diff --git a/demo/deps.edn b/demo/deps.edn index e71d61a..c44bd72 100644 --- a/demo/deps.edn +++ b/demo/deps.edn @@ -8,24 +8,14 @@ org.pinkgorilla/oauth2 {:local/root "../" :deps/manifest :deps} nrepl/nrepl {:mvn/version "1.2.0"}} - :aliases {:webly {:exec-fn webly.app.app/webly-build - :exec-args {:config [{}] - :profile "npm-install"}} - - :npm-install {:exec-args {:profile "npm-install"}} - :compile {:exec-args {:profile "compile"}} - :release {:exec-args {:profile "release"}} - :release-adv {:exec-args {:profile "release-adv"}} - :static {:exec-args {:profile "static"}} - :ci {:exec-args {:profile "ci"}} - - :run {:exec-fn modular.system/start! - :exec-args {:profile "jetty" + :aliases {:npm-install {:exec-fn webly.app.app/webly-build + :exec-args {:config [{}] + :profile "npm-install"}} + :demo {:exec-fn modular.system/start! + :exec-args {:profile "watch" :config ["/home/florian/repo/myLinux/myvault/goldly/oauth2-localhost.edn" ; oauth2 secrets - ] - :services "demo-services.edn"}} - - } + "demo-config.edn"] + :services "demo-services.edn"}}} ; } \ No newline at end of file diff --git a/demo/resources/demo-config.edn b/demo/resources/demo-config.edn new file mode 100644 index 0000000..8dca1db --- /dev/null +++ b/demo/resources/demo-config.edn @@ -0,0 +1,18 @@ +{:timbre/clj {:min-level [[#{"org.apache.http.*" + "org.eclipse.aether.*" + "org.eclipse.jetty.*" + "modular.oauth2.*" + "modular.oauth2.token.refresh.*" + "modular.ws.*" + "webly.web.*" + "goldly.ws-connect.*" + "goldly.cljs.discover.*" + "goldly.run.cljs-load.*" + "goldly.run.cljs-load" + "goldly.run.ws-connect"} :warn] ; webserver stuff - warn only + ; [#{"modular.ws.*"} :debug] + [#{"modular.persist.*"} :warn] + [#{"goldly.service.core"} :warn] ; goldly services - less logging + [#{"*"} :info]] ; default -> info + :appenders {:default {:type :console-color}}}} + diff --git a/deps.edn b/deps.edn index 8d8dd92..4e806f9 100644 --- a/deps.edn +++ b/deps.edn @@ -4,8 +4,6 @@ {org.clojure/clojure {:mvn/version "1.11.1"} funcool/promesa {:mvn/version "11.0.674"} ; needs to match version in ui-repl tick/tick {:mvn/version "0.6.2"} - - ;nano-id/nano-id {:mvn/version "1.0.0"} ; nano id ;; web-ui deps reagent/reagent {:mvn/version "1.1.1"} ; https://github.com/reagent-project/reagent com.cemerick/url {:mvn/version "0.1.1"} ; url query-strings diff --git a/src/token/util/ajax.clj b/src-unused/ajax.clj similarity index 100% rename from src/token/util/ajax.clj rename to src-unused/ajax.clj diff --git a/src/token/oauth2/provider/woo.clj b/src-unused/woo.clj similarity index 100% rename from src/token/oauth2/provider/woo.clj rename to src-unused/woo.clj diff --git a/src/token/identity/dialog.cljs b/src/token/identity/dialog.cljs index b857bc6..52ea91d 100644 --- a/src/token/identity/dialog.cljs +++ b/src/token/identity/dialog.cljs @@ -16,12 +16,12 @@ (let [r-p (local/get-token username password)] (-> r-p (p/then (fn [{:keys [user token] :as usermap}] - (println "login local token success! user: " user " token: " token) + (info "login local token success! user: " user " token: " token) (show-notification :info [:span.bg-blue-300.inline "logged in successfully"] 1000) (user/set-user! usermap) (dialog-close))) (p/catch (fn [err] - (println "login local error: " err) + (error "login local error: " err) (show-notification :error [:span.bg-red-300.inline "login error!"] 1000) (dialog-close)))))) @@ -35,19 +35,19 @@ :title (str "login via " provider)})] (-> r-p (p/then (fn [token] - (println "login oauth2 token success! token: " token) + (info "login oauth2 token success! token: " token) (show-notification :info [:span.bg-blue-300.inline "logged in successfully"] 1000) (let [user-p (oidc/login provider token)] (-> user-p (p/then (fn [usermap] - (println "oauth2 login success: " usermap) + (info "oauth2 login success: " usermap) (user/set-user! usermap) (dialog-close))) (p/catch (fn [login-err] - (println "oauth2 login error: " login-err) + (error "oauth2 login error: " login-err) (dialog-close))))))) (p/catch (fn [err] - (println "login local error: " err) + (error "login oidc error: " err) (show-notification :error [:span.bg-red-300.inline "login error!"] 1000) (dialog-close)))))) diff --git a/src/token/identity/local.clj b/src/token/identity/local.clj index b025db7..82acbe2 100644 --- a/src/token/identity/local.clj +++ b/src/token/identity/local.clj @@ -30,6 +30,7 @@ (codecs/bytes->hex))) (defn create-claim [{:keys [secret] :as this} claim] + (info "creating claim: " claim " secret: " secret) (let [token (jwt/sign claim secret)] (assoc claim :token token))) @@ -37,7 +38,7 @@ (let [user-kw (keyword user-name) password-hashed (pwd-hash user-password) user (get-user permission user-kw)] - (println "get-token user: " user-name " user-kw: " user-kw " user-details: " user) + (info "get-token user: " user-name " user-kw: " user-kw " user-details: " user) (cond ; user unknown (not user) @@ -56,11 +57,12 @@ :email (:email user)})))) (defn verify-token [{:keys [secret] :as this} token] - (println "verifying token: " token) + (info "verifying token: " token " secret: " secret) (try (-> (jwt/unsign token secret) (update :user keyword)) - (catch Exception _ + (catch Exception ex + (error "verify-token exception: " ex) {:error :bad-token :error-message "Bad Token"}))) @@ -68,7 +70,9 @@ [{:keys [permission secret] :as this} token] (info "login/local: token: " token " session: " *session*) (let [{:keys [user error] :as r} (verify-token this token)] - (info "login/local: result: " r) + (if error + (taoensso.timbre/error "login/local error: " error " token: " token) + (info "login/local: result: " r)) (when user (set-user! permission *session* user)) r)) @@ -97,7 +101,7 @@ ; (clj-jwt/unsign ; "https://identity.xero.com/.well-known/openid-configuration/jwks" ;"eyJhbGciOiJSUzI1NiIsImtpZCI6IjFDQUY4RTY2NzcyRDZEQzAyOEQ2NzI2RkQwMjYxNTgxNTcwRUZDMTkiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJISy1PWm5jdGJjQW8xbkp2MENZVmdWY09fQmsifQ.eyJuYmYiOjE2NDE1NjcwOTksImV4cCI6MTY0MTU2ODg5OSwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS54ZXJvLmNvbSIsImF1ZCI6Imh0dHBzOi8vaWRlbnRpdHkueGVyby5jb20vcmVzb3VyY2VzIiwiY2xpZW50X2lkIjoiMUQ0RTUxQzMyNDA1NDUxQ0JCQTMyQzExMjkwOUE3QjgiLCJzdWIiOiJkODZhNTIyMThiODk1MDFiODE0ZmIyMDY1YjU5NzNlMSIsImF1dGhfdGltZSI6MTY0MTU2NjQ3OSwieGVyb191c2VyaWQiOiIzYzczNjBjMC02MTk1LTQ2MmQtYjkxMy03NmNlOWM2NmNiYjgiLCJnbG9iYWxfc2Vzc2lvbl9pZCI6IjZjYjZhZjRkNTQ4ZDQ3NDZhZTZjMTNjNWJjOThlOWFmIiwianRpIjoiZTM2Y2NkYzdlMjViOGVlMDFhM2U3YzBkNDAwZDk2OWIiLCJhdXRoZW50aWNhdGlvbl9ldmVudF9pZCI6IjA4ZTg2ZTdiLTZkMjctNDQxMS05MTFiLTY0YjJmMWQ1NzhjMCIsInNjb3BlIjpbImVtYWlsIiwicHJvZmlsZSIsIm9wZW5pZCIsImFjY291bnRpbmcucmVwb3J0cy5yZWFkIiwiYWNjb3VudGluZy5zZXR0aW5ncyIsImFjY291bnRpbmcuYXR0YWNobWVudHMiLCJhY2NvdW50aW5nLnRyYW5zYWN0aW9ucyIsImFjY291bnRpbmcuam91cm5hbHMucmVhZCIsImFjY291bnRpbmcudHJhbnNhY3Rpb25zLnJlYWQiLCJhY2NvdW50aW5nLmNvbnRhY3RzIiwib2ZmbGluZV9hY2Nlc3MiXX0.t9c33xsXXqAfxC8JOyTRPG8b-QrLzqkxIItenXyul3kaSulzue281jed1wFyIpBefDq_xNUfFt4SfrMMyplOxThjQMyYktweyftijfMfnHwa4ZlGJaArdNOFNNzm2XOhdlyjFsVpWrAsMdhb8U9LyZjtagePE90VWyF47N3733tsDj9IBMKOUTg0HVEzyHqR0b-yRXE7KraM9KB3A_-CmuKBjT9JfExfFD8K17vS5T94cHW36EAy1UwWS2NZcFai_nh838Yi4sT1x7HCC3rOJlH8-S-GdmgPXpY5enrJ3nvwhca9bSXQKrnxktubDZeKVV3M1Mfhp5Gr-44Jkzu5Ww") - + ; ) diff --git a/src/token/identity/local.cljs b/src/token/identity/local.cljs index e4f6991..c4c7a97 100644 --- a/src/token/identity/local.cljs +++ b/src/token/identity/local.cljs @@ -1,12 +1,13 @@ (ns token.identity.local (:require + [taoensso.timbre :refer-macros [info error]] [promesa.core :as p] [goldly.service.core :refer [clj]])) (defn get-token "returns a promise with the token or an error" [user password] - (println "local get-token user: " user "password: " password) + (info "local get-token user: " user "password: " password) (let [r-p (p/deferred) data-p (clj 'token.identity.local/get-token user password)] (-> data-p @@ -15,21 +16,21 @@ (p/reject! r-p error-message) (p/resolve! r-p token)))) (p/catch (fn [err] - (println "get-token error: " err) + (error "get-token error: " err) (p/reject! r-p err)))) r-p)) (defn login "input: the result of get-token (or the saved token in localstorage)" [user] - (println "login (local) user: " user) + (info "login (local) user: " user) (let [r-p (p/deferred) data-p (clj 'token.identity.local/login user)] (-> data-p (p/then (fn [{:keys [error error-message] :as result}] - (println "local login success: " result) + (info "local login success: " result) (p/resolve! r-p result))) (p/catch (fn [err] - (println "local login error: " err) + (error "local login error: " err) (p/reject! r-p err)))) r-p)) diff --git a/src/token/identity/oidc.clj b/src/token/identity/oidc.clj index bd89325..ddd58d3 100644 --- a/src/token/identity/oidc.clj +++ b/src/token/identity/oidc.clj @@ -26,10 +26,10 @@ (defn validate-token [jwt jwks alg] (try - (warn "validate token: " jwt " jwks: " jwks " alg: " alg) + ;(warn "validate token: " jwt " jwks: " jwks " alg: " alg) (util/validate-jwt jwt jwks alg) (catch Exception ex - (timbre/error "token validate exception: " ex) + (timbre/error "oidc token validate exception: " ex) false))) (defn login @@ -37,11 +37,11 @@ (info "login/oauth2-oidc: token: " token " session: " *session*) (let [;email (user-email token) jwks-url (provider/oauth2-jwks-uri {:provider provider}) - _ (info "getting jwks for provider: " provider " url: " jwks-url) + ;_ (info "getting jwks for provider: " provider " url: " jwks-url) jwks (util/get-jwks jwks-url) alg {:alg :rs256} jwt (util/token->id-jwt token) - _ (info "jwt token (access token): " jwt) + ;_ (info "jwt token (access token): " jwt) {:keys [error email] :as validation-response} (validate-token jwt jwks alg)] (info "login/oauth2-oidc:validation-response: " validation-response) (if email diff --git a/src/token/identity/oidc.cljs b/src/token/identity/oidc.cljs index bc781b9..fd2c689 100644 --- a/src/token/identity/oidc.cljs +++ b/src/token/identity/oidc.cljs @@ -1,19 +1,20 @@ (ns token.identity.oidc (:require + [taoensso.timbre :refer-macros [info error]] [promesa.core :as p] [goldly.service.core :refer [clj]])) (defn login "input: the result of get-token (or the saved token in localstorage)" [provider token] - (println "login (oidc) provider:" provider " token: " token) + (info "login (oidc) provider:" provider " token: " token) (let [r-p (p/deferred) data-p (clj 'token.identity.oidc/login {:provider provider :token token})] (-> data-p (p/then (fn [{:keys [error error-message] :as result}] - (println "local oidc success: " result) + (info "local oidc success: " result) (p/resolve! r-p result))) (p/catch (fn [err] - (println "local oidc error: " err) + (error "local oidc error: " err) (p/reject! r-p err)))) r-p)) diff --git a/src/token/identity/oidc/util.clj b/src/token/identity/oidc/util.clj index 9e4a91f..49638a9 100644 --- a/src/token/identity/oidc/util.clj +++ b/src/token/identity/oidc/util.clj @@ -64,9 +64,9 @@ (let [decoded-jwt (decode-jwt jwt) pem (build-pem jwks decoded-jwt) public-key (keys/jwk->public-key pem)] - (info "decoded jwt: " decoded-jwt) - (info "pem: " pem) - (info "public-key: " public-key) + ;(info "decoded jwt: " decoded-jwt) + ;(info "pem: " pem) + ;(info "public-key: " public-key) (when (keys/public-key? public-key) (jwt/unsign jwt public-key alg))) (catch Exception e diff --git a/src/token/identity/service.clj b/src/token/identity/service.clj index 12cde11..9a8f6f7 100644 --- a/src/token/identity/service.clj +++ b/src/token/identity/service.clj @@ -4,10 +4,8 @@ [token.identity.oidc :refer [start-oidc-identity]])) (defn start-identity-service [{:keys [permission clj secret]}] - {:local (start-local-identity - {:permission permission - :clj clj - :secret secret}) - :oidc (start-oidc-identity - {:permission permission - :clj clj})}) \ No newline at end of file + (let [this {:permission permission + :clj clj + :secret secret}] + {:local (start-local-identity this) + :oidc (start-oidc-identity this)})) \ No newline at end of file diff --git a/src/token/identity/user.cljs b/src/token/identity/user.cljs index 11d6ce3..cf3e944 100644 --- a/src/token/identity/user.cljs +++ b/src/token/identity/user.cljs @@ -1,21 +1,21 @@ (ns token.identity.user (:require - [taoensso.timbre :refer-macros [info error]] + [cljs.reader :refer [read-string]] + [taoensso.timbre :refer-macros [info warn error]] [reagent.core :as r] - [token.identity.local :as local] - [cljs.reader :refer [read-string]])) + [token.identity.local :as local])) ;; LocalStorage Helpers -(defn ls-set! [k v] +(defn- ls-set! [k v] (.setItem js/localStorage (pr-str k) (pr-str v))) -(defn ls-get [k] +(defn- ls-get [k] (when-let [s (.getItem js/localStorage (pr-str k))] (read-string s))) -(defn ls-remove! [k] - (.removeItem js/localStorage k)) +(defn- ls-remove! [k] + (.removeItem js/localStorage (pr-str k))) (defonce user-key "oauth2-user") @@ -42,4 +42,7 @@ (info "initializing user ..") (when-let [usermap (ls-get user-key)] (info "user loaded from localstorage: " usermap) - (reset! user-a usermap))) \ No newline at end of file + (reset! user-a usermap))) + + + diff --git a/src/token/oauth2/core.clj b/src/token/oauth2/core.clj index 007b16e..1048370 100644 --- a/src/token/oauth2/core.clj +++ b/src/token/oauth2/core.clj @@ -14,24 +14,28 @@ [token.oauth2.store :refer [load-token save-token]] [token.oauth2.token :refer [sanitize-token access-token-needs-refresh?]])) -(defn assert-provider [[id p]] - (assert (keyword? id) "oauth2 provider key needs to be a keyword") +(defn assert-provider [v] + (let [[id p] v] + (assert (keyword? id) (str "oauth2 provider key needs to be a keyword id: " id)) (assert (map? p) "oauth2 provider needs to be a map") (assert (:client-id p) "oauth2 provider needs :client-id key") (assert (:client-secret p) "oauth2 provider needs :client-secret key") - (assert (:token-prefix p) "oauth2 provider needs :token-prefix key") (assert (string? (:client-id p)) "oauth2 provider needs :client-id with type string") - (assert (string? (:client-secret p)) "oauth2 provider needs :client-secret with type string") - (assert (string? (:token-prefix p)) "oauth2 provider needs :token-prefix with type string")) + (assert (string? (:client-secret p)) "oauth2 provider needs :client-secret with type string"))) (defn assert-providers [ps] (assert (map? ps) "oauth2 providers needs to be a map") - ;(doall (map assert-provider ps)) - ) + (doall (map assert-provider ps))) (defn start-oauth2-providers [{:keys [clj _store providers] :as this}] (info "starting oauth2-provider service..") - (assert-providers providers) + (try + (assert-providers providers) + (catch AssertionError ex + (info "assert error: " ex ) + (info "providers config: " providers) + (throw (ex-info "oauth2 provider-config error!" {:ex ex})))) + (info "starting oauth2-provider service.. provider config ok.") (expose-functions clj {:name "token-oauth2" @@ -40,7 +44,7 @@ :permission nil :fixed-args [this]}) (info "oauth2-provider service running..") - this) + nil) (defn get-provider-client-id [{:keys [providers] :as this} p] (get-in providers [p :client-id])) diff --git a/src/token/oauth2/service.clj b/src/token/oauth2/service.clj index def916e..9cf05ea 100644 --- a/src/token/oauth2/service.clj +++ b/src/token/oauth2/service.clj @@ -6,11 +6,10 @@ (defn start-oauth2-service [{:keys [clj providers store-path store-role]}] (let [store (create-store {:clj clj :store-path store-path - :store-role store-role}) - providers (start-oauth2-providers - {:clj clj - :store store - :providers providers})] + :store-role store-role})] + (start-oauth2-providers {:clj clj + :store store + :providers providers}) {:store store :providers providers}))