ian/directus-extension-external-jwt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: patch vulnerabilities and add arm64 support (#13)

Browse Source 
* fix: update vite version for directus/extension (#12)

Co-authored-by: Kristoffer <zs-ko@users.noreply.github.com>

* update lock

* fix: add override for vite dependency

* fix: add error messages on cache

* fix: add blank to username/password if undefined

* fix: add missing configurations to redis. add more catch statemsnts

* doc: add REDIS_JWT_DB

* add arm64

* fix: resolve vulnerabilities in get-func-name,postcss,zod

* fix: update chai

* disable default attestations

* fix: correct image build for arm

* fix: remove quemu

* fix: typo in runner name

* fix runner

* fix: add platform to build and push resolves arm64

* fix: resolve invalid lock file

---------

Co-authored-by: Kristoffer <zs-ko@users.noreply.github.com>
This commit is contained in:
Kristoffer
2023-10-13 18:29:25 +02:00
committed by GitHub
parent 2d455a0a64
commit 2a7514a923
7 changed files with 329 additions and 239 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/release.yml vendored
View File

@@ -12,6 +12,7 @@ permissions:
env: env:
REGISTRY: ghcr.io REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }} IMAGE_NAME: ${{ github.repository }}
BUILDX_NO_DEFAULT_ATTESTATIONS: 1
jobs: jobs:
@@ -43,10 +44,12 @@ jobs:
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v2
with:
platforms: 'arm64,amd64'
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Log in to the Container registry - name: Log in to the Container registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
@@ -80,9 +83,10 @@ jobs:
type=raw,value=latest,enable={{is_default_branch}} type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
platforms: linux/amd64,linux/arm64
push: true push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}

1
README.md
View File

@@ -23,3 +23,4 @@ all configuration options listed here are an extension to directus default confi
| AUTH_PROVIDER_JWT_USEDB | Bool | If enabled/true the plugin will resolve the user and roles from the directus database using the token. For OIDC the sub is used. Should not be used without a Redis Cache enabled. | AUTH_PROVIDER_JWT_USEDB | Bool | If enabled/true the plugin will resolve the user and roles from the directus database using the token. For OIDC the sub is used. Should not be used without a Redis Cache enabled.
| CACHE_JWT_NAMESPACE | String | What namespace to use in cache store. | CACHE_JWT_NAMESPACE | String | What namespace to use in cache store.
| CACHE_JWT_TTL | Number | Time to live for the cached user entry, default 5000 (5 seconds) | CACHE_JWT_TTL | Number | Time to live for the cached user entry, default 5000 (5 seconds)
| REDIS_JWT_DB | Number | What database to use in Redis cache, default 2

17
package.json
View File

@@ -123,8 +123,8 @@
"dotenv": "^16.3.1", "dotenv": "^16.3.1",
"eslint": "^8.48.0", "eslint": "^8.48.0",
"eslint-config-standard-with-typescript": "^37.0.0", "eslint-config-standard-with-typescript": "^37.0.0",
"eslint-plugin-import": "^2.25.2", "eslint-plugin-import": "^2.28.1",
"eslint-plugin-n": "^15.0.0", "eslint-plugin-n": "^15.7.0",
"eslint-plugin-no-loops": "^0.3.0", "eslint-plugin-no-loops": "^0.3.0",
"eslint-plugin-promise": "^6.1.1", "eslint-plugin-promise": "^6.1.1",
"fs-extra": "^11.1.1", "fs-extra": "^11.1.1",
@@ -141,14 +141,17 @@
}, },
"dependencies": { "dependencies": {
"@keyv/redis": "^2.7.0", "@keyv/redis": "^2.7.0",
"jsonwebtoken": "^9.0.1", "jsonwebtoken": "^9.0.2",
"jwks-rsa": "^3.0.1", "jwks-rsa": "^3.0.1",
"keyv": "^4.5.3", "keyv": "^4.5.3",
"openid-client": "^5.4.3" "openid-client": "^5.4.3"
}, },
"overrides": { "pnpm": {
"@directus/extensions-sdk": { "overrides": {
"vite": "4.3.9" "vite": "^4.3.9",
"get-func-name@<2.0.1": ">=2.0.1",
"zod@<=3.22.2": ">=3.22.3",
"postcss@<8.4.31": ">=8.4.31"
} }
} }
} }

502
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

1
redispass Normal file
View File

@@ -0,0 +1 @@
asd

37
src/external-jwt/cache.ts
View File

@@ -1,10 +1,14 @@
import {default as Keyv, Store} from 'keyv'; import {default as Keyv, Store} from 'keyv';
import env from './config/config'; import env from './config/config';
import {default as KeyvRedis} from '@keyv/redis'; import {default as KeyvRedis} from '@keyv/redis';
// check if redis is defined // check if redis is defined
const cache: Keyv | null = getCache(); const cache: Keyv | null = getCache();
function getCache(): Keyv | null { function getCache(): Keyv | null {
if(env['CACHE_ENABLED'] !== true) return null; if(env['CACHE_ENABLED'] !== true) return null;
@@ -25,18 +29,35 @@ function getCache(): Keyv | null {
uri = env['REDIS'] uri = env['REDIS']
if(uri == null || uri === '') { if(uri == null || uri === '') {
uri = `redis://${env['REDIS_USERNAME']}:${env['REDIS_PASSWORD']}@${env['REDIS_HOST']}:${env['REDIS_PORT']}`; uri = `redis://${env['REDIS_USERNAME'] || '' }:${env['REDIS_PASSWORD'] || ''}@${env['REDIS_HOST']}:${env['REDIS_PORT'] || '6379'} /${env['REDIS_JWT_DB'] || '2'}`;
} }
store = new KeyvRedis(uri); try {
store = new KeyvRedis(uri);
} catch(e) {
throw new Error("CACHE: could not connect to database: " + e)
}
} }
return new Keyv(uri, { try {
namespace: namespace, const keyv = new Keyv(uri, {
ttl, namespace: namespace,
store: store ttl,
}); store: store
});
keyv.on('error', (err) => {
throw new Error("CACHE: could not connect: " + err)
});
return keyv
} catch(e) {
throw new Error("CACHE: could not connect to database: " + e)
}
} }
export function CacheEnabled(): boolean { export function CacheEnabled(): boolean {

2
src/external-jwt/config/config.ts
View File

@@ -33,6 +33,8 @@ const allowedEnvironmentVars = [
'REDIS_PORT', 'REDIS_PORT',
'REDIS_USERNAME', 'REDIS_USERNAME',
'REDIS_PASSWORD', 'REDIS_PASSWORD',
'REDIS_PASSWORD_FILE',
'REDIS_JWT_DB',
// auth // auth
'AUTH_PROVIDERS', 'AUTH_PROVIDERS',
'AUTH_.+_DRIVER', 'AUTH_.+_DRIVER',