-
-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Migrate from Auth0 to Jetstream Auth
Remove 3rd party authentication provider in favor of Jetstream in-house Authentication Add support for MFA which is required by default - initial support for email and authenticator app Tighten upp session management to ensure that sessions are being used on the same device Add profile management with options to add a password, manage MFA options, link social accounts Added captcha via Cloudflare turnstile to authentication pages Added email templates and sending vie react email Added rate limiting to all authentication routes Added zod validation to environment variable parsing Added E2E tests for all authentication pages
- Loading branch information
Showing
216 changed files
with
11,835 additions
and
3,313 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,66 +2,82 @@ | |
###### REQUIRED ###### | ||
|
||
ENVIRONMENT='development' | ||
# Example key - not used in any real environments | ||
JETSTREAM_SESSION_SECRET='15a845f36512d850dfd223af8809873c' | ||
|
||
# SFDC API VERSION TO USE | ||
NX_SFDC_API_VERSION='61.0' | ||
|
||
# trace, debug (default), info, warn, error, fatal, silent | ||
LOG_LEVEL='trace' | ||
|
||
# Session signing secret - minimum of 32 characters | ||
# Generate using: `openssl rand -base64 32` | ||
JETSTREAM_SESSION_SECRET='' | ||
# Backup key to allow session rotation | ||
JETSTREAM_SESSION_SECRET_BACKUP='' | ||
# Auth secret - used to sign encrypt CSRF tokens for authentication pages | ||
# Generate using: `openssl rand -base64 32` | ||
JETSTREAM_AUTH_SECRET='' | ||
# Secret used to encrypt OTP tokens for storage in the database | ||
JETSTREAM_AUTH_OTP_SECRET='' | ||
|
||
# JETSTREAM URLS | ||
# If developing, then these will be localhost | ||
# If running locally but not developing the platform, use port `:3333` for all of these | ||
JETSTREAM_CLIENT_URL='http://localhost:4200/app' | ||
JETSTREAM_SERVER_DOMAIN='localhost:3333' | ||
JETSTREAM_SERVER_URL='http://localhost:3333' | ||
JETSTREAM_POSTGRES_DBURI='postgres://postgres@localhost:5432/postgres' | ||
|
||
# trace, debug (default), info, warn, error, fatal, silent - determines how much server logging is done | ||
LOG_LEVEL='trace' | ||
# Used in landing page to redirect to the correct URL | ||
# If running locally but not developing the platform, use port `:3333` for all of these | ||
NEXT_PUBLIC_CLIENT_URL='http://localhost:4200/app' | ||
NEXT_PUBLIC_SERVER_URL='http://localhost:3333' | ||
|
||
# PLAYWRIGHT INTEGRATION TEST LOGIN | ||
E2E_LOGIN_USERNAME='[email protected]' | ||
E2E_LOGIN_PASSWORD='TODO' | ||
E2E_LOGIN_URL='https://jetstream-e2e-dev-ed.develop.my.salesforce.com' | ||
# OAUTH FOR LOGGING IN TO THE APP | ||
# You can provide your own keys by creating a connected app in your dev or production org. | ||
# Salesforce - Scopes: email, profile, openid | ||
AUTH_SFDC_CLIENT_ID='3MVG9riCAn8HHkYWGpu4WgDxYOW_9snDbMX1MD9hZ5Hd9NZ4yIKUhecgKe.bLizoOuSZGUwL.214Oyhcfd..1' | ||
AUTH_SFDC_CLIENT_SECRET='3DC73F32C7385596DF9625F914D96A2CADC68F074010D658C122A774A9EC6AA3' | ||
|
||
# Google - Scopes: email, profile, openid | ||
AUTH_GOOGLE_CLIENT_ID='' | ||
AUTH_GOOGLE_CLIENT_SECRET='' | ||
|
||
# SALESFORCE CONFIGURATION | ||
# You can provide your own key by creating a connected app in your dev or production org. | ||
# Ensure api, web, refresh_token scopes are included | ||
# You can provide your own keys by creating a connected app in your dev or production org. | ||
# Scopes: api, web, refresh_token | ||
SFDC_CALLBACK_URL='http://localhost:3333/oauth/sfdc/callback' | ||
SFDC_CONSUMER_KEY='3MVG9tSqyyAXNH5ItQtuplEg40Ks_MLSG37L1PV.TLDjsCbdp7EDonFUW0csSDDrutnfuxKH5OKSXSbhiGPv5' | ||
SFDC_CONSUMER_SECRET='F77C1B4AF03CF51B290A591766F4C430E3136949A636D4AA5339F8EB6A40052A' | ||
SFDC_CONSUMER_KEY='3MVG9riCAn8HHkYWGpu4WgDxYOW_9snDbMX1MD9hZ5Hd9NZ4yIKUhecgKe.bLizoOuSZGUwL.214Oyhcfd..1' | ||
SFDC_CONSUMER_SECRET='3DC73F32C7385596DF9625F914D96A2CADC68F074010D658C122A774A9EC6AA3' | ||
|
||
###### OPTIONAL ###### | ||
|
||
# API VERSION TO USE | ||
SFDC_API_VERSION='58.0' | ||
# PLAYWRIGHT INTEGRATION TEST LOGIN | ||
E2E_LOGIN_USERNAME='[email protected]' | ||
E2E_LOGIN_PASSWORD='' | ||
E2E_LOGIN_URL='https://jetstream-e2e-dev-ed.develop.my.salesforce.com' | ||
|
||
# If set to true, then authentication will be bypassed | ||
# You will use a test account instead of a real account - only works if running locally | ||
EXAMPLE_USER_OVERRIDE=true | ||
|
||
# Auth0 configuration - Free public account, you can replace with your own if you want | ||
AUTH0_CLIENT_ID='305Mn5azd97CZrHDf5SflQCZlEeEKfTU' | ||
AUTH0_CLIENT_SECRET='CmOSq3HVhUVZhjmnlLy4IHk46E1XuhVXAxcx9Epjm38opRy-ycaBlJujkDlhL7zu' | ||
AUTH0_DOMAIN='dev-ce6oji5b.us.auth0.com' | ||
AUTH0_M2M_DOMAIN='dev-ce6oji5b.us.auth0.com' | ||
EXAMPLE_USER_OVERRIDE='true' | ||
EXAMPLE_USER_PASSWORD='EXAMPLE_123!' | ||
|
||
# AUTH0 APPLICATION CONFIGURATION | ||
# LOGO: https://getjetstream.app/assets/images/jetstream-logo.svg | ||
# CALLBACK URL: http://localhost:3333/oauth/callback, http://localhost:3333/oauth/identity/link/callback, jetstream://localhost/oauth/callback | ||
# LOGOUT URLS: https://staging.getjetstream.app, http://localhost:3333, jetstream://localhost/oauth/callback | ||
|
||
###### OPTIONAL ###### | ||
|
||
PRISMA_DEBUG='false' | ||
|
||
NX_PUBLIC_AUTH_AUDIENCE='http://getjetstream.app/app_metadata' | ||
NX_PUBLIC_ROLLBAR_KEY='' | ||
NX_PUBLIC_AMPLITUDE_KEY='' | ||
|
||
# Used to save feedback as a github issue and run some build commands | ||
# Also required for the release process | ||
GITHUB_TOKEN='' | ||
|
||
# Credentials for sending emails | ||
# If you are not using the example user, then you may need to configure this for MFA | ||
MAILGUN_API_KEY='' | ||
JETSTREAM_EMAIL_DOMAIN='' | ||
JETSTREAM_EMAIL_FROM_NAME='' | ||
JETSTREAM_EMAIL_REPLY_TO='' | ||
|
||
# Used to generate blog when building landing page | ||
CONTENTFUL_HOST='cdn.contentful.com' | ||
CONTENTFUL_SPACE='' | ||
CONTENTFUL_TOKEN='' | ||
|
||
# Required to use Google integration | ||
# Required to use Google within application | ||
GOOGLE_APP_ID='' | ||
GOOGLE_API_KEY='' | ||
GOOGLE_CLIENT_ID='' | ||
|
@@ -79,3 +95,7 @@ ALGOLIA_API_KEY='' | |
HONEYCOMB_ENABLED=false | ||
HONEYCOMB_API_KEY='' | ||
|
||
# Nx 18 enables using plugins to infer targets by default | ||
# This is disabled for existing workspaces to maintain compatibility | ||
# For more info, see: https://nx.dev/concepts/inferred-tasks | ||
NX_ADD_PLUGINS=false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,7 +12,6 @@ env: | |
CONTENTFUL_TOKEN: ${{ secrets.CONTENTFUL_TOKEN }} | ||
NX_CLOUD_DISTRIBUTED_EXECUTION: false | ||
NX_PUBLIC_AMPLITUDE_KEY: ${{ secrets.NX_PUBLIC_AMPLITUDE_KEY }} | ||
NX_PUBLIC_AUTH_AUDIENCE: http://getjetstream.app/app_metadata | ||
NX_PUBLIC_ROLLBAR_KEY: ${{ secrets.NX_PUBLIC_ROLLBAR_KEY }} | ||
|
||
jobs: | ||
|
@@ -63,31 +62,33 @@ jobs: | |
runs-on: ubuntu-latest | ||
env: | ||
LOG_LEVEL: warn | ||
AUTH0_CLIENT_ID: 'shxza1G0595Ut2htmAd3NfbMMsqelrE5' | ||
AUTH0_CLIENT_SECRET: 'NOT-NEEDED' | ||
AUTH0_DOMAIN: 'getjetstream-dev.us.auth0.com' | ||
E2E_LOGIN_PASSWORD: ${{ secrets.E2E_LOGIN_PASSWORD }} | ||
E2E_LOGIN_URL: 'https://jetstream-e2e-dev-ed.develop.my.salesforce.com' | ||
E2E_LOGIN_USERNAME: '[email protected]' | ||
E2E_LOGIN_PASSWORD: ${{ secrets.E2E_LOGIN_PASSWORD }} | ||
EXAMPLE_USER_OVERRIDE: true | ||
EXAMPLE_USER_PASSWORD: 'EXAMPLE_123!' | ||
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }} | ||
GOOGLE_APP_ID: ${{ secrets.GOOGLE_APP_ID }} | ||
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} | ||
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} | ||
JETSTREAM_POSTGRES_DBURI: postgres://postgres:postgres@localhost:5432/postgres | ||
JETSTREAM_SESSION_SECRET: ${{ secrets.JETSTREAM_SESSION_SECRET }} | ||
JETSTREAM_SESSION_SECRET: '8e52194ce3b6650b93e95a5c40a705b2' | ||
JETSTREAM_AUTH_SECRET: 'l26oD1TYqkJP/AZccmFwX2gPO45rG1qQuSXjVxRj9U/3' | ||
JETSTREAM_AUTH_OTP_SECRET: 'pD0AwvBhZU5COntz97OBDAtonoEe/Z0lz5ulNFl4K04=' | ||
JETSTREAM_CLIENT_URL: http://localhost:3333/app | ||
JETSTREAM_SERVER_DOMAIN: localhost:3333 | ||
JETSTREAM_SERVER_URL: http://localhost:3333 | ||
NEXT_PUBLIC_CLIENT_URL: 'http://localhost:4200/app' | ||
NEXT_PUBLIC_SERVER_URL: 'http://localhost:3333' | ||
NX_PUBLIC_AMPLITUDE_KEY: ${{ secrets.NX_PUBLIC_AMPLITUDE_KEY }} | ||
NX_PUBLIC_AUTH_AUDIENCE: http://getjetstream.app/app_metadata | ||
NX_CLOUD_DISTRIBUTED_EXECUTION: false | ||
NX_PUBLIC_ROLLBAR_KEY: ${{ secrets.NX_PUBLIC_ROLLBAR_KEY }} | ||
SFDC_CALLBACK_URL: http://localhost:3333/oauth/sfdc/callback | ||
SFDC_CONSUMER_KEY: ${{ secrets.SFDC_CONSUMER_KEY }} | ||
SFDC_CONSUMER_SECRET: ${{ secrets.SFDC_CONSUMER_SECRET }} | ||
SFDC_ENC_KEY: ${{ secrets.SFDC_ENC_KEY }} | ||
SFDC_API_VERSION: '58.0' | ||
AUTH_SFDC_CLIENT_ID: ${{ secrets.SFDC_CONSUMER_KEY }} | ||
AUTH_SFDC_CLIENT_SECRET: ${{ secrets.SFDC_CONSUMER_SECRET }} | ||
SFDC_API_VERSION: '61.0' | ||
|
||
services: | ||
postgres: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -70,6 +70,17 @@ This project was generated using [Nx](https://nx.dev) - This repository is consi | |
2. If you are using docker, make sure you have Docker installed. | ||
3. If you want to run the dev server, make sure you have yarn version 1 installed. | ||
|
||
### Installing Dependencies | ||
|
||
### Setting up your environment | ||
|
||
Run this script to copy `.env.example` to `.env` which will generate encryption keys which are required to run the application. | ||
You will be asked some questions which will determine some of the environment variables. | ||
|
||
```bash | ||
yarn scripts:generate-env | ||
``` | ||
|
||
📓 You can choose to skip authentication locally by setting the environment variable `EXAMPLE_USER_OVERRIDE=true`. This is set to true by default in the `.env.example` file. | ||
🌟 To use this, don't click the login button, but instead just go to `http://localhost:3333/app` or `http://localhost:4200/app` (if running the react development server) directly. | ||
|
||
|
@@ -91,16 +102,17 @@ docker compose up | |
|
||
- Jetstream will be running at `http://localhost:3333` | ||
- Postgres will be running on port `5555` if you wanted to connect to it locally. | ||
- When you click "Login", you should immediately be logged in without having to sign in. | ||
- You can set `EXAMPLE_USER_OVERRIDE` if you want to disable this behavior | ||
- You can login with the `Example` user | ||
- The username is `[email protected]` | ||
- The password is contained in the `.env` file | ||
- If assets on the page don't load, do a hard refresh (hold cmd or shift and press refresh) | ||
- This might happen if you have re-built the image and the browser has cached the page with now missing resources. | ||
|
||
### Running without Docker | ||
|
||
Use this option if you want to contribute to the codebase. | ||
|
||
Jetstream relies on a Postgres database, so you either need to [run Postgresql locally](https://www.postgresql.org/download/) or use a managed provider such as one from the list below. Optionally you can run jetstream in a Docker container which includes Postgresql. | ||
Jetstream relies on a Postgres database, so you either need to [run Postgresql locally](https://www.postgresql.org/download/), in a docker container, or use a managed provider such as one from the list below. Optionally you can run jetstream in a Docker container which includes Postgresql. | ||
|
||
- [Render](https://render.com/) (Jetstream is hosted here) | ||
- [elephantsql](https://www.elephantsql.com/plans.html) | ||
|
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.