Revert OICD feature

docker-compose.example-nodejs.mongo.yml

@@ -22,7 +22,7 @@ services:
       - $PWD/example/nodejs/cert:/viron/example/nodejs/cert
       - $PWD/packages/nodejs:/viron/packages/nodejs
       - $PWD/packages/linter:/viron/packages/linter
-    command: run dev
+    command: npm run dev
 
   mongo:
     extends:

docker-compose.example-nodejs.mysql.yml

@@ -22,7 +22,7 @@ services:
       - $PWD/example/nodejs/cert:/viron/example/nodejs/cert
       - $PWD/packages/nodejs:/viron/packages/nodejs
       - $PWD/packages/linter:/viron/packages/linter
-    command: run dev
+    command: npm run dev
 
   mysql:
     extends:

example/nodejs/.env.template

@@ -1,13 +1,4 @@
 GOOGLE_OAUTH2_CLIENT_ID=
 GOOGLE_OAUTH2_CLIENT_SECRET=
-GOOGLE_OAUTH2_USER_HOSTED_DOMAINS=
-OIDC_CLIENT_ID=
-OIDC_CLIENT_SECRET=
-OIDC_CLIENT_CONFIGURATION_URL=
-OIDC_USER_HOSTED_DOMAINS=
 AWS_S3_ACCESS_KEY_ID=
 AWS_S3_SECRET_KEY=
-SSL_CERTIFICATE=
-SSL_PRIVATE_KEY=
-SERVICE_ENV=
-MODE=

example/nodejs/docker-compose.mongo.yml

@@ -18,7 +18,7 @@ services:
       - $PWD/package.json:/example/nodejs/package.json
       - $PWD/src:/example/nodejs/src
       - $PWD/cert:/example/nodejs/cert
-    command: run dev
+    command: npm run dev
 
   mongo:
     image: mongo

example/nodejs/docker-compose.mysql.yml

@@ -19,10 +19,10 @@ services:
       - $PWD/package.json:/example/nodejs/package.json
       - $PWD/src:/example/nodejs/src
       - $PWD/cert:/example/nodejs/cert
-    command: run dev
+    command: npm run dev
 
   mysql:
-    image: mysql:8.0
+    image: mysql
     restart: always
     ports:
       - 3306:3306

example/nodejs/package.json

@@ -5,7 +5,7 @@
   "main": "dist/server.js",
   "dependencies": {
     "@aws-sdk/client-s3": "^3.451.0",
-    "@viron/lib": "2.4.0-alpha.0",
+    "@viron/lib": "^2.0.2",
     "accepts": "^1.3.7",
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.5",
@@ -20,7 +20,6 @@
     "multer": "^1.4.3",
     "multer-s3": "^3.0.1",
     "mysql2": "^2.2.5",
-    "openid-client": "^4.7.4",
     "pino": "^7.6.4",
     "pino-http": "^6.6.0",
     "sequelize": "^6.5.0",

example/nodejs/src/config/development.ts

@@ -45,18 +45,7 @@ export const get = (): Config => {
         clientId: process.env.GOOGLE_OAUTH2_CLIENT_ID ?? '',
         clientSecret: process.env.GOOGLE_OAUTH2_CLIENT_SECRET ?? '',
         additionalScopes: [],
-        userHostedDomains: process.env.GOOGLE_OAUTH2_USER_HOSTED_DOMAINS
-          ? process.env.GOOGLE_OAUTH2_USER_HOSTED_DOMAINS.split(',')
-          : [],
-      },
-      oidc: {
-        clientId: process.env.OIDC_CLIENT_ID ?? '',
-        clientSecret: process.env.OIDC_CLIENT_SECRET ?? '',
-        configurationUrl: process.env.OIDC_CLIENT_CONFIGURATION_URL ?? '',
-        additionalScopes: [],
-        userHostedDomains: process.env.OIDC_USER_HOSTED_DOMAINS
-          ? process.env.OIDC_USER_HOSTED_DOMAINS.split(',')
-          : [],
+        userHostedDomains: ['cam-inc.co.jp', 'cyberagent.co.jp'],
       },
     },
     aws: {

example/nodejs/src/config/index.ts

@@ -48,7 +48,6 @@ export interface Config {
   auth: {
     jwt: domainsAuth.JwtConfig;
     googleOAuth2: domainsAuth.GoogleOAuthConfig;
-    oidc: domainsAuth.OidcConfig;
   };
   aws: AWSConfig;
   oas: OasConfig;

example/nodejs/src/config/local.ts

@@ -56,18 +56,7 @@ export const get = (mode: Mode): Config => {
         clientId: process.env.GOOGLE_OAUTH2_CLIENT_ID ?? '',
         clientSecret: process.env.GOOGLE_OAUTH2_CLIENT_SECRET ?? '',
         additionalScopes: [],
-        userHostedDomains: process.env.GOOGLE_OAUTH2_USER_HOSTED_DOMAINS
-          ? process.env.GOOGLE_OAUTH2_USER_HOSTED_DOMAINS.split(',')
-          : [],
-      },
-      oidc: {
-        clientId: process.env.OIDC_CLIENT_ID ?? '',
-        clientSecret: process.env.OIDC_CLIENT_SECRET ?? '',
-        configurationUrl: process.env.OIDC_CLIENT_CONFIGURATION_URL ?? '',
-        additionalScopes: [],
-        userHostedDomains: process.env.OIDC_USER_HOSTED_DOMAINS
-          ? process.env.OIDC_USER_HOSTED_DOMAINS.split(',')
-          : [],
+        userHostedDomains: ['cam-inc.co.jp', 'cyberagent.co.jp'],
       },
     },
     aws: {

example/nodejs/src/config/production.ts

@@ -39,19 +39,10 @@ export const get = (): Config => {
       },
       googleOAuth2: {
         clientId: process.env.GOOGLE_OAUTH2_CLIENT_ID ?? '',
+
         clientSecret: process.env.GOOGLE_OAUTH2_CLIENT_SECRET ?? '',
         additionalScopes: [],
-        userHostedDomains: process.env.GOOGLE_OAUTH2_USER_HOSTED_DOMAINS
-          ? process.env.GOOGLE_OAUTH2_USER_HOSTED_DOMAINS.split(',')
-          : [],
-      },
-      // 本番demoではOIDCのIdpが準備できないので設定なしにする
-      oidc: {
-        clientId: '',
-        clientSecret: '',
-        configurationUrl: '',
-        additionalScopes: [],
-        userHostedDomains: [],
+        userHostedDomains: ['gmail.com', 'cam-inc.co.jp', 'cyberagent.co.jp'],
       },
     },
     aws: {

example/nodejs/src/constants.ts

@@ -2,15 +2,15 @@ export const MODE = {
   MYSQL: 'mysql',
   MONGO: 'mongo',
 } as const;
-export type Mode = (typeof MODE)[keyof typeof MODE];
+export type Mode = typeof MODE[keyof typeof MODE];
 export type StoreType = Mode;
 
 export const SERVICE_ENV = {
   LOCAL: 'local',
   DEVELOPMENT: 'development',
   PRODUCTION: 'production',
 };
-export type ServiceEnv = (typeof SERVICE_ENV)[keyof typeof SERVICE_ENV];
+export type ServiceEnv = typeof SERVICE_ENV[keyof typeof SERVICE_ENV];
 
 export const AUTHENTICATION_RESULT_TYPE = {
   SUCCESS: 'success',

example/nodejs/src/controllers/auth.ts

@@ -2,8 +2,6 @@ import {
   domainsAuth,
   genAuthorizationCookie,
   genOAuthStateCookie,
-  genOidcStateCookie,
-  genOidcCodeVerifierCookie,
   mismatchState,
   COOKIE_KEY,
   HTTP_HEADER,
@@ -30,73 +28,6 @@ export const signinEmail = async (context: RouteContext): Promise<void> => {
   context.res.status(204).end();
 };
 
-// OIDCの認証画面へリダイレクト
-export const oidcAuthorization = async (
-  context: RouteContext
-): Promise<void> => {
-  const { redirectUri } = context.params.query;
-  const state = domainsAuth.genState();
-  const client = await domainsAuth.genOidcClient(
-    ctx.config.auth.oidc,
-    redirectUri
-  );
-
-  // PKCE用のCodeVerifierを生成
-  const codeVerifier = await domainsAuth.genOidcCodeVerifier();
-
-  // OIDC認証画面URLを取得
-  const authorizationUrl = await domainsAuth.getOidcAuthorizationUrl(
-    ctx.config.auth.oidc,
-    client,
-    codeVerifier,
-    state
-  );
-
-  // CookieにOIDCのStateとPKCE用のCodeVerifierをセット
-  const cookies = [
-    genOidcStateCookie(state),
-    genOidcCodeVerifierCookie(codeVerifier),
-  ];
-  context.res.setHeader(HTTP_HEADER.SET_COOKIE, cookies);
-  context.res.setHeader(HTTP_HEADER.LOCATION, authorizationUrl);
-  context.res.status(301).end();
-};
-
-// OIDCのコールバック
-export const oidcCallback = async (context: RouteContext): Promise<void> => {
-  const codeVerifier = context.req.cookies[COOKIE_KEY.OIDC_CODE_VERIFIER];
-  const cookieState = context.req.cookies[COOKIE_KEY.OIDC_STATE];
-  const { state, redirectUri } = context.requestBody;
-
-  if (!codeVerifier || !cookieState || !state || cookieState !== state) {
-    throw mismatchState();
-  }
-
-  // OIDC Clientを取得
-  const client = await domainsAuth.genOidcClient(
-    ctx.config.auth.oidc,
-    redirectUri
-  );
-  const params = client.callbackParams(context.req);
-  const token = await domainsAuth.signinOidc(
-    client,
-    codeVerifier as string,
-    redirectUri,
-    params,
-    ctx.config.auth.oidc
-  );
-  context.res.setHeader(
-    HTTP_HEADER.SET_COOKIE,
-    genAuthorizationCookie(token, {
-      maxAge: ctx.config.auth.jwt.expirationSec,
-    })
-  );
-  context.origRes.clearCookie(COOKIE_KEY.OIDC_STATE);
-  context.origRes.clearCookie(COOKIE_KEY.OIDC_CODE_VERIFIER);
-
-  context.res.status(204).end();
-};
-
 // GoogleOAuth2の認可画面へリダイレクト
 export const oauth2GoogleAuthorization = async (
   context: RouteContext

example/nodejs/src/controllers/authconfigs.ts

@@ -7,11 +7,8 @@ import {
   SIGNOUT_PATH,
   OAUTH2_GOOGLE_AUTHORIZATION_PATH,
   OAUTH2_GOOGLE_CALLBACK_PATH,
-  OIDC_AUTHORIZATION_PATH,
-  OIDC_CALLBACK_PATH,
 } from '@viron/lib';
 import { RouteContext } from '../application';
-import { ctx } from '../context';
 
 const { genAuthConfigs } = domainsAuthConfig;
 
@@ -20,57 +17,30 @@ export const listVironAuthconfigs = async (
   context: RouteContext
 ): Promise<void> => {
   const authConfigDefinitions = [
-    // メール認証は必須
     {
       provider: AUTH_CONFIG_PROVIDER.VIRON,
       type: AUTH_CONFIG_TYPE.EMAIL,
       method: API_METHOD.POST,
       path: EMAIL_SIGNIN_PATH,
     },
-    // サインアウトは必須
+    {
+      provider: AUTH_CONFIG_PROVIDER.GOOGLE,
+      type: AUTH_CONFIG_TYPE.OAUTH,
+      method: API_METHOD.GET,
+      path: OAUTH2_GOOGLE_AUTHORIZATION_PATH,
+    },
+    {
+      provider: AUTH_CONFIG_PROVIDER.GOOGLE,
+      type: AUTH_CONFIG_TYPE.OAUTH_CALLBACK,
+      method: API_METHOD.POST,
+      path: OAUTH2_GOOGLE_CALLBACK_PATH,
+    },
     {
       provider: AUTH_CONFIG_PROVIDER.SIGNOUT,
       type: AUTH_CONFIG_TYPE.SIGNOUT,
       method: API_METHOD.POST,
       path: SIGNOUT_PATH,
     },
-    // Google認証設定がある場合のみ追加
-    ...(ctx.config.auth.googleOAuth2.clientId &&
-    ctx.config.auth.googleOAuth2.clientSecret
-      ? [
-          {
-            provider: AUTH_CONFIG_PROVIDER.GOOGLE,
-            type: AUTH_CONFIG_TYPE.OAUTH,
-            method: API_METHOD.GET,
-            path: OAUTH2_GOOGLE_AUTHORIZATION_PATH,
-          },
-          {
-            provider: AUTH_CONFIG_PROVIDER.GOOGLE,
-            type: AUTH_CONFIG_TYPE.OAUTH_CALLBACK,
-            method: API_METHOD.POST,
-            path: OAUTH2_GOOGLE_CALLBACK_PATH,
-          },
-        ]
-      : []),
-    // OIDC認証設定がある場合のみ追加
-    ...(ctx.config.auth.oidc.clientId &&
-    ctx.config.auth.oidc.clientSecret &&
-    ctx.config.auth.oidc.configurationUrl
-      ? [
-          {
-            provider: AUTH_CONFIG_PROVIDER.OIDC,
-            type: AUTH_CONFIG_TYPE.OIDC,
-            method: API_METHOD.GET,
-            path: OIDC_AUTHORIZATION_PATH,
-          },
-          {
-            provider: AUTH_CONFIG_PROVIDER.OIDC,
-            type: AUTH_CONFIG_TYPE.OIDC_CALLBACK,
-            method: API_METHOD.POST,
-            path: OIDC_CALLBACK_PATH,
-          },
-        ]
-      : []),
   ];
   const result = genAuthConfigs(
     authConfigDefinitions,

example/nodejs/src/infrastructures/mysql/models/index.ts

@@ -5,7 +5,6 @@ import * as articles from './articles';
 import * as items from './items';
 import * as itemDetails from './item_details';
 import * as medias from './medias';
-import { mysql } from '@viron/lib';
 
 export interface MysqlModels {
   [users.name]: users.UserModelStatic;
@@ -14,12 +13,6 @@ export interface MysqlModels {
   [items.name]: items.ItemModelStatic;
   [itemDetails.name]: itemDetails.ItemDetailModelStatic;
   [medias.name]: medias.MediaModelStatic;
-  [mysql.models.adminUsers
-    .name]: mysql.MysqlModels[typeof mysql.models.adminUsers.name];
-  [mysql.models.auditLogs
-    .name]: mysql.MysqlModels[typeof mysql.models.auditLogs.name];
-  [mysql.models.revokedTokens
-    .name]: mysql.MysqlModels[typeof mysql.models.revokedTokens.name];
 }
 
 // Get models
@@ -31,10 +24,6 @@ export const models = (s: Sequelize): MysqlModels => {
     [items.name]: items.createModel(s),
     [itemDetails.name]: itemDetails.createModel(s),
     [medias.name]: medias.createModel(s),
-    [mysql.models.adminUsers.name]: mysql.models.adminUsers.createModel(s),
-    [mysql.models.auditLogs.name]: mysql.models.auditLogs.createModel(s),
-    [mysql.models.revokedTokens.name]:
-      mysql.models.revokedTokens.createModel(s),
   };
 
   mysqlModels[items.name].belongsTo(mysqlModels[itemDetails.name], {

example/nodejs/src/security_handlers/jwt.ts

@@ -89,21 +89,6 @@ export const jwt = async (
           }
           break;
         }
-        case AUTH_TYPE.OIDC: {
-          // OIDC認証の場合はアクセストークンの検証
-          const client = await domainsAuth.genOidcClient(ctx.config.auth.oidc);
-          if (
-            await domainsAuth.verifyOidcAccessToken(
-              client,
-              ctx.config.auth.oidc,
-              userId,
-              user
-            )
-          ) {
-            return authSuccess(user);
-          }
-          break;
-        }
         default:
           return authSuccess(user);
       }