Provides a REST API for user authentication with JWT.
ToDo
- Implement user deletion endpoint
Build with docker build -t auth-provider .. You can also use the prebuild jonasmusall/auth-provider image (just replace the image name auth-provider with jonasmusall/auth-provider in the following commands).
To run the server using Docker, first generate the JWT keys and an empty database:
docker run --rm -v $PWD/certs:/app/package/certs -u $(id -u):$(id -g) auth-provider scripts/keygen-jwt.sh
This creates a
certsfolder in the current directory and mounts it inside of the container running theauth-providerimage you built. Thekeygen-jwt.shscript now generates the JWT keys and places them in that folder so they can be used later when actually running the server.
docker run --rm -v $PWD/db:/app/package/prisma/db -u $(id -u):$(id -g) auth-provider npm run prisma-deploy
Here we tell Docker to create and mount a
dbfolder and runnpm run prisma-deployinside of the container, invoking the Prisma CLI to create an empty database.
The second command can also be used to migrate to a new version of auth-provider where the database schema has changed.
After these setup steps, the server can be started with the following command (specify what IP and port you want it to listen to):
docker run -v $PWD/certs:/app/package/certs -v $PWD/db:/app/package/prisma/db -p [<ip>:]<port>:8889 -u $(id -u):$(id -g) --name auth-provider auth-provider
If you want to configure the server inside of the docker container to change parameters such as the token lifetime, mount a config.json file in the container by adding -v <path to config file>:/app/package/config.json to the flags of the command above. The config.json file may include the following fields:
{
userNameAllowedRegEx: string,
userNameReservedRegEx: string,
tokenLifetime: number // in seconds
}Create a new user.
{
password: string
}User created. No reply body.
Username malformed.
{
statusCode: 400,
error: 'Bad Request',
message: 'Username malformed'
}Username unavailable (already in use, reserved or not allowed).
{
statusCode: 409,
error: 'Conflict',
message: 'Username unavailable'
}Request a JWT for user authentication.
{
password: string
}JWT has been created and signed.
{
token: string,
expiresAt: number
}User not found or password incorrect.
{
statusCode: 404,
error: 'Not Found',
message: 'User not found or password incorrect'
}Change a user's password.
{
password: string,
newPassword: string
}Password has been changed. No reply body.
User not found or password incorrect.
{
statusCode: 404,
error: 'Not Found',
message: 'User not found or password incorrect'
}Delete a user. Not implemented yet.
{ password: string }User has been deleted. No reply body.
User not found or password incorrect.
{ statusCode: 404, error: 'Not Found', message: 'User not found or password incorrect' }
Retrieve the PEM encoded public RSA key used to sign all JWTs.
{
publicKey: string
}