Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement GitHub OAuth to restrict access #73

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Implement GitHub OAuth to restrict access #73

wants to merge 8 commits into from

Conversation

danlivings-dxw
Copy link
Contributor

@danlivings-dxw danlivings-dxw commented Oct 17, 2024
edited
Loading

This PR implements the GitHub OAuth authentication mechanism to allow Towtruck to identify who is using the app. This provides two main benefits:

  • Dashboards can be restricted to logged in users
  • Dashboards can be scoped only to organisations for which the logged in user is a member.

Together, these prevent the potential leaking of information about private repositories to unauthorised users of the Towtruck application.

When using the Towtruck application for the first time, a user will be prompted to login using GitHub:
image

This will redirect to the GitHub App authorisation page:
image

Upon granting access to Towtruck, the user is redirected to the organisation index (the root path /):
image

Each organisation's name is a link to the organisation-specific dashboard, which is now available at the /{org} path. Attempting to access an organisation for which the user is not a member will redirect to the index.

Additionally, a "Logout" link is provided in the header, and the application title is now also a link to the index page.

@danlivings-dxw danlivings-dxw force-pushed the feature/use-github-webhooks branch from e303c55 to 61f8d54 Compare October 17, 2024 13:00
@danlivings-dxw danlivings-dxw force-pushed the feature/use-github-webhooks branch from 61f8d54 to 6f0fd81 Compare October 17, 2024 14:59
@danlivings-dxw danlivings-dxw force-pushed the feature/use-github-webhooks branch from 6f0fd81 to 0ed3848 Compare October 17, 2024 15:03
@danlivings-dxw danlivings-dxw force-pushed the feature/use-github-webhooks branch from 0ed3848 to 25aeb2a Compare October 23, 2024 15:21
@Gweaton
Copy link

Gweaton commented Oct 30, 2024

Apologies, I've had trouble finishing this review today, but I thought I'd offer one thing.

Suggestion: I'd highly recommend using Express rather than writing your own routing implementation here.

@danlivings-dxw
Copy link
Contributor Author

@Gweaton not using Express is by design as one of the principles for Towtruck is to have a minimal number of dependencies (see ADR 0002 for the rationale).

shuldt
shuldt reviewed Oct 31, 2024
View reviewed changes
index.js Outdated Show resolved Hide resolved
index.js Show resolved Hide resolved
routes/handlers.js Outdated
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want testing for the logout flow also?

@danlivings-dxw danlivings-dxw force-pushed the feature/use-github-webhooks branch from 5627127 to ceaaed0 Compare November 14, 2024 15:13
Base automatically changed from feature/use-github-webhooks to main November 14, 2024 15:21
@danlivings-dxw danlivings-dxw force-pushed the feature/use-auth branch 3 times, most recently from 88b8466 to daaab62 Compare November 14, 2024 17:42
@danlivings-dxw danlivings-dxw force-pushed the feature/use-auth branch 2 times, most recently from 48f80e8 to 91d2391 Compare November 28, 2024 15:07
@danlivings-dxw
Configure GitHub OAuth setup
b24623c 
This defines the `REDIRECT_URL_BASE` environment variable which can be
used to configure which callback URL Towtruck provides when using the
OAuth authentication flow.

Octokit already provides as part of its middleware the ability to
authenticate as a GitHub user, so Towtruck just needs to be able to hook
into this process.
@danlivings-dxw
Introduce login page Nunjucks template
8541b31 
Towtruck should expose a login page rather than immediately redirecting
to the GitHub auth page, both to avoid surprising the user and also to
provide a landing area if more login methods are supported in the
future.

To make sure that this login page looks the same as the index page,
`index.njk` has been split:
- `base.njk` contains the `<head>` and outer body to the `.container`
- `index.njk` contains the content found inside the `.container`

A `login.njk` page has also been introduced that provides a link to the
GitHub login webhook.
@danlivings-dxw
Implement logging in using GitHub OAuth
9bc6738 
User tokens are stored as a cookie. If no valid token is presented, the
user is shown the login page, which allows them to authorise Towtruck to
access their account. This then redirects to the Towtruck callback URL,
which generates the token and instructs the browser to store it before
redirecting to the index page.
@danlivings-dxw
Refactor server logic to introduce routes
b903cb1 
This allows basic path parameter recognition in the form of
`/path/{with}/{parameters}` as well as verbatim paths.

This will allow for things such as redirecting to a dedicated login
route, or presenting dashboards for specific organisations.
@danlivings-dxw
Scope repositories by organisation in the database
e44e1ca 
This now saves repository-scoped data with the `name` being of the
format `org/reponame`. This allows for a method like
`getAllRepositoriesForOrg`, which provides two benefits:
1. Towtruck can provide per-organisation dashboards.
2. Towtruck can restrict access to organisations for which the logged in
   user should not have access.
@danlivings-dxw
Implement index page
abf7d59 
The root path `/` now displays a list of organisations using Towtruck
that the user is a member of. Items in the list link to
organisation-specific dashboards available at `/{org}`. Users that
aren't members of an organisation will be redirected back to the root
path, preventing the unauthorised access to information about private
repositories.
@danlivings-dxw
Implement logging out
cfd0649 
A link in the header is provided to logged in users. The `/logout`
endpoint instructs the browser to delete the Token cookie and redirects
the user to the root page.
@danlivings-dxw danlivings-dxw force-pushed the feature/use-auth branch 3 times, most recently from 1309d80 to d54cecc Compare December 12, 2024 15:59
@danlivings-dxw
Allow Playwright tests to be authenticated
0e7a69c 
The `GH_TOKEN` environment variable can be used both locally and in CI
to avoid testing the GitHub OAuth flow (which is provided by the Octokit
library and can therefore be assumed to be well tested).

In local development the token can be retrieved by logging into Towtruck
and then copying the value of the `Token` cookie.

In CI, the correct value is automatically populated by GitHub Actions
into a secret.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shuldt shuldt shuldt left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danlivings-dxw @Gweaton @shuldt