From b3c186b6456a581cb8187530100d730f56d7193c Mon Sep 17 00:00:00 2001
From: Paul Robert Lloyd <me+git@paulrobertlloyd.com>
Date: Fri, 3 Jun 2022 22:24:55 +0100
Subject: [PATCH] feat: dev mode

---
 indiekit.config.cjs                       |  1 +
 packages/indiekit/config/defaults.js      |  1 +
 packages/indiekit/lib/indieauth.js        | 16 ++++++-------
 packages/indiekit/lib/routes.js           |  1 +
 packages/indiekit/tests/unit/indieauth.js | 28 ++++++++++++++++++++++-
 5 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/indiekit.config.cjs b/indiekit.config.cjs
index bd532a3d1..ee170a5ef 100644
--- a/indiekit.config.cjs
+++ b/indiekit.config.cjs
@@ -3,6 +3,7 @@ require("dotenv").config();
 
 module.exports = {
   application: {
+    _devMode: process.env.NODE_ENV === "development",
     mongodbUrl: process.env.MONGO_URL,
     ...(process.env.RAILWAY_ENVIRONMENT && {
       url: `https://${process.env.RAILWAY_STATIC_URL}`,
diff --git a/packages/indiekit/config/defaults.js b/packages/indiekit/config/defaults.js
index 48d59547d..6d6da93eb 100644
--- a/packages/indiekit/config/defaults.js
+++ b/packages/indiekit/config/defaults.js
@@ -5,6 +5,7 @@ import package_ from "../package.json" assert { type: "json" };
 
 export const defaultConfig = {
   application: {
+    _devMode: false,
     hasDatabase: false,
     localesAvailable: ["de", "en", "es", "fr", "id", "nl", "pt"],
     mongodbUrl: false,
diff --git a/packages/indiekit/lib/indieauth.js b/packages/indiekit/lib/indieauth.js
index 735f534f9..e612f50d5 100644
--- a/packages/indiekit/lib/indieauth.js
+++ b/packages/indiekit/lib/indieauth.js
@@ -1,4 +1,5 @@
 import crypto from "node:crypto";
+import process from "node:process";
 import httpError from "http-errors";
 import { fetch } from "undici";
 import {
@@ -11,9 +12,9 @@ import { decrypt, encrypt, getCanonicalUrl, randomString } from "./utils.js";
 export const IndieAuth = class {
   constructor(options = {}) {
     this.codeVerifier = randomString(100);
+    this.devMode = options.devMode;
     this.iv = crypto.randomBytes(16);
-    this.options = options;
-    this.me = getCanonicalUrl(this.options.me);
+    this.me = getCanonicalUrl(options.me);
   }
 
   /**
@@ -220,16 +221,15 @@ export const IndieAuth = class {
    * @returns {Function} Next middleware
    */
   authorise() {
-    const { me } = this;
+    const { devMode, me } = this;
 
     return async function (request, response, next) {
       const { tokenEndpoint } = request.app.locals.publication;
 
-      // Placeholder session data that can be used during development
-      // if (process.env.NODE_ENV === "development") {
-      //   request.session.token = process.env.NODE_ENV;
-      //   request.session.scope = "create update delete media";
-      // }
+      if (devMode) {
+        request.session.token = process.env.NODE_ENV;
+        request.session.scope = "create update delete media";
+      }
 
       // If have session scope and token, go to next middleware
       const { scope, token } = request.session;
diff --git a/packages/indiekit/lib/routes.js b/packages/indiekit/lib/routes.js
index 041bc49b7..422db676f 100644
--- a/packages/indiekit/lib/routes.js
+++ b/packages/indiekit/lib/routes.js
@@ -20,6 +20,7 @@ export const routes = (indiekitConfig) => {
   const { application, publication } = indiekitConfig;
 
   const indieauth = new IndieAuth({
+    devMode: application._devMode,
     me: publication.me,
   });
 
diff --git a/packages/indiekit/tests/unit/indieauth.js b/packages/indiekit/tests/unit/indieauth.js
index a44928361..85e0e35b8 100644
--- a/packages/indiekit/tests/unit/indieauth.js
+++ b/packages/indiekit/tests/unit/indieauth.js
@@ -1,3 +1,4 @@
+import process from "node:process";
 import test from "ava";
 import { setGlobalDispatcher } from "undici";
 import { tokenEndpointAgent } from "@indiekit-test/mock-agent";
@@ -10,7 +11,6 @@ setGlobalDispatcher(tokenEndpointAgent());
 const { mockRequest, mockResponse } = mockReqRes;
 const indieauth = new IndieAuth({
   me: "https://website.example",
-  tokenEndpoint: "https://token-endpoint.example",
 });
 
 test.beforeEach((t) => {
@@ -108,6 +108,32 @@ test("Checks if user is authorized", async (t) => {
   t.true(next.calledOnce);
 });
 
+test("Development mode bypasses authentication", async (t) => {
+  const indieauth = new IndieAuth({
+    devMode: true,
+    me: "https://website.example",
+  });
+
+  const request = mockRequest({
+    app: {
+      locals: {
+        publication: {
+          tokenEndpoint: "https://token-endpoint.example",
+        },
+      },
+    },
+    session: {},
+  });
+  const response = mockResponse();
+  const next = sinon.spy();
+
+  await indieauth.authorise()(request, response, next);
+
+  t.is(request.session.scope, "create update delete media");
+  t.is(request.session.token, process.env.NODE_ENV);
+  t.true(next.calledOnce);
+});
+
 test("Throws error checking if user is authorized", async (t) => {
   const request = mockRequest({
     app: { locals: { publication: {} } },