homelab/backbone
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

feat: add admin auth provider

Browse Source
This commit is contained in:
Morten Olsen
2025-10-16 16:49:28 +02:00
parent 9ba5788d20
commit 5cf0a3612a
6 changed files with 50 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/auth/auth.admin.ts Normal file
View File

@@ -0,0 +1,32 @@
import type { Services } from '#root/utils/services.ts';
import { Config } from '#root/config/config.ts';
import type { Statement } from './auth.schemas.ts';
import type { AuthProvider } from './auth.provider.ts';
const adminStatements: Statement[] = [
{
effect: 'allow',
resources: ['**'],
actions: ['**'],
},
];
class AdminAuth implements AuthProvider {
#services: Services;
constructor(services: Services) {
this.#services = services;
}
public getAccess = async (token: string) => {
const config = this.#services.get(Config);
if (!config.adminToken || token !== config.adminToken) {
throw new Error('Invalid admin token');
}
return {
statements: adminStatements,
};
};
}
export { AdminAuth };

4
src/auth/auth.jwt.ts
View File

@@ -22,7 +22,7 @@ class JwtAuth implements AuthProvider {
public generate = (options: TokenBody) => { public generate = (options: TokenBody) => {
const config = this.#services.get(Config); const config = this.#services.get(Config);
const { tokenSecret } = config; const { jwtSecret: tokenSecret } = config;
if (!tokenSecret) { if (!tokenSecret) {
throw new Error('Token secret does not exist'); throw new Error('Token secret does not exist');
} }
@@ -32,7 +32,7 @@ class JwtAuth implements AuthProvider {
public getAccess = async (token: string) => { public getAccess = async (token: string) => {
const config = this.#services.get(Config); const config = this.#services.get(Config);
const { tokenSecret } = config; const { jwtSecret: tokenSecret } = config;
if (!tokenSecret) { if (!tokenSecret) {
throw new Error('Token secret does not exist'); throw new Error('Token secret does not exist');
} }

8
src/backbone.ts
View File

@@ -1,3 +1,4 @@
import { AdminAuth } from './auth/auth.admin.ts';
import { JwtAuth } from './auth/auth.jwt.ts'; import { JwtAuth } from './auth/auth.jwt.ts';
import { K8sAuth } from './auth/auth.k8s.ts'; import { K8sAuth } from './auth/auth.k8s.ts';
import { OidcAuth } from './auth/auth.oidc.ts'; import { OidcAuth } from './auth/auth.oidc.ts';
@@ -56,8 +57,11 @@ class Backbone {
if (this.config.oidc.enabled) { if (this.config.oidc.enabled) {
this.sessionProvider.register('oidc', this.#services.get(OidcAuth)); this.sessionProvider.register('oidc', this.#services.get(OidcAuth));
} }
if (this.config.tokenSecret) { if (this.config.jwtSecret) {
this.sessionProvider.register('token', this.#services.get(JwtAuth)); this.sessionProvider.register('jwt', this.#services.get(JwtAuth));
}
if (this.config.adminToken) {
this.sessionProvider.register('admin', this.#services.get(AdminAuth));
} }
}; };

2
src/config/config.ts
View File

@@ -1,5 +1,5 @@
class Config { class Config {
public get tokenSecret() { public get jwtSecret() {
return process.env.TOKEN_SECRET; return process.env.TOKEN_SECRET;
} }

8
src/server/server.ts
View File

@@ -13,12 +13,12 @@ import fastify, { type FastifyInstance } from 'fastify';
import fastifyWebSocket from '@fastify/websocket'; import fastifyWebSocket from '@fastify/websocket';
import { createWebSocketStream } from 'ws'; import { createWebSocketStream } from 'ws';
import { Session } from '../access/access.session.ts';
import { api } from '../api/api.ts'; import { api } from '../api/api.ts';
import { AccessHandler } from '#root/access/access.handler.ts';
import { TopicsHandler } from '#root/topics/topics.handler.ts'; import { TopicsHandler } from '#root/topics/topics.handler.ts';
import type { Services } from '#root/utils/services.ts'; import type { Services } from '#root/utils/services.ts';
import { Session } from '#root/services/sessions/sessions.session.ts';
import { SessionProvider } from '#root/services/sessions/sessions.provider.ts';
type Aedes = ReturnType<typeof aedes.createBroker>; type Aedes = ReturnType<typeof aedes.createBroker>;
@@ -57,8 +57,8 @@ class MqttServer {
if (!username || !password) { if (!username || !password) {
throw new Error('unauthorized'); throw new Error('unauthorized');
} }
const accessHandler = this.#services.get(AccessHandler); const sessionProvider = this.#services.get(SessionProvider);
const auth = await accessHandler.validate(username, password.toString('utf8')); const auth = await sessionProvider.validate(username, password.toString('utf8'));
client.session = new Session(auth); client.session = new Session(auth);
callback(null, true); callback(null, true);
} catch { } catch {

5
tests/utils/utils.world.ts
View File

@@ -6,6 +6,7 @@ import { TopicsStore } from '#root/topics/topics.store.ts';
import { Backbone } from '#root/backbone.ts'; import { Backbone } from '#root/backbone.ts';
import { JwtAuth } from '#root/auth/auth.jwt.ts'; import { JwtAuth } from '#root/auth/auth.jwt.ts';
import type { Statement } from '#root/auth/auth.schemas.ts'; import type { Statement } from '#root/auth/auth.schemas.ts';
import { Config } from '#root/config/config.ts';
type CreateSocketOptions = { type CreateSocketOptions = {
port: number; port: number;
@@ -29,6 +30,10 @@ type WorldOptions = {
const createWorld = async (options: WorldOptions) => { const createWorld = async (options: WorldOptions) => {
const { topics = [] } = options; const { topics = [] } = options;
const backbone = new Backbone(); const backbone = new Backbone();
backbone.services.set(Config, {
jwtSecret: 'test',
adminToken: 'test',
});
const accessTokens = backbone.services.get(JwtAuth); const accessTokens = backbone.services.get(JwtAuth);
backbone.sessionProvider.register('token', accessTokens); backbone.sessionProvider.register('token', accessTokens);
const topicsStore = new TopicsStore(); const topicsStore = new TopicsStore();