chore(SLB-453): publisher oauth updates (#1589)

* chore(SLB-453): add oauth configuration

* chore(SLB-453): protect history routes with auth

* fix(SLB-453): use the default access token expiration time

* chore(SLB-453): set the session to 12h

Author: colorfield

packages/npm/@amazeelabs/publisher/publisher.config.ts

@@ -12,6 +12,22 @@ export default defineConfig({
     username: 'test',
     password: 'test',
   },
+  // When several authentication methods are configured,
+  // oAuth2 takes precedence.
+  oAuth2: {
+    clientId: process.env.OAUTH2_CLIENT_ID || 'publisher',
+    clientSecret: process.env.OAUTH2_CLIENT_SECRET || 'publisher',
+    // Applies for ResourceOwnerPassword only.
+    scope: process.env.OAUTH2_SCOPE || 'publisher',
+    tokenHost: process.env.OAUTH2_TOKEN_HOST || 'http://127.0.0.1:8888',
+    tokenPath: process.env.OAUTH2_TOKEN_PATH || '/oauth/token',
+    authorizePath:
+      process.env.OAUTH2_AUTHORIZE_PATH ||
+      '/oauth/authorize?response_type=code',
+    sessionSecret: process.env.OAUTH2_SESSION_SECRET || 'banana',
+    environmentType: process.env.OAUTH2_ENVIRONMENT_TYPE || 'development',
+    grantType: 0, // AuthorizationCode
+  },
   mode: 'local',
   commands: {
     clean:

packages/npm/@amazeelabs/publisher/src/server.ts

@@ -137,6 +137,7 @@ const runServer = async (): Promise<HttpTerminator> => {
     ws.on('close', sub.unsubscribe);
   });
 
+  app.use('/___status/history', authMiddleware);
   app.get('/___status/history', async (req, res) => {
     const { Build } = await getDatabase();
     const result = await Build.findAll({
@@ -145,6 +146,7 @@ const runServer = async (): Promise<HttpTerminator> => {
     res.json(result);
   });
 
+  app.use('/___status/history', authMiddleware);
   app.get('/___status/history/:id', async (req, res) => {
     const { Build } = await getDatabase();
     const result = await Build.findByPk(req.params.id);

packages/npm/@amazeelabs/publisher/src/tools/oAuth2.ts

@@ -27,8 +27,7 @@ declare module 'express-session' {
 }
 
 // In seconds
-export const SESSION_MAX_AGE = 300;
-export const ACCESS_TOKEN_EXPIRATION_TIME = 300;
+export const SESSION_MAX_AGE = 60 * 60 * 12;
 
 const ENCRYPTION_KEY =
   process.env.ENCRYPTION_KEY || crypto.randomBytes(32).toString('hex');
@@ -319,7 +318,7 @@ export const isAuthenticated = async (req: Request): Promise<boolean> => {
   let result = false;
   let accessToken = getPersistedAccessToken(req);
   if (accessToken) {
-    if (!accessToken.expired(ACCESS_TOKEN_EXPIRATION_TIME)) {
+    if (!accessToken.expired()) {
       result = true;
     } else {
       try {