Authentication (#164)

Author: brendan-kellam

.vscode/extensions.json

@@ -1,6 +1,7 @@
 {
     "recommendations": [
         "dbaeumer.vscode-eslint",
-        "bradlc.vscode-tailwindcss"
+        "bradlc.vscode-tailwindcss",
+        "prisma.prisma"
     ]
 }

Dockerfile

@@ -10,13 +10,23 @@ RUN go mod download
 COPY vendor/zoekt ./
 RUN CGO_ENABLED=0 GOOS=linux go build -o /cmd/ ./cmd/...
 
+# ------ Build Database ------
+FROM node-alpine AS database-builder
+WORKDIR /app
+
+COPY package.json yarn.lock* ./
+COPY ./packages/db ./packages/db
+RUN yarn workspace @sourcebot/db install --frozen-lockfile
+
 # ------ Build Web ------
 FROM node-alpine AS web-builder
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
 COPY package.json yarn.lock* ./
 COPY ./packages/web ./packages/web
+COPY --from=database-builder /app/node_modules ./node_modules
+COPY --from=database-builder /app/packages/db ./packages/db
 
 # Fixes arm64 timeouts
 RUN yarn config set registry https://registry.npmjs.org/
@@ -27,17 +37,15 @@ ENV NEXT_TELEMETRY_DISABLED=1
 ARG NEXT_PUBLIC_SOURCEBOT_TELEMETRY_DISABLED=BAKED_NEXT_PUBLIC_SOURCEBOT_TELEMETRY_DISABLED
 ARG NEXT_PUBLIC_SOURCEBOT_VERSION=BAKED_NEXT_PUBLIC_SOURCEBOT_VERSION
 ENV NEXT_PUBLIC_POSTHOG_PAPIK=BAKED_NEXT_PUBLIC_POSTHOG_PAPIK
-# @note: leading "/" is required for the basePath property. @see: https://nextjs.org/docs/app/api-reference/next-config-js/basePath
-ARG NEXT_PUBLIC_DOMAIN_SUB_PATH=/BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH
-RUN yarn workspace @sourcebot/web build
 
-# ------ Build Database ------
-FROM node-alpine AS database-builder
-WORKDIR /app
+# @nocheckin: This was interfering with the the `matcher` regex in middleware.ts,
+# causing regular expressions parsing errors when making a request. It's unclear
+# why exactly this was happening, but it's likely due to a bad replacement happening
+# in the `sed` command.
+# @note: leading "/" is required for the basePath property. @see: https://nextjs.org/docs/app/api-reference/next-config-js/basePath
+# ARG NEXT_PUBLIC_DOMAIN_SUB_PATH=/BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH
 
-COPY package.json yarn.lock* ./
-COPY ./packages/db ./packages/db
-RUN yarn workspace @sourcebot/db install --frozen-lockfile
+RUN yarn workspace @sourcebot/web build
 
 
 # ------ Build Backend ------

entrypoint.sh

@@ -107,46 +107,50 @@ echo -e "\e[34m[Info] Using config file at: '$CONFIG_PATH'.\e[0m"
     done
 }
 
-
-# Update specifically NEXT_PUBLIC_DOMAIN_SUB_PATH w/o requiring a rebuild.
-# Ultimately, the DOMAIN_SUB_PATH sets the `basePath` param in the next.config.mjs.
-# Similar to above, we pass in a `BAKED_` sentinal value into next.config.mjs at build
-# time. Unlike above, the `basePath` configuration is set in files other than just javascript
-# code (e.g., manifest files, css files, etc.), so this section has subtle differences.
+# @nocheckin: This was interfering with the the `matcher` regex in middleware.ts,
+# causing regular expressions parsing errors when making a request. It's unclear
+# why exactly this was happening, but it's likely due to a bad replacement happening
+# in the `sed` command.
 #
-# @see: https://nextjs.org/docs/app/api-reference/next-config-js/basePath
-# @see: https://phase.dev/blog/nextjs-public-runtime-variables/
-{
-    if [ ! -z "$DOMAIN_SUB_PATH" ]; then
-        # If the sub-path is "/", this creates problems with certain replacements. For example:
-        # /BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH/_next/image -> //_next/image (notice the double slash...)
-        # To get around this, we default to an empty sub-path, which is the default when no sub-path is defined.
-        if [ "$DOMAIN_SUB_PATH" = "/" ]; then
-            DOMAIN_SUB_PATH=""
-
-        # Otherwise, we need to ensure that the sub-path starts with a slash, since this is a requirement
-        # for the basePath property. For example, assume DOMAIN_SUB_PATH=/bot, then:
-        # /BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH/_next/image -> /bot/_next/image
-        elif [[ ! "$DOMAIN_SUB_PATH" =~ ^/ ]]; then
-            DOMAIN_SUB_PATH="/$DOMAIN_SUB_PATH"
-        fi
-    fi
-
-    if [ ! -z "$DOMAIN_SUB_PATH" ]; then
-        echo -e "\e[34m[Info] DOMAIN_SUB_PATH was set to "$DOMAIN_SUB_PATH". Overriding default path.\e[0m"
-    fi
-
-    # Always set NEXT_PUBLIC_DOMAIN_SUB_PATH to DOMAIN_SUB_PATH (even if it is empty!!)
-    export NEXT_PUBLIC_DOMAIN_SUB_PATH="$DOMAIN_SUB_PATH"
-
-    # Iterate over _all_ files in the web directory, making substitutions for the `BAKED_` sentinal values
-    # with their actual desired runtime value.
-    find /app/packages/web -type f |
-    while read file; do
-        # @note: the leading "/" is required here as it is included at build time. See Dockerfile.
-        sed -i "s|/BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH|${NEXT_PUBLIC_DOMAIN_SUB_PATH}|g" "$file"
-    done
-}
+# # Update specifically NEXT_PUBLIC_DOMAIN_SUB_PATH w/o requiring a rebuild.
+# # Ultimately, the DOMAIN_SUB_PATH sets the `basePath` param in the next.config.mjs.
+# # Similar to above, we pass in a `BAKED_` sentinal value into next.config.mjs at build
+# # time. Unlike above, the `basePath` configuration is set in files other than just javascript
+# # code (e.g., manifest files, css files, etc.), so this section has subtle differences.
+# #
+# # @see: https://nextjs.org/docs/app/api-reference/next-config-js/basePath
+# # @see: https://phase.dev/blog/nextjs-public-runtime-variables/
+# {
+#     if [ ! -z "$DOMAIN_SUB_PATH" ]; then
+#         # If the sub-path is "/", this creates problems with certain replacements. For example:
+#         # /BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH/_next/image -> //_next/image (notice the double slash...)
+#         # To get around this, we default to an empty sub-path, which is the default when no sub-path is defined.
+#         if [ "$DOMAIN_SUB_PATH" = "/" ]; then
+#             DOMAIN_SUB_PATH=""
+
+#         # Otherwise, we need to ensure that the sub-path starts with a slash, since this is a requirement
+#         # for the basePath property. For example, assume DOMAIN_SUB_PATH=/bot, then:
+#         # /BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH/_next/image -> /bot/_next/image
+#         elif [[ ! "$DOMAIN_SUB_PATH" =~ ^/ ]]; then
+#             DOMAIN_SUB_PATH="/$DOMAIN_SUB_PATH"
+#         fi
+#     fi
+
+#     if [ ! -z "$DOMAIN_SUB_PATH" ]; then
+#         echo -e "\e[34m[Info] DOMAIN_SUB_PATH was set to "$DOMAIN_SUB_PATH". Overriding default path.\e[0m"
+#     fi
+
+#     # Always set NEXT_PUBLIC_DOMAIN_SUB_PATH to DOMAIN_SUB_PATH (even if it is empty!!)
+#     export NEXT_PUBLIC_DOMAIN_SUB_PATH="$DOMAIN_SUB_PATH"
+
+#     # Iterate over _all_ files in the web directory, making substitutions for the `BAKED_` sentinal values
+#     # with their actual desired runtime value.
+#     find /app/packages/web -type f |
+#     while read file; do
+#         # @note: the leading "/" is required here as it is included at build time. See Dockerfile.
+#         sed -i "s|/BAKED_NEXT_PUBLIC_DOMAIN_SUB_PATH|${NEXT_PUBLIC_DOMAIN_SUB_PATH}|g" "$file"
+#     done
+# }
 
 
 # Run supervisord

package.json

@@ -6,8 +6,8 @@
     "scripts": {
         "build": "yarn workspaces run build",
         "test": "yarn workspaces run test",
-        "dev": "npm-run-all --print-label --parallel dev:zoekt dev:backend dev:web dev:redis",
-        "dev:mt": "npm-run-all --print-label --parallel dev:zoekt:mt dev:backend dev:web dev:redis",
+        "dev": "yarn workspace @sourcebot/db prisma:migrate:dev && npm-run-all --print-label --parallel dev:zoekt dev:backend dev:web dev:redis",
+        "dev:mt": "yarn workspace @sourcebot/db prisma:migrate:dev && npm-run-all --print-label --parallel dev:zoekt:mt dev:backend dev:web dev:redis",
         "dev:zoekt": "export PATH=\"$PWD/bin:$PATH\" && export SRC_TENANT_ENFORCEMENT_MODE=none && zoekt-webserver -index .sourcebot/index -rpc",
         "dev:zoekt:mt": "export PATH=\"$PWD/bin:$PATH\" && export SRC_TENANT_ENFORCEMENT_MODE=strict && zoekt-webserver -index .sourcebot/index -rpc",
         "dev:backend": "yarn workspace @sourcebot/backend dev:watch",

packages/backend/package.json

@@ -32,6 +32,7 @@
         "lowdb": "^7.0.1",
         "micromatch": "^4.0.8",
         "posthog-node": "^4.2.1",
+        "@sourcebot/db": "^0.1.0",
         "simple-git": "^3.27.0",
         "strip-json-comments": "^5.0.1",
         "winston": "^3.15.0",

packages/backend/src/config.ts

@@ -105,7 +105,7 @@ export const syncConfig = async (configPath: string, db: PrismaClient, signal: A
                             name: repoName,
                             tenantId: 0, // TODO: add support for tenantId in GitLab config
                             isFork,
-                            isArchived: project.archived,
+                            isArchived: !!project.archived,
                             metadata: {
                                 'zoekt.web-url-type': 'gitlab',
                                 'zoekt.web-url': project.web_url,

packages/backend/src/gitlab.ts

@@ -3,7 +3,7 @@ import micromatch from "micromatch";
 import { createLogger } from "./logger.js";
 import { GitLabConfig } from "./schemas/v2.js";
 import { AppContext } from "./types.js";
-import { getTokenFromConfig, marshalBool, measure } from "./utils.js";
+import { getTokenFromConfig, measure } from "./utils.js";
 
 const logger = createLogger("GitLab");
 export const GITLAB_CLOUD_HOSTNAME = "gitlab.com";

packages/db/prisma/migrations/20250115193735_auth_js_models/migration.sql

@@ -0,0 +1,45 @@
+-- CreateTable
+CREATE TABLE "User" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "name" TEXT,
+    "email" TEXT,
+    "emailVerified" DATETIME,
+    "image" TEXT,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL
+);
+
+-- CreateTable
+CREATE TABLE "Account" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "userId" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+    "provider" TEXT NOT NULL,
+    "providerAccountId" TEXT NOT NULL,
+    "refresh_token" TEXT,
+    "access_token" TEXT,
+    "expires_at" INTEGER,
+    "token_type" TEXT,
+    "scope" TEXT,
+    "id_token" TEXT,
+    "session_state" TEXT,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL,
+    CONSTRAINT "Account_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- CreateTable
+CREATE TABLE "VerificationToken" (
+    "identifier" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "expires" DATETIME NOT NULL
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Account_provider_providerAccountId_key" ON "Account"("provider", "providerAccountId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "VerificationToken_identifier_token_key" ON "VerificationToken"("identifier", "token");

packages/db/prisma/schema.prisma

@@ -41,3 +41,48 @@ model Repo {
 
   @@unique([external_id, external_codeHostUrl])
 }
+
+// @see : https://authjs.dev/concepts/database-models#user
+model User {
+  id            String          @id @default(cuid())
+  name          String?
+  email         String?         @unique
+  emailVerified DateTime?
+  image         String?
+  accounts      Account[]
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+}
+
+// @see : https://authjs.dev/concepts/database-models#account
+model Account {
+  id                String  @id @default(cuid())
+  userId            String
+  type              String
+  provider          String
+  providerAccountId String
+  refresh_token     String?
+  access_token      String?
+  expires_at        Int?
+  token_type        String?
+  scope             String?
+  id_token          String?
+  session_state     String?
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@unique([provider, providerAccountId])
+}
+
+// @see : https://authjs.dev/concepts/database-models#verificationtoken
+model VerificationToken {
+  identifier String
+  token      String
+  expires    DateTime
+
+  @@unique([identifier, token])
+}

packages/web/next.config.mjs

@@ -22,10 +22,14 @@ const nextConfig = {
     // This is required to support PostHog trailing slash API requests
     skipTrailingSlashRedirect: true,
 
+    // @nocheckin: This was interfering with the the `matcher` regex in middleware.ts,
+    // causing regular expressions parsing errors when making a request. It's unclear
+    // why exactly this was happening, but it's likely due to a bad replacement happening
+    // in the `sed` command.
     // @note: this is evaluated at build time.
-    ...(process.env.NEXT_PUBLIC_DOMAIN_SUB_PATH ? {
-        basePath: process.env.NEXT_PUBLIC_DOMAIN_SUB_PATH,
-    } : {})
+    // ...(process.env.NEXT_PUBLIC_DOMAIN_SUB_PATH ? {
+    //     basePath: process.env.NEXT_PUBLIC_DOMAIN_SUB_PATH,
+    // } : {})
 };
 
 export default nextConfig;

packages/web/package.json

@@ -10,6 +10,7 @@
     "test": "vitest"
   },
   "dependencies": {
+    "@auth/prisma-adapter": "^2.7.4",
     "@codemirror/commands": "^6.6.0",
     "@codemirror/lang-cpp": "^6.0.2",
     "@codemirror/lang-css": "^6.3.0",
@@ -39,6 +40,7 @@
     "@hookform/resolvers": "^3.9.0",
     "@iconify/react": "^5.1.0",
     "@iizukak/codemirror-lang-wgsl": "^0.3.0",
+    "@radix-ui/react-avatar": "^1.1.2",
     "@radix-ui/react-dropdown-menu": "^2.1.1",
     "@radix-ui/react-icons": "^1.3.0",
     "@radix-ui/react-label": "^2.1.0",
@@ -89,6 +91,7 @@
     "http-status-codes": "^2.3.0",
     "lucide-react": "^0.435.0",
     "next": "14.2.21",
+    "next-auth": "^5.0.0-beta.25",
     "next-themes": "^0.3.0",
     "posthog-js": "^1.161.5",
     "pretty-bytes": "^6.1.1",
@@ -119,9 +122,10 @@
     "jsdom": "^25.0.1",
     "npm-run-all": "^4.1.5",
     "postcss": "^8",
+    "@sourcebot/db": "^0.1.0",
     "tailwindcss": "^3.4.1",
     "typescript": "^5",
     "vite-tsconfig-paths": "^5.1.3",
     "vitest": "^2.1.5"
   }
-}
+}

packages/web/src/app/api/(server)/auth/[...nextauth]/route.ts

@@ -0,0 +1,2 @@
+import { handlers } from "@/auth";
+export const { GET, POST } = handlers;

packages/web/src/app/api/(server)/search/route.ts

@@ -8,13 +8,15 @@ import { NextRequest } from "next/server";
 
 export const POST = async (request: NextRequest) => {
     const body = await request.json();
-    const tenantId = await request.headers.get("X-Tenant-ID");
+    const tenantId = request.headers.get("X-Tenant-ID");
 
     console.log(`Search request received. Tenant ID: ${tenantId}`);
 
     const parsed = await searchRequestSchema.safeParseAsync({
         ...body,
-        ...(tenantId && { tenantId: parseInt(tenantId) }),
+        ...(tenantId ? {
+            tenantId: parseInt(tenantId)
+        } : {}),
     });
     if (!parsed.success) {
         return serviceErrorResponse(