ng-dev): create auth subcommand for ng-dev (#720)
114c5a9 
Create a set of auth commands to login to the ng-dev service.  Currently only supports logging in, logging out
and restoring a logged in session.

PR Close #720
@josephperrott josephperrott deleted the setup-ng-dev-auth branch July 20, 2022 15:57
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Aug 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@devversion devversion devversion approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@josephperrott @devversion