Add model serializer and coreid login provider

src/auth/Authentication.ts

@@ -9,6 +9,10 @@ import {GuestRequiredMiddleware} from './middleware/GuestRequiredMiddleware'
 import {SessionAuthMiddleware} from './middleware/SessionAuthMiddleware'
 import {ViewEngine} from '../views/ViewEngine'
 import {SecurityContext} from './context/SecurityContext'
+import {LoginProvider, LoginProviderConfig} from './provider/LoginProvider'
+import {Config} from '../service/Config'
+import {ErrorWithContext, hasOwnProperty} from '../util'
+import {Route} from '../http/routing/Route'
 
 @Injectable()
 export class Authentication extends Unit {
@@ -18,6 +22,11 @@ export class Authentication extends Unit {
     @Inject()
     protected readonly middleware!: Middlewares
 
+    @Inject()
+    protected readonly config!: Config
+
+    protected providers: {[name: string]: LoginProvider<LoginProviderConfig>} = {}
+
     async up(): Promise<void> {
         this.middleware.registerNamespace('@auth', this.getMiddlewareResolver())
 
@@ -27,6 +36,33 @@ export class Authentication extends Unit {
                     return () => req?.make<SecurityContext>(SecurityContext)?.getUser()
                 })
             })
+
+        const config = this.config.get('auth.providers', {})
+        const middleware = this.config.get('auth.middleware', SessionAuthMiddleware)
+
+        if ( !(middleware?.prototype instanceof Middleware) ) {
+            throw new ErrorWithContext('Auth middleware must extend Middleware base class', {
+                providedValue: middleware,
+                configKey: 'auth.middleware',
+            })
+        }
+
+        for ( const name in config ) {
+            if ( !hasOwnProperty(config, name) ) {
+                continue
+            }
+
+            if ( this.providers[name] ) {
+                this.logging.warn(`Registering duplicate authentication provider: ${name}`)
+            }
+
+            this.logging.verbose(`Registered authentication provider: ${name}`)
+            this.providers[name] = this.make(config[name].driver, name, config[name].config)
+
+            Route.group(`/auth/${name}`, () => {
+                this.providers[name].routes()
+            }).pre(request => request.make<Middleware>(middleware, request).apply())
+        }
     }
 
     protected getMiddlewareResolver(): CanonicalResolver<StaticInstantiable<Middleware>> {

src/auth/config.ts

@@ -1,12 +1,17 @@
 import {Instantiable, isInstantiable} from '../di'
 import {AuthenticatableRepository} from './types'
 import {hasOwnProperty} from '../util'
-import {LoginProviderConfig} from './provider/LoginProvider'
+import {LoginProvider, LoginProviderConfig} from './provider/LoginProvider'
+import {Middleware} from '../http/routing/Middleware'
 
 export interface AuthenticationConfig {
     storage: Instantiable<AuthenticatableRepository>,
+    middleware?: Instantiable<Middleware>,
     providers?: {
-        [key: string]: LoginProviderConfig
+        [key: string]: {
+            driver: Instantiable<LoginProvider<LoginProviderConfig>>,
+            config: LoginProviderConfig,
+        },
     },
 }
 
@@ -15,7 +20,7 @@ export function isAuthenticationConfig(what: unknown): what is AuthenticationCon
         return false
     }
 
-    if ( !hasOwnProperty(what, 'storage') || !hasOwnProperty(what, 'sources') ) {
+    if ( !hasOwnProperty(what, 'storage') || !hasOwnProperty(what, 'providers') ) {
         return false
     }
 
@@ -23,17 +28,21 @@ export function isAuthenticationConfig(what: unknown): what is AuthenticationCon
         return false
     }
 
-    if ( typeof what.sources !== 'object' ) {
+    if ( typeof what.providers !== 'object' ) {
         return false
     }
 
-    for ( const key in what.sources ) {
+    for ( const key in what.providers ) {
-        if ( !hasOwnProperty(what.sources, key) ) {
+        if ( !hasOwnProperty(what.providers, key) ) {
             continue
         }
 
-        const source = what.sources[key]
+        const source = what.providers[key]
-        if ( !isInstantiable(source) || !(source.prototype instanceof AuthenticatableRepository) ) {
+        if ( typeof source !== 'object' || source === null || !hasOwnProperty(source, 'driver') ) {
+            return false
+        }
+
+        if ( !isInstantiable(source.driver) || !(source.driver.prototype instanceof LoginProvider) ) {
             return false
         }
     }

src/auth/index.ts

@@ -11,6 +11,17 @@ export * from './event/UserAuthenticatedEvent'
 export * from './event/UserAuthenticationResumedEvent'
 export * from './event/UserFlushedEvent'
 
+export * from './middleware/AuthRequiredMiddleware'
+export * from './middleware/GuestRequiredMiddleware'
+export * from './middleware/SessionAuthMiddleware'
+
+export * from './provider/basic/BasicLoginAttempt'
+export * from './provider/basic/BasicLoginProvider'
+export * from './provider/basic/BasicRegistrationAttempt'
+
+export * from './provider/oauth/OAuth2LoginProvider'
+export * from './provider/oauth/CoreIDLoginProvider'
+
 export * from './serial/AuthenticationEventSerializer'
 
 export * from './repository/orm/ORMUser'

src/auth/provider/LoginProvider.ts

@@ -5,6 +5,7 @@ import {AuthRequiredMiddleware} from '../middleware/AuthRequiredMiddleware'
 import {Inject, Injectable} from '../../di'
 import {SecurityContext} from '../context/SecurityContext'
 import {redirect} from '../../http/response/RedirectResponseFactory'
+import {RequestLocalStorage} from '../../http/RequestLocalStorage'
 
 export interface LoginProviderConfig {
     default: boolean,
@@ -17,7 +18,11 @@ export interface LoginProviderConfig {
 @Injectable()
 export abstract class LoginProvider<TConfig extends LoginProviderConfig> {
     @Inject()
-    protected readonly security!: SecurityContext
+    protected readonly request!: RequestLocalStorage
+
+    protected get security(): SecurityContext {
+        return this.request.get().make(SecurityContext)
+    }
 
     constructor(
         protected name: string,

src/auth/provider/oauth/CoreIDLoginProvider.ts

@@ -0,0 +1,100 @@
+/* eslint camelcase: 0 */
+import {OAuth2LoginProvider, OAuth2LoginProviderConfig} from './OAuth2LoginProvider'
+import {Authenticatable} from '../../types'
+import {Request} from '../../../http/lifecycle/Request'
+import {ErrorWithContext, uuid4, fetch} from '../../../util'
+
+/**
+ * OAuth2LoginProvider implementation that authenticates users against a
+ * Starship CoreID server.
+ */
+export class CoreIDLoginProvider extends OAuth2LoginProvider<OAuth2LoginProviderConfig> {
+    protected async callback(request: Request): Promise<Authenticatable> {
+        // Get authentication_code from the request
+        const code = String(request.input('code') || '')
+        if ( !code ) {
+            throw new ErrorWithContext('Unable to authenticate user: missing login code', {
+                input: request.input(),
+            })
+        }
+
+        // Get OAuth2 token from CoreID
+        const token = await this.getToken(code)
+
+        // Get user from endpoint
+        const userData = await this.getUserData(token)
+
+        // Return authenticatable instance
+        const existing = await this.security.repository.getByIdentifier(userData.uid)
+        if ( existing ) {
+            this.updateUser(existing, userData)
+            return existing
+        }
+
+        const user = await this.security.repository.createFromCredentials(userData.uid, uuid4())
+        this.updateUser(user, userData)
+        return user
+    }
+
+    /** Given an access token, look up the associated user's information. */
+    protected async getUserData(token: string): Promise<any> {
+        const userResponse = await fetch(
+            this.config.userUrl,
+            {
+                method: 'GET',
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            },
+        )
+
+        const userData: any = await userResponse.json()
+        if ( !userData?.data?.uid ) {
+            throw new ErrorWithContext('Unable to extract user from response', {
+                userData,
+            })
+        }
+
+        return userData.data
+    }
+
+    /** Given a login code, redeem it for an access token. */
+    protected async getToken(code: string): Promise<string> {
+        const body: string[] = [
+            'code=' + encodeURIComponent(code),
+            'client_id=' + encodeURIComponent(this.config.clientId),
+            'client_secret=' + encodeURIComponent(this.config.clientSecret),
+            'grant_type=authorization_code',
+        ]
+
+        const response = await fetch(
+            this.config.tokenUrl,
+            {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: body.join('&'),
+            },
+        )
+
+        const data = await response.json()
+        const token = (data as any).access_token
+        if ( !token ) {
+            throw new ErrorWithContext('Unable to obtain access token from response', {
+                data,
+            })
+        }
+
+        return String(token)
+    }
+
+    /** Update values on the Authenticatable from user data. */
+    protected updateUser(user: any, data: any): void {
+        user.firstName = data.first_name
+        user.lastName = data.last_name
+        user.email = data.email
+        user.tagline = data.tagline
+        user.photoUrl = data.profile_photo
+    }
+}

src/auth/provider/oauth/OAuth2LoginProvider.ts

@@ -0,0 +1,98 @@
+import {LoginProvider, LoginProviderConfig} from '../LoginProvider'
+import {ResponseObject, Route} from '../../../http/routing/Route'
+import {Inject, Injectable} from '../../../di'
+import {Routing} from '../../../service/Routing'
+import {GuestRequiredMiddleware} from '../../middleware/GuestRequiredMiddleware'
+import {redirect} from '../../../http/response/RedirectResponseFactory'
+import {view} from '../../../http/response/ViewResponseFactory'
+import {Request} from '../../../http/lifecycle/Request'
+import {Awaitable} from '../../../util'
+import {Authenticatable} from '../../types'
+
+export interface OAuth2LoginProviderConfig extends LoginProviderConfig {
+    displayName: string,
+    clientId: string|number
+    clientSecret: string
+    loginUrl: string
+    loginMessage?: string
+    logoutUrl?: string
+    tokenUrl: string,
+    userUrl: string,
+}
+
+/**
+ * LoginProvider implementation for OAuth2-based logins.
+ */
+@Injectable()
+export abstract class OAuth2LoginProvider<TConfig extends OAuth2LoginProviderConfig> extends LoginProvider<TConfig> {
+    @Inject()
+    protected readonly routing!: Routing
+
+    public routes(): void {
+        super.routes()
+
+        Route.any('redirect')
+            .alias(`@auth:${this.name}:redirect`)
+            .pre(GuestRequiredMiddleware)
+            .handledBy(() => redirect(this.getLoginUrl()))
+
+        Route.any('callback')
+            .alias(`@auth:${this.name}:callback`)
+            .pre(GuestRequiredMiddleware)
+            .passingRequest()
+            .handledBy(this.handleCallback.bind(this))
+    }
+
+    protected async handleCallback(request: Request): Promise<ResponseObject> {
+        const user = await this.callback(request)
+        if ( user ) {
+            await this.security.authenticate(user)
+            return this.redirectToIntendedRoute()
+        }
+
+        return redirect(this.routing.getNamedPath(`@auth:${this.name}:login`).toRemote)
+    }
+
+    /**
+     * After redirecting back from the OAuth2 server, look up the user information.
+     * @param request
+     * @protected
+     */
+    protected abstract callback(request: Request): Awaitable<Authenticatable>
+
+    public login(): ResponseObject {
+        const buttonUrl = this.routing
+            .getNamedPath(`@auth:${this.name}:redirect`)
+            .toRemote
+
+        return view('@extollo:auth:message', {
+            message: this.config.loginMessage ?? `Sign-in with ${this.config.displayName} to continue`,
+            buttonText: 'Sign-in',
+            buttonUrl,
+        })
+    }
+
+    public async logout(): Promise<ResponseObject> {
+        await this.security.flush()
+
+        if ( this.config.logoutUrl ) {
+            return redirect(this.config.logoutUrl)
+        }
+
+        return view('@extollo:auth:message', {
+            message: 'You have been signed-out',
+        })
+    }
+
+    /**
+     * Get the URL where the user should be redirected to sign-in.
+     * @protected
+     */
+    protected getLoginUrl(): string {
+        const callbackRoute = this.routing.getNamedPath(`@auth:${this.name}:callback`)
+
+        return this.config.loginUrl
+            .replace(/%c/g, String(this.config.clientId))
+            .replace(/%r/g, callbackRoute.toRemote)
+    }
+}

src/cli/directive/RoutesDirective.ts

@@ -23,12 +23,15 @@ export class RoutesDirective extends Directive {
         const maxHandlerLength = compiled.mapCall('getHandlerDisplay')
             .whereDefined()
             .max('length')
+        const maxNameLength = compiled.mapCall('getAlias')
+            .whereDefined()
+            .max('length')
 
-        const rows = compiled.map(route => [String(route), route.getHandlerDisplay()])
+        const rows = compiled.map(route => [String(route), route.getHandlerDisplay(), route.getAlias() || ''])
 
         const table = new Table({
-            head: ['Route', 'Handler'],
+            head: ['Route', 'Handler', 'Name'],
-            colWidths: [maxRouteLength + 2, maxHandlerLength + 2],
+            colWidths: [maxRouteLength + 2, maxHandlerLength + 2, maxNameLength + 2],
         })
 
         table.push(...rows.toArray())

src/http/routing/Route.ts

@@ -398,6 +398,10 @@ export class Route<TReturn extends ResponseObject, THandlerParams extends unknow
         return this.aliases.includes(name)
     }
 
+    getAlias(): Maybe<string> {
+        return this.aliases.first()
+    }
+
     isHandled(): this is HandledRoute<TReturn, THandlerParams> {
         return Boolean(this.handler)
     }

src/orm/connection/event/QueryExecutedEventSerializer.ts

@@ -1,9 +1,8 @@
-import {BaseSerializer} from '../../../support/bus'
+import {BaseSerializer, ObjectSerializer} from '../../../support/bus'
 import {QueryExecutedEvent} from './QueryExecutedEvent'
 import {Awaitable, JSONState} from '../../../util'
 import {Container, Inject, Injectable} from '../../../di'
 import {DatabaseService} from '../../DatabaseService'
-import {ObjectSerializer} from '../../../support/bus/serial/decorators'
 
 export interface QueryExecutedEventSerialPayload extends JSONState {
     connectionName: string

src/orm/index.ts

@@ -7,6 +7,8 @@ export * from './builder/Builder'
 
 export * from './connection/Connection'
 export * from './connection/PostgresConnection'
+export * from './connection/event/QueryExecutedEvent'
+export * from './connection/event/QueryExecutedEventSerializer'
 
 export * from './dialect/SQLDialect'
 export * from './dialect/PostgreSQLDialect'
@@ -17,6 +19,7 @@ export * from './model/ModelBuilder'
 export * from './model/ModelResultIterable'
 export * from './model/events'
 export * from './model/Model'
+export * from './model/ModelSerializer'
 
 export * from './model/relation/RelationBuilder'
 export * from './model/relation/Relation'

src/orm/model/ModelSerializer.ts

@@ -0,0 +1,68 @@
+import {BaseSerializer, ObjectSerializer} from '../../support/bus'
+import {Model} from './Model'
+import {Awaitable, ErrorWithContext, JSONState, Maybe} from '../../util'
+import {QueryRow} from '../types'
+import {Inject, Injectable, isInstantiable} from '../../di'
+import {Canon} from '../../service/Canon'
+
+export interface ModelSerialPayload extends JSONState {
+    canonicalResolver: string,
+    primaryKey: any,
+    objectValues: QueryRow,
+}
+
+@ObjectSerializer()
+@Injectable()
+export class ModelSerializer extends BaseSerializer<Model<any>, ModelSerialPayload> {
+    @Inject()
+    protected readonly canon!: Canon
+
+    protected async decodeSerial(serial: ModelSerialPayload): Promise<Model<any>> {
+        const ModelClass = this.canon.getFromFullyQualified(serial.canonicalResolver) as typeof Model
+        if ( !ModelClass || !(ModelClass.prototype instanceof Model) || !isInstantiable<Model<any>>(ModelClass) ) {
+            throw new ErrorWithContext('Cannot decode serialized model as canonical resolver is invalid', {
+                serial,
+            })
+        }
+
+        let inst: Maybe<Model<any>> = this.make<Model<any>>(ModelClass)
+        if ( serial.primaryKey ) {
+            inst = await ModelClass.query()
+                .whereKey(serial.primaryKey)
+                .first()
+        }
+
+        if ( !inst ) {
+            throw new ErrorWithContext('Could not look up serialized model', {
+                serial,
+            })
+        }
+
+        await inst.assume(serial.objectValues)
+        return inst
+    }
+
+    protected encodeActual(actual: Model<any>): Awaitable<ModelSerialPayload> {
+        const ctor = actual.constructor as typeof Model
+        const canonicalResolver = ctor.getFullyQualifiedCanonicalResolver()
+        if ( !canonicalResolver ) {
+            throw new ErrorWithContext('Unable to serialize model: no Canonical resolver', {
+                actual,
+            })
+        }
+
+        return {
+            canonicalResolver,
+            primaryKey: actual.key(),
+            objectValues: actual.toObject(),
+        }
+    }
+
+    protected getName(): string {
+        return '@extollo/lib.ModelSerializer'
+    }
+
+    matchActual(some: Model<any>): boolean {
+        return some instanceof Model
+    }
+}

src/resources/views/auth/message.pug

@@ -1,8 +1,11 @@
-extends ./theme
+extends ../base
 
 block content
+    .offset(style='padding-top: 20vh')
     if heading
-        h3.login-heading.mb-4 #{heading}
+        h3.login-heading #{heading}
+    else
+        h3.login-heading #{config('app.name') || ''}
 
     if errors
         each error in errors
@@ -10,3 +13,6 @@ block content
 
     if message
         p #{message}
+
+    if buttonText && buttonUrl
+        a.button(href=buttonUrl) #{buttonText}

src/resources/views/auth/theme.pug

@@ -1,21 +0,0 @@
-html
-    head
-        meta(name='viewport' content='width=device-width initial-scale=1')
-
-        block head
-
-        block styles
-            link(rel='stylesheet' href=vendor('@extollo/lib', 'lib/bootstrap.min.css'))
-            link(rel='stylesheet' href=vendor('@extollo/lib', 'auth/theme.css'))
-    body
-        .container-fluid
-            .row.no-gutter
-                .col-md-12.col-lg-12
-                    .login.d-flex.align-items-center.py-5
-                        .container
-                            .row
-                                .col-md-9.col-lg-6.mx-auto
-                                    block content
-
-        block scripts
-            script(src=vendor('@extollo/lib', 'lib/bootstrap.min.js'))

src/support/bus/LocalBus.ts

@@ -3,14 +3,14 @@ import {BusSubscriber, Event, EventBus, EventHandler, EventHandlerReturn, EventH
 import {Awaitable, Collection, Pipeline, uuid4} from '../../util'
 import {Logging} from '../../service/Logging'
 import {Bus, BusInternalSubscription} from './Bus'
-import {AppClass} from '../../lifecycle/AppClass'
 import {getEventName} from './getEventName'
+import {CanonicalItemClass} from '../CanonicalReceiver'
 
 /**
  * Non-connectable event bus implementation. Can forward events to the main Bus instance.
  */
 @Injectable()
-export class LocalBus<TEvent extends Event = Event> extends AppClass implements EventBus<TEvent> {
+export class LocalBus<TEvent extends Event = Event> extends CanonicalItemClass implements EventBus<TEvent> {
     @Inject()
     protected readonly logging!: Logging