local dev proxy for developing with tls

harrybrwn · Apr 15, 2023 · 168873a · 168873a
1 parent 8f982e4
commit 168873a
Show file tree

Hide file tree

Showing 15 changed files with 111 additions and 96 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -18,3 +18,7 @@ docker-compose*.yml
 
 # macOS-specific files
 .DS_Store
+
+# Certificates
+*.crt
+*.key
diff --git a/.env b/.env
@@ -1,3 +1,3 @@
-PUBLIC_API_HOST=https://api.hrry.local
-PUBLIC_OIDC_URL=https://auth.hrry.local
+PUBLIC_API_HOST=https://api.hrry.me-local
+PUBLIC_OIDC_URL=https://auth.hrry.me-local
 PUBLIC_OIDC_CLIENT_ID="testid"
diff --git a/.gitignore b/.gitignore
@@ -16,3 +16,7 @@ pnpm-debug.log*
 
 # macOS-specific files
 .DS_Store
+
+# Certificates
+*.crt
+*.key
diff --git a/Dockerfile b/Dockerfile
@@ -51,7 +51,7 @@ COPY --from=static-builder /opt/harrybrwn.github.io/dist /
 #
 FROM nginx:${NGINX_VERSION}-alpine as nginx
 COPY --from=static-builder /opt/harrybrwn.github.io/dist /var/www/harrybrwn.github.io
-COPY config/ /etc/nginx/
+COPY config/nginx/ /etc/nginx/
 # Just for lols
 RUN sed -i 's/Server: nginx/Server: butts/g' /usr/sbin/nginx
 ENV NGINX_ENVSUBST_TEMPLATE_SUFFIX=".conf"

diff --git a/astro.config.mjs b/astro.config.mjs
@@ -34,7 +34,7 @@ export default defineConfig({
     syntaxHighlight: "prism",
   },
   server: {
-    port: 80,
+    port: 3000,
   },
   vite: {
     plugins: [ViteYaml()],

diff --git a/config/dev-proxy.conf b/config/dev-proxy.conf
@@ -0,0 +1,22 @@
+map $http_upgrade $connection_upgrade {
+	default upgrade;
+	'' close;
+}
+
+server {
+	server_name _ localhost hrry.local hrry.me-local;
+	listen 80;
+	listen 443 ssl http2;
+	ssl_protocols             TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_certificate           /etc/nginx/certs/hrry.me.crt;
+	ssl_certificate_key       /etc/nginx/certs/hrry.me.key;
+	server_tokens off;
+	location / {
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection $connection_upgrade;
+		proxy_set_header Host $http_host;
+		proxy_pass http://dev:3000;
+	}
+}
diff --git a/config/nginx.conf → config/nginx/nginx.conf b/config/nginx.conf → config/nginx/nginx.conf
diff --git a/config/templates/default.conf → config/nginx/templates/default.conf b/config/templates/default.conf → config/nginx/templates/default.conf
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
@@ -0,0 +1,25 @@
+version: "3.9"
+
+services:
+  dev:
+    networks:
+      - hrry.me
+
+  nginx:
+    networks:
+      - hrry.me
+
+  dev-tls-proxy:
+    image: nginx:1.23.3
+    networks:
+      - hrry.me
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./config/dev-proxy.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./config/certs:/etc/nginx/certs:ro
+
+networks:
+  hrry.me:
+    external: true
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -11,8 +11,6 @@ services:
         - NGINX_VERSION=1.23.3
         - GITHUB_REF_NAME=${GITHUB_REF_NAME:-main}
         - GITHUB_SHA=${GITHUB_SHA:-}
-    networks:
-      - hrry.me
     ports:
       - "80:80"
       - "443:443"
@@ -31,8 +29,6 @@ services:
       context: .
       target: dev
     command: ["yarn", "dev", "--host"]
-    networks:
-      - hrry.me
     working_dir: /opt/harrybrwn.github.io
     volumes:
       - .:/opt/harrybrwn.github.io
@@ -42,7 +38,3 @@ services:
     user: 1000:1000
     ports:
       - "3000:3000"
-
-networks:
-  hrry.me:
-    external: true
diff --git a/package.json b/package.json
@@ -20,7 +20,8 @@
     "dev:server": "node scripts/generate.js && ASTRO_OUTPUT=server astro dev",
     "build:server": "scripts/build-server.sh",
     "preview:server": "ASTRO_OUTPUT=server astro preview",
-    "container": "docker container run --rm -it -p 3000:3000 -e PORT=3000 --name astro-server harrybrwn/harrybrwn.github.io-server:latest"
+    "container": "docker container run --rm -it -p 3000:3000 -e PORT=3000 --name astro-server harrybrwn/harrybrwn.github.io-server:latest",
+    "image": "docker buildx bake -f docker-bake.hcl"
   },
   "workspaces": [
     "./packages/astro/*",

diff --git a/src/lib/api/oidc.ts b/src/lib/api/oidc.ts
@@ -1,5 +1,3 @@
-import { load_pkce, delete_pkce } from "./pkce";
-
 export interface OAuth2Token {
   access_token: string;
   expires_in: number;
@@ -45,49 +43,3 @@ export const consent = async (challenge: string): Promise<RedirectTarget> => {
     body: JSON.stringify({ consent_challenge: challenge }),
   }).then((res: Response) => res.json());
 };
-
-export const getOIDCToken = (
-  code: string,
-  oidc_url: string,
-  clientId: string
-) => {
-  let pkce = load_pkce();
-  if (pkce == null) {
-    return Promise.reject(new Error("failed to load pkce state"));
-  }
-  let u = new URL("/oauth2/token", oidc_url);
-  let req = {
-    code: code,
-    grant_type: "authorization_code",
-    client_id: clientId,
-    code_verifier: pkce.verifier,
-  };
-  return (
-    fetch(u.toString(), {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: new URLSearchParams(req),
-    })
-      // parse the token and handle errors
-      .then(async (res: Response) => {
-        if (!res.ok) {
-          try {
-            const message = await res.json();
-            return Promise.reject(new Error(message.error_description));
-          } catch (e) {
-            return Promise.reject(new Error(res.statusText));
-          }
-        }
-        return res.json();
-      })
-      // Save token to localStorage and return it
-      .then((token: OAuth2Token) => {
-        let raw = JSON.stringify(token);
-        localStorage.setItem("oidc_token", raw);
-        delete_pkce();
-        return token;
-      })
-  );
-};
diff --git a/src/lib/keyboard-shortcuts.ts b/src/lib/keyboard-shortcuts.ts
@@ -17,7 +17,7 @@ export const listener = (themer: () => void, help: Modal | null): Listener => {
         // TODO make this into a modal instead of a redirect.
         if (!ev.ctrlKey && !ev.shiftKey) {
           ev.preventDefault();
-          window.location.href = "/login";
+          window.location.href = "/login/";
         }
         break;
       case "?":

diff --git a/src/modified.json b/src/modified.json
@@ -11,7 +11,7 @@
     "2023-01-11T04:58:30.000Z"
   ],
   "content/Free Will.md": [
-    "2023-04-06T14:53:08.274Z"
+    "2023-04-14T03:30:38.022Z"
   ],
   "content/GPG.md": [
     "2023-01-12T18:21:03.000Z"

diff --git a/src/pages/login.astro b/src/pages/login.astro
@@ -37,7 +37,7 @@ import Loading from "~/components/Loading.astro";
 <script>
   import { isEmail } from "~/lib/email";
   import { Client } from "~/lib/api";
-  import { consent, getOIDCToken, type RedirectTarget } from "~/lib/api/oidc";
+  import { consent, type RedirectTarget } from "~/lib/api/oidc";
 
   const handleError = (err: Error, parent?: HTMLElement) => {
     console.error(err);
@@ -50,6 +50,8 @@ import Loading from "~/components/Loading.astro";
       parent.appendChild(error);
     }
   };
+  const sleep = (ms: number) =>
+    new Promise((resolve) => setTimeout(resolve, ms));
 
   const getCookie = (name: string) => {
     const value = `; ${document.cookie}`;
@@ -81,7 +83,21 @@ import Loading from "~/components/Loading.astro";
     credsBox.style.visibility = "hidden";
   }
 
-  if (consent_challenge) {
+  if (authToken !== null && login_challenge) {
+    api
+      .login({ login_challenge })
+      .then(async (res: RedirectTarget) => {
+        if (!res.redirect_to) {
+          throw new Error("no redirect target");
+        }
+        await sleep(1000);
+        window.location.href = res.redirect_to;
+      })
+      .catch((err: Error) => {
+        handleError(err, form);
+        form.reset();
+      });
+  } else if (consent_challenge) {
     consent(consent_challenge)
       .then((res: RedirectTarget) => {
         window.location.href = res.redirect_to;
@@ -90,38 +106,37 @@ import Loading from "~/components/Loading.astro";
         handleError(err, form);
         form.reset();
       });
-  } else {
-    form.addEventListener("submit", (e: SubmitEvent) => {
-      e.preventDefault();
-      let d = new FormData(e.target as HTMLFormElement);
-      let ident = d.get("identifier") as string;
-      let req = {
-        password: d.get("password") as string,
-        email: "",
-        username: "",
-        login_challenge: null,
-      };
-      if (isEmail(ident)) {
-        req.email = ident;
-      } else {
-        req.username = ident;
-      }
-      api
-        .login(req)
-        .then((blob: RedirectTarget) => {
-          console.log(blob);
-          if (blob.redirect_to) {
-            window.location.href = blob.redirect_to;
-          } else {
-            window.location.pathname = "/";
-          }
-        })
-        .catch((err: Error) => {
-          handleError(err, form);
-          form.reset();
-        });
-    });
   }
+
+  form.addEventListener("submit", (e: SubmitEvent) => {
+    e.preventDefault();
+    let d = new FormData(e.target as HTMLFormElement);
+    let ident = d.get("identifier") as string;
+    let req = {
+      password: d.get("password") as string,
+      email: "",
+      username: "",
+      login_challenge: null,
+    };
+    if (isEmail(ident)) {
+      req.email = ident;
+    } else {
+      req.username = ident;
+    }
+    api
+      .login(req)
+      .then((blob: RedirectTarget) => {
+        if (blob.redirect_to) {
+          window.location.href = blob.redirect_to;
+        } else {
+          window.location.pathname = "/";
+        }
+      })
+      .catch((err: Error) => {
+        handleError(err, form);
+        form.reset();
+      });
+  });
 </script>
 
 <style is:global>