Skip to content

Commit

Permalink
#10: Bearer authentication for socket.io, generated in subdomain config
Browse files Browse the repository at this point in the history
  • Loading branch information
gsvarovsky committed Nov 5, 2023
1 parent 48a6b99 commit a6938dd
Show file tree
Hide file tree
Showing 27 changed files with 433 additions and 243 deletions.
42 changes: 26 additions & 16 deletions architecture/api/admin/admin.use-case.puml
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,32 @@ left to right direction
user <|-- root : is a

package "User End-Point" {
user --> (change details) : self
note right: PATCH /user/:user {emails, keyids}
note bottom of "change details": including revoke key
(get activation) #lightgreen
user --> (get activation)
note right of "get activation": sends code by email
note right of "get activation": POST /user/:user/activation {email}
(get user key) #lightgreen
user --> (get user key) : self; can use\nactivation
note top of "get user key": must use activation\nfor self-service create
note right of "get user key": create user account\nif not exists
note right of "get user key": POST /user/:user/key
root --> (get user key) : any user
user --> (delete user) : self
root --> (delete user) : any user
note right: DEL /user/:user
usecase changeDetails as "=== change details
PATCH /user/:user {emails, keyids}"
user --> (changeDetails) : self
note right: including revoke key

usecase getActivation #lightgreen as "=== get activation
POST /user/:user/activation {email}"
user --> (getActivation)
note right: sends code by email

usecase mintUserKey #lightgreen as "=== mint user key
POST /user/:user/key"
user --> mintUserKey : self; can use\nactivation
note right of mintUserKey: must use activation\nfor self-service create
note right of mintUserKey: create user account\nif not exists
root --> mintUserKey : any user

usecase deleteUser as "=== delete user
DEL /user/:user"
user --> deleteUser : self
root --> deleteUser : any user

usecase getPublicKey as "=== get public key
GET /user/:user/publicKey/:keyid"
user --> getPublicKey : self
root --> getPublicKey : any user
}

@enduml
108 changes: 65 additions & 43 deletions architecture/api/admin/img/admin.use-case.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
12 changes: 7 additions & 5 deletions architecture/api/domain/account-domain.seq.puml
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,20 @@ hide footbox
title App with Gateway account

participant "App\nClient" as client
participant "Identity Provider" as idp
participant "App Service\nor lambda" as service

service -> Gateway: PUT /domain/<<account>>/<<name>> ""{authKey}""
client <--> idp: Authenticate user (or anon)
client -> service ++ : get config for subdomain {userId}
service -> Gateway ++: PUT /domain/<<account>>/<<name>>\n{authKey, userId}
Gateway -> Gateway: Create user JWT,\nsign with authKey
return config for new clones
note left
<code>
{
@domain:"<<name>>.<<account>>.<<hostname>>",
genesis:true,
io
io: { auth: { jwt } }
}
</code>
end note
Expand All @@ -23,9 +27,7 @@ if backup clone
or domain exists,
genesis is false
end note
client <--> service: Authenticate user (or anon)
service -> service: Create client JWT,\nsign with authKey
service -> client: ""{config, jwt}""
return config
client -> client ++: Create clone
client <--> Gateway: socket.io remotes ""{jwt}""

Expand Down
30 changes: 15 additions & 15 deletions architecture/api/domain/img/account-domain.seq.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
14 changes: 5 additions & 9 deletions architecture/api/domain/img/public.seq.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 2 additions & 2 deletions architecture/api/domain/public.seq.puml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ hide footbox

title App with anonymous users using Gateway public messaging

anon -> Gateway: POST /domain/public
anon -> Gateway: POST /domain/public
return config for new clones
note left
<code>
Expand All @@ -15,7 +15,7 @@ note left
}
</code>
end note
note right: no backup clone created
note right: no backup clone created
anon -> anon ++: Create genesis clone
<-- anon: Tell other app instances
anon <--> Gateway: socket.io remotes (rate limited)
Expand Down
2 changes: 1 addition & 1 deletion architecture/gateway design.mm
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@
</node>
</node>
<node TEXT="deployment" ID="ID_1093246398" CREATED="1669713904042" MODIFIED="1669713906788">
<node TEXT="native" ID="ID_1357853973" CREATED="1669917664941" MODIFIED="1669917682875">
<node TEXT="native" ID="ID_1357853973" CREATED="1669917664941" MODIFIED="1696846339222">
<icon BUILTIN="bookmark"/>
<arrowlink SHAPE="CUBIC_CURVE" COLOR="#000000" WIDTH="1" TRANSPARENCY="200" FONT_SIZE="9" FONT_FAMILY="SansSerif" DESTINATION="ID_435682791" STARTINCLINATION="672;0;" ENDINCLINATION="672;0;" STARTARROW="NONE" ENDARROW="NONE"/>
</node>
Expand Down
14 changes: 5 additions & 9 deletions src/ably/AblyCloneFactory.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import * as ablyModule from '@m-ld/m-ld/ext/ably';
import { BaseGatewayConfig, CloneFactory, Env, GatewayPrincipal } from '../lib/index.js';
import {
BaseGatewayConfig, CloneFactory, ConfigContext, Env, GatewayPrincipal
} from '../lib/index.js';
import * as xirsys from '@m-ld/io-web-runtime/dist/server/xirsys';
import { Who } from '../server/index.js';
import { RemotesAuthType } from '../server/Account.js';

type AblyGatewayConfig = BaseGatewayConfig & ablyModule.MeldAblyConfig;

Expand Down Expand Up @@ -32,13 +32,9 @@ export class AblyCloneFactory extends CloneFactory {
return ablyModule.AblyRemotes;
}

async reusableConfig(
config: BaseGatewayConfig,
remotesAuth: RemotesAuthType[],
who?: Who
): Promise<Partial<BaseGatewayConfig>> {
async reusableConfig(config: BaseGatewayConfig, context: ConfigContext) {
const { ably } = config;
return Env.mergeConfig(super.reusableConfig(config, remotesAuth, who), { ably }, {
return Env.mergeConfig(super.reusableConfig(config, context), { ably }, {
ably: { key: false, apiKey: false } // Remove Ably secrets
});
}
Expand Down
Loading

0 comments on commit a6938dd

Please sign in to comment.