1108 retrieve env vars (#39)

* 1108 Using getEnvironmentVariables to retrieve environment variables

* Updates versions in package-lock.json and adds update commands to the README.md file

* 1108 Updates environment variables in nextauth middleware

* 1108 Adds breaking-changes.md file

* 1108 Adds breaking-changes.md file

* 1108 Adds commit hash

* 1108 Update breaking-changes.md

Co-authored-by: Ruben van Leeuwen <ruben@sinin.nl>

* 1108 Renames README.md to update-instructions.md

* 1108 Updates .env.example

* 1108 Updates .env.example

---------

Co-authored-by: Ruben van Leeuwen <ruben@sinin.nl>

Author: ricardovdheijden

.env.example

@@ -1,29 +1,30 @@
 ENVIRONMENT_NAME=Development
-PROCESS_DETAIL_REFETCH_INTERVAL=3000
-
 ORCHESTRATOR_API_HOST=http://localhost:8080
 ORCHESTRATOR_API_PATH=/api
 ORCHESTRATOR_GRAPHQL_HOST=http://localhost:8080
 ORCHESTRATOR_GRAPHQL_PATH=/api/graphql
 ORCHESTRATOR_WEBSOCKET_URL=ws://localhost:8080
+USE_WEB_SOCKETS=false
+USE_THEME_TOGGLE=false
+SHOW_WORKFLOW_INFORMATION_LINK=true
+WORKFLOW_INFORMATION_LINK_URL="https://workfloworchestrator.org/"
 
-AUTH_ACTIVE=true
-NEXTAUTH_ID="keycloak"
-NEXTAUTH_CLIENT_ID="orchestrator-client"
-NEXTAUTH_CLIENT_SECRET="KEYCLOAK_SECRET"
-NEXTAUTH_SECRET="NEXTAUTH_SECRET"
-NEXTAUTH_ISSUER="http://localhost:8085/realms/orchestrator"
-NEXTAUTH_WELL_KNOWN_OVERRIDE="http://localhost:8085/auth/.well-known/openid-configuration"
+# Auth variables
+OAUTH2_ACTIVE=true
+NEXTAUTH_PROVIDER_ID="keycloak"
+NEXTAUTH_PROVIDER_NAME="Keycloak"
 NEXTAUTH_AUTHORIZATION_SCOPE_OVERRIDE="openid profile"
-NEXTAUTH_URL=http://localhost:3000/api/auth
+OAUTH2_CLIENT_ID="orchestrator-client"
+OAUTH2_CLIENT_SECRET="KEYCLOAK_SECRET"
+OIDC_CONF_FULL_WELL_KNOWN_URL="https://localhost:8085/api/v1/auth/.well-known/openid-configuration"
 
-# docker-compose variables
+# Required by the Nextauth middleware
+NEXTAUTH_URL=http://localhost:3001/api/auth
+NEXTAUTH_SECRET="NEXTAUTH_SECRET"
+
+# Auth variables for local development environment (Keycloak in Docker)
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
 KEYCLOAK_PORT=8085
 
-USE_WEBSOCKET=false
-USE_THEME_TOGGLE=false
 
-SHOW_WORKFLOW_INFORMATION_LINK=false
-WORKFLOW_INFORMATION_LINK_URL=http://localhost:8080

breaking-changes.md

@@ -0,0 +1,17 @@
+# Breaking Changes
+
+## Commit: edec88ccce4ac168d7e23c29477ee42748d20778 (Tue Jun 4 16:09:42 2024 +0200)
+
+Renaming environment variables:
+
+| Old                          | New                           |
+| ---------------------------- | ----------------------------- |
+| AUTH_ACTIVE                  | OAUTH2_ACTIVE                 |
+| NEXTAUTH_CLIENT_ID           | OAUTH2_CLIENT_ID              |
+| NEXTAUTH_CLIENT_SECRET       | OAUTH2_CLIENT_SECRET          |
+| NEXTAUTH_ID                  | NEXTAUTH_PROVIDER_ID          |
+| NEXTAUTH_ID                  | NEXTAUTH_PROVIDER_NAME        |
+| NEXTAUTH_ISSUER              | OIDC_CONF_FULL_WELL_KNOWN_URL |
+| NEXTAUTH_WELL_KNOWN_OVERRIDE | OIDC_CONF_FULL_WELL_KNOWN_URL |
+
+Note: `NEXTAUTH_ID` is split up in 2 new environment variables. The `NEXTAUTH_ISSUER` and `NEXTAUTH_WELL_KNOWN_OVERRIDE` are replaced by one new environment variable.

configuration/configuration.ts

@@ -1,51 +1,49 @@
-import process from 'process';
-
 import {
     Environment,
     OrchestratorConfig,
+    getEnvironmentVariables,
 } from '@orchestrator-ui/orchestrator-ui-components';
 
-export const DEFAULT_GRAPHQL_CORE_ENDPOINT =
-    'http://localhost:8080/api/graphql';
-export const DEFAULT_ORCHESTRATOR_API_BASE_URL = 'http://localhost:8080/api';
-export const DEFAULT_ORCHESTRATOR_WEBSOCKET_URL = 'ws://localhost:8080';
-
-export const ENGINE_STATUS_ENDPOINT = '/settings/status';
-export const PROCESS_STATUS_COUNTS_ENDPOINT = '/processes/status-counts';
-export const PROCESSES_ENDPOINT = '/processes';
-export const SUBSCRIPTION_ACTIONS_ENDPOINT = '/subscriptions/workflows';
-export const SUBSCRIPTION_PROCESSES_ENDPOINT =
-    '/processes/process-subscriptions-by-subscription-id';
-export const DEFAULT_WORKFLOW_INFORMATION_LINK_URL = 'http://localhost:8080';
-
 export const getInitialOrchestratorConfig = (): OrchestratorConfig => {
-    const orchestratorGraphqlBaseUrl =
-        process.env.ORCHESTRATOR_GRAPHQL_HOST &&
-        process.env.ORCHESTRATOR_GRAPHQL_PATH
-            ? `${process.env.ORCHESTRATOR_GRAPHQL_HOST}${process.env.ORCHESTRATOR_GRAPHQL_PATH}`
-            : DEFAULT_GRAPHQL_CORE_ENDPOINT;
+    const {
+        USE_THEME_TOGGLE,
+        ENVIRONMENT_NAME,
+        ORCHESTRATOR_API_HOST,
+        ORCHESTRATOR_API_PATH,
+        ORCHESTRATOR_GRAPHQL_HOST,
+        ORCHESTRATOR_GRAPHQL_PATH,
+        ORCHESTRATOR_WEBSOCKET_URL,
+        USE_WEB_SOCKETS,
+        WORKFLOW_INFORMATION_LINK_URL,
+        SHOW_WORKFLOW_INFORMATION_LINK,
+        OAUTH2_ACTIVE,
+    } = getEnvironmentVariables([
+        'USE_THEME_TOGGLE',
+        'ENVIRONMENT_NAME',
+        'ORCHESTRATOR_API_HOST',
+        'ORCHESTRATOR_API_PATH',
+        'ORCHESTRATOR_GRAPHQL_HOST',
+        'ORCHESTRATOR_GRAPHQL_PATH',
+        'ORCHESTRATOR_WEBSOCKET_URL',
+        'USE_WEB_SOCKETS',
+        'WORKFLOW_INFORMATION_LINK_URL',
+        'SHOW_WORKFLOW_INFORMATION_LINK',
+        'OAUTH2_ACTIVE',
+    ]);
 
-    const orchestratorApiBaseUrl =
-        process.env.ORCHESTRATOR_API_HOST && process.env.ORCHESTRATOR_API_PATH
-            ? `${process.env.ORCHESTRATOR_API_HOST}${process.env.ORCHESTRATOR_API_PATH}`
-            : DEFAULT_ORCHESTRATOR_API_BASE_URL;
+    const graphqlEndpointCore = `${ORCHESTRATOR_GRAPHQL_HOST}${ORCHESTRATOR_GRAPHQL_PATH}`;
+    const orchestratorApiBaseUrl = `${ORCHESTRATOR_API_HOST}${ORCHESTRATOR_API_PATH}`;
 
     return {
         orchestratorApiBaseUrl,
-        graphqlEndpointCore: orchestratorGraphqlBaseUrl,
-        environmentName:
-            process.env.ENVIRONMENT_NAME ?? Environment.DEVELOPMENT,
-        orchestratorWebsocketUrl:
-            process.env.ORCHESTRATOR_WEBSOCKET_URL ||
-            DEFAULT_ORCHESTRATOR_WEBSOCKET_URL,
-        authActive: process.env.AUTH_ACTIVE?.toLowerCase() != 'false',
-        useWebSockets: process.env.USE_WEB_SOCKETS?.toLowerCase() === 'true',
-        useThemeToggle: process.env.USE_THEME_TOGGLE?.toLowerCase() === 'true',
-        workflowInformationLinkUrl:
-            process.env.WORKFLOW_INFORMATION_LINK_URL ??
-            DEFAULT_WORKFLOW_INFORMATION_LINK_URL,
+        graphqlEndpointCore,
+        environmentName: ENVIRONMENT_NAME ?? Environment.DEVELOPMENT,
+        orchestratorWebsocketUrl: ORCHESTRATOR_WEBSOCKET_URL,
+        authActive: OAUTH2_ACTIVE?.toLowerCase() != 'false',
+        useWebSockets: USE_WEB_SOCKETS?.toLowerCase() === 'true',
+        useThemeToggle: USE_THEME_TOGGLE?.toLowerCase() === 'true',
+        workflowInformationLinkUrl: WORKFLOW_INFORMATION_LINK_URL,
         showWorkflowInformationLink:
-            process.env.SHOW_WORKFLOW_INFORMATION_LINK?.toLowerCase() ===
-            'true',
+            SHOW_WORKFLOW_INFORMATION_LINK?.toLowerCase() === 'true',
     };
 };

package-lock.json

@@ -5,27 +5,43 @@ import { OAuthConfig } from 'next-auth/providers';
 import {
     WfoSession,
     WfoUserProfile,
+    getEnvironmentVariables,
 } from '@orchestrator-ui/orchestrator-ui-components';
 
-const token_endpoint_auth_method = process.env.NEXTAUTH_CLIENT_SECRET
+const {
+    OAUTH2_ACTIVE,
+    OAUTH2_CLIENT_ID,
+    OAUTH2_CLIENT_SECRET,
+    NEXTAUTH_PROVIDER_ID,
+    NEXTAUTH_PROVIDER_NAME,
+    NEXTAUTH_AUTHORIZATION_SCOPE_OVERRIDE,
+    OIDC_CONF_FULL_WELL_KNOWN_URL,
+} = getEnvironmentVariables([
+    'OAUTH2_ACTIVE',
+    'OAUTH2_CLIENT_ID',
+    'OAUTH2_CLIENT_SECRET',
+    'NEXTAUTH_PROVIDER_ID',
+    'NEXTAUTH_PROVIDER_NAME',
+    'NEXTAUTH_AUTHORIZATION_SCOPE_OVERRIDE',
+    'OIDC_CONF_FULL_WELL_KNOWN_URL',
+]);
+
+const isOauth2Enabled = OAUTH2_ACTIVE?.toLowerCase() != 'false';
+
+const token_endpoint_auth_method = OAUTH2_CLIENT_SECRET
     ? 'client_secret_basic'
     : 'none';
 
-const authActive = process.env.AUTH_ACTIVE?.toLowerCase() != 'false';
 const wfoProvider: OAuthConfig<WfoUserProfile> = {
-    id: process.env.NEXTAUTH_ID || '',
-    name: process.env.NEXTAUTH_ID || '',
+    id: NEXTAUTH_PROVIDER_ID,
+    name: NEXTAUTH_PROVIDER_NAME,
     type: 'oauth',
-    clientId: process.env.NEXTAUTH_CLIENT_ID || '',
-    clientSecret: process.env.NEXTAUTH_CLIENT_SECRET || undefined,
-    wellKnown:
-        process.env.NEXTAUTH_WELL_KNOWN_OVERRIDE ??
-        `${process.env.NEXTAUTH_ISSUER || ''}/.well-known/openid-configuration`,
+    clientId: OAUTH2_CLIENT_ID,
+    clientSecret: OAUTH2_CLIENT_SECRET || undefined,
+    wellKnown: OIDC_CONF_FULL_WELL_KNOWN_URL,
     authorization: {
         params: {
-            scope:
-                process.env.NEXTAUTH_AUTHORIZATION_SCOPE_OVERRIDE ??
-                'openid profile',
+            scope: NEXTAUTH_AUTHORIZATION_SCOPE_OVERRIDE ?? 'openid profile',
         },
     },
     idToken: true,
@@ -55,7 +71,7 @@ const wfoProvider: OAuthConfig<WfoUserProfile> = {
 };
 
 export const authOptions: AuthOptions = {
-    providers: authActive ? [wfoProvider] : [],
+    providers: isOauth2Enabled ? [wfoProvider] : [],
     callbacks: {
         async jwt({ token, account, profile }) {
             // The "account" is only available right after signing in -- adding useful data to the token

pages/api/auth/[...nextauth].ts

@@ -0,0 +1,13 @@
+## Updating library version in package-lock.json.
+
+Since the version of dependency `@orchestrator-ui/orchestrator-ui-components` is `*` for proper usage in our Turborepo, we still need to update package-lock.json to make the build command build the app with the latest library version.
+When a new version of any of the `@orchestrator-ui/...` packages is available, the current repository needs to be manually updated.
+
+Note: the command below can only be executed when the app is not part of the monorepo setup.
+
+```bash
+npm update @orchestrator-ui/orchestrator-ui-components
+npm update @orchestrator-ui/eslint-config-custom
+npm update @orchestrator-ui/jest-config
+npm update @orchestrator-ui/tsconfig
+```