Heroku deploy (NangoHQ#29)

* fix: set all params required to deploy to heroku

* fix: package script

* chore: upgrade db packages

* fix: no heroku env

* fix: build does not faild due to env

* chore: remove procfile

* chore: revert procfile

* Procfile

* fix: debug heroku deploy

* fix: link to secure instance

.envrc.example

@@ -1,8 +1,4 @@
-export AUTH_CALLBACK_URL="http://localhost:8080/auth/callback"
-export AUTH_VHOST=YOUR_AUTH_HOST
-export PROXY_VHOST=YOUR_PROXY_HOST
-export COOKIE_SECRET="CHANGE_ME"
-
+###############################################################################
 #
 # Secure your instance
 #
@@ -20,4 +16,18 @@ export PUBLISHABLE_KEY=""
 #    FALSE by default to allow request with a publishable key or a secret key.
 #    Set to TRUE to only allow access having a valid secret key.
 #
-export PROXY_USES_SECRET_KEY_ONLY=false
+export PROXY_USES_SECRET_KEY_ONLY=false
+#
+# 4. Replace the default cookie secret to an unguessable string
+#    Learn more: https://github.com/expressjs/cookie-session
+#
+export COOKIE_SECRET="CHANGE_ME"
+#
+###############################################################################
+# 
+# Other options
+#
+# - Uncomment to set the callback URL used for the OAuth dance.
+#   Otherwise, Pizzly will use the req.hostname.
+#
+# export AUTH_CALLBACK_URL="http://example.org/auth/callback"

Procfile

@@ -1,2 +1,2 @@
-release: yarn run:migrations --env=production
-web: yarn start -p $PORT
+release: yarn run migrations --env=production
+web: yarn start -p $PORT

README.md

@@ -84,7 +84,7 @@ You will need Node.js and PostgreSQL installed first. Read our [getting started]
 
 Deploy it to Heroku and test it.
 
-[![Deploy to Heroku](https://www.herokucdn.com/deploy/button.png)](https://heroku.com/deploy?template=https://github.com/Bearer/Pizzly)
+[![Deploy to Heroku](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/Bearer/Pizzly)
 
 Once deployed, go to the heroku application and connect to an API.
 

app.json

@@ -6,14 +6,40 @@
   "keywords": ["OAuth", "node"],
   "addons": ["heroku-postgresql:hobby-dev"],
   "env": {
-    "HOSTNAME": {
-      "description": "",
-      "required": true
+    "DASHBOARD_USER": {
+      "description": "The username to protect access to your Pizzly's dashboard.",
+      "default": "",
+      "required": false
+    },
+    "DASHBOARD_PASSWORD": {
+      "description": "The password to protect access to your Pizzly's dashboard.",
+      "default": "",
+      "required": false
+    },
+    "SECRET_KEY": {
+      "description": "An unguessable string used to authenticate server-to-server requests.",
+      "default": "",
+      "required": false
+    },
+    "PUBLISHABLE_KEY": {
+      "description": "An unguessable string used to authenticate frontend-to-server requests.",
+      "default": "",
+      "required": false
     },
     "COOKIE_SECRET": {
-      "description": "",
+      "description": "An unguessable string to sign and verify cookie session.",
       "default": "cookie_secret",
       "required": false
+    },
+    "PROXY_USES_SECRET_KEY_ONLY": {
+      "description": "Advanced - Restrict access to the proxy service with a secret key only.",
+      "default": "false",
+      "required": false
+    },
+    "AUTH_CALLBACK_URL": {
+      "description": "Advanced - Force which authentication URL to use.",
+      "default": "",
+      "required": false
     }
   }
 }

package.json

@@ -7,7 +7,7 @@
   "main": "dist/src/index.js",
   "types": "src/types.d.ts",
   "scripts": {
-    "prepare": "npm run migrations && npm run build",
+    "prepare": "npm run build && npm run migrations",
     "build": "rimraf dist/ && tsc -p tsconfig.json",
     "start": "node dist/src",
     "migrations": "knex --cwd dist/config migrate:latest",
@@ -30,15 +30,15 @@
     "express-session": "^1.15.6",
     "js-cookie": "^2.2.0",
     "jsonwebtoken": "^8.5.1",
-    "knex": "^0.20.13",
+    "knex": "^0.21.1",
     "lodash.at": "^4.6.0",
     "lodash.omit": "^4.5.0",
     "lodash.pick": "^4.4.0",
     "merge": "^1.2.1",
     "oauth": "^0.9.15",
     "passport": "^0.4.0",
     "passport-oauth1": "^1.1.0",
-    "pg": "^8.0.2",
+    "pg": "^8.0.3",
     "simple-oauth2": "^3.0.0",
     "uuid": "^7.0.3"
   },
@@ -67,8 +67,6 @@
     "cz-conventional-changelog": "^2.1.0",
     "file-loader": "^3.0.1",
     "html-loader": "^1.1.0",
-    "html-webpack-inline-source-plugin": "^0.0.10",
-    "html-webpack-plugin": "^3.2.0",
     "jest": "^23.6.0",
     "jest-localstorage-mock": "^2.2.0",
     "lint-staged": "^8.1.0",

src/index.ts

@@ -2,8 +2,7 @@ import express from 'express'
 import * as routes from './routes'
 
 export const BUID = 'bearerUid' // TODO - What is this for?
-export const PORT = process.env.port || 8080
-export const AUTH_CALLBACK_URL = process.env.AUTH_CALLBACK_URL || `http://localhost:${PORT}/auth/callback`
+export const PORT = process.env.PORT || 8080
 
 const app = express()
 

src/legacy/auth/v3/strategies/oauth1.ts

@@ -13,7 +13,6 @@ import {
   OAuth1SignatureMethod
 } from '../types'
 import { AuthenticationFailed, InvalidAuthId } from '../errors'
-import { AUTH_CALLBACK_URL } from '../../../../../src/'
 // import { getSetupDetails, getAuth, TOAuth1Payload } from '../../../clients/integrations'
 import { checkSetupIdConsistency } from './setup-id-consistency'
 
@@ -79,6 +78,7 @@ class Strategy extends OAuth1Strategy {
 }
 
 const strategyOptions = (req: TAuthenticateRequest) => {
+  const callbackURL = process.env.AUTH_CALLBACK_URL || `${req.protocol}://${req.get('host')}/auth/callback`
   const { consumerKey, consumerSecret } = req.setupDetails
   const {
     requestTokenURL,
@@ -98,8 +98,7 @@ const strategyOptions = (req: TAuthenticateRequest) => {
     userAuthorizationURL,
     authorizationParams,
     signatureMethod,
-    callbackURL: AUTH_CALLBACK_URL,
-    customHeaders: { 'User-Agent': 'Bearer' }
+    callbackURL
   }
 }
 

src/legacy/auth/v3/strategies/oauth2/auth-code.ts

@@ -1,13 +1,13 @@
 import { NextFunction, Response } from 'express'
 
 import { TAuthenticateRequest } from '../../types'
-import { AUTH_CALLBACK_URL } from '../../../../../../src'
 import { getCodeRedirectURL, getTokenWithCode } from '../../../clients/oauth2'
 import { asyncMiddleware } from '../../../../errorHandler'
 import { responseToCredentials } from './common'
 import { AuthenticationFailed } from '../../errors'
 
 export const authenticate = asyncMiddleware(async (req: TAuthenticateRequest, res: Response, next: NextFunction) => {
+  const callbackURL = process.env.AUTH_CALLBACK_URL || `${req.protocol}://${req.get('host')}/auth/callback`
   const {
     credentials: { clientId, clientSecret },
     scopes = []
@@ -36,7 +36,7 @@ export const authenticate = asyncMiddleware(async (req: TAuthenticateRequest, re
       code,
       tokenParams,
       tokenURL,
-      callbackURL: AUTH_CALLBACK_URL
+      callbackURL
     })
 
     // console.log('tokenResult', tokenResult)
@@ -57,7 +57,7 @@ export const authenticate = asyncMiddleware(async (req: TAuthenticateRequest, re
     clientId,
     state,
     scope: scopes || config!.scope || [],
-    callbackURL: AUTH_CALLBACK_URL
+    callbackURL
   })
 
   res.redirect(redirectURL)

views/home.ejs

@@ -23,7 +23,9 @@
             <li>
               <p>Settings:</p>
               <a class="button button-primary" href="/dashboard">Open dashboard</a>
-              <a class="button button-primary" href="/dashboard/settings">Secure your instance</a>
+              <a class="button button-primary" href="https://github.com/Bearer/Pizzly/wiki/Secure-your-instance"
+                >Secure your instance</a
+              >
             </li>
           </ul>
         </nav>