diff --git a/README.md b/README.md index 3e65f59..42f2662 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,14 @@ SWISSOID_JWKS_URI=https://api.swissoid.com/.well-known/jwks.json SWISSOID_TOKEN_ENDPOINT=https://api.swissoid.com/token SWISSOID_AUTHORIZE_ENDPOINT=https://api.swissoid.com/authorize +# CORS +CORS_ALLOWED_ORIGIN=https://app.playchoo.com +CORS_CREDENTIALS=true +CORS_METHODS=GET,POST,OPTIONS +CORS_HEADERS=Content-Type,Authorization,Apollo-Require-Preflight,X-Requested-With,X-CSRF-Token +CORS_MAX_AGE=86400 +SKIP_CORS=false + # Traefik / Deployment REVERSE_DOMAIN=playchoo-auth APPLICATION_DOMAIN_NAME=auth.playchoo.com diff --git a/docker-compose.yml b/docker-compose.yml index 293c7da..e29f419 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,11 @@ services: APP_PORT: ${APP_PORT:-3700} APPLICATION_NAME: ${APPLICATION_NAME:-Playchoo Auth} CORS_ALLOWED_ORIGIN: ${CORS_ALLOWED_ORIGIN} + CORS_CREDENTIALS: ${CORS_CREDENTIALS} + CORS_METHODS: ${CORS_METHODS} + CORS_HEADERS: ${CORS_HEADERS} + CORS_MAX_AGE: ${CORS_MAX_AGE} + SKIP_CORS: ${SKIP_CORS} SWISSOID_CLIENT_ID: ${SWISSOID_CLIENT_ID} SWISSOID_CLIENT_SECRET: ${SWISSOID_CLIENT_SECRET} SWISSOID_ISSUER: ${SWISSOID_ISSUER} @@ -26,8 +31,13 @@ services: OIDC_REDIRECT_BASE_URL: ${OIDC_REDIRECT_BASE_URL} RP_FRONTEND_URL: ${RP_FRONTEND_URL} RP_COOKIE_DOMAIN: ${RP_COOKIE_DOMAIN} + COOKIE_DOMAIN: ${COOKIE_DOMAIN} POST_LOGIN_PATH: ${POST_LOGIN_PATH:-/dashboard} ALLOW_CONTINUE_PARAM: ${ALLOW_CONTINUE_PARAM:-true} + TRUST_PROXY: ${TRUST_PROXY} + HEALTH_CHECK_PATH: ${HEALTH_CHECK_PATH} + HEALTH_CHECK_RESPONSE: ${HEALTH_CHECK_RESPONSE} + SECURE_COOKIES: ${SECURE_COOKIES} LOGGER_LOG: ${LOGGER_LOG:-1} LOGGER_DEBUG: ${LOGGER_DEBUG:-0} labels: diff --git a/src/config/appConfigMap.ts b/src/config/appConfigMap.ts deleted file mode 100644 index c3634a1..0000000 --- a/src/config/appConfigMap.ts +++ /dev/null @@ -1,36 +0,0 @@ -import { isMeantToBeTrue, UnknownEnv } from 'swiss-army-knifey'; - -type Env = UnknownEnv & { - APPLICATION_NAME?: string; - APP_PORT?: string; - NODE_ENV?: string; - CORS_ALLOWED_ORIGIN?: string; - CORS_CREDENTIALS?: string; - COOKIE_DOMAIN?: string; - SECURE_COOKIES?: string; - TRUST_PROXY?: string; -}; - -const appConfigMap = (env: Env) => ({ - applicationName: env.APPLICATION_NAME || 'Playchoo Auth', - serverPort: (env.APP_PORT !== undefined && parseInt(env.APP_PORT, 10)) || 3700, - nodeEnv: env.NODE_ENV || 'development', - - corsAllowedOrigin: env.CORS_ALLOWED_ORIGIN || 'http://localhost:3000', - corsCredentials: - env.CORS_CREDENTIALS !== undefined - ? isMeantToBeTrue(env.CORS_CREDENTIALS) - : true, - - cookieDomain: env.COOKIE_DOMAIN, - secureCookies: - env.SECURE_COOKIES !== undefined - ? isMeantToBeTrue(env.SECURE_COOKIES) - : env.NODE_ENV === 'production', - - trustProxy: env.TRUST_PROXY || '1', - healthCheckPath: '/healthz', - healthCheckResponse: 'ok', -}); - -export default appConfigMap; diff --git a/src/index.ts b/src/index.ts index 6cf34cc..13b0809 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,30 +1,11 @@ import 'dotenv/config'; -import DiContainer from 'di-why/build/src/DiContainer'; -import appConfigMap from './config/appConfigMap'; -import { loadDict } from './loaders'; - -async function bootstrap() { - console.log('[Bootstrap] Starting Playchoo Auth Service...'); - - // Create DI container with all loaders - const diContainer = new DiContainer({ - load: { - ...loadDict, - // Override appConfig with our custom config - appConfig: { - factory: () => appConfigMap(process.env), - locateDeps: {}, - }, - }, - }); - - // Start the Express server (includes all middleware, OIDC routes, health checks) - await diContainer.load('expressLauncher'); - - console.log('[Bootstrap] Playchoo Auth Service started successfully'); -} - -bootstrap().catch((error) => { - console.error('[Bootstrap] Failed to start Playchoo Auth Service:', error); - process.exit(1); -}); +import di from './loaders'; + +(async () => { + try { + await di.load('expressLauncher'); + } catch (err) { + console.error('Failed to launch Express', err); + process.exit(1); + } +})(); \ No newline at end of file diff --git a/src/loaders/index.ts b/src/loaders/index.ts index 69c780d..9723699 100644 --- a/src/loaders/index.ts +++ b/src/loaders/index.ts @@ -1,10 +1,12 @@ -import { mergeLDs } from 'di-why'; -import expressLoadDict, { - EXPRESS_MIDDLEWARE, - buildMiddlewareConfig, -} from 'express-knifey'; -import type { MiddlewareConfig, MiddlewarePathConfig } from 'express-knifey'; -import { swissoidAuthLoadDict } from 'swissoid-back'; +import DiContainer, { + AppConfigNamespace, + LoadDict, + addMergeableConfigMap, + mergeLDs, +} from 'di-why'; +import expressLoadDict, { EXPRESS_MIDDLEWARE, buildMiddlewareConfig } from 'express-knifey'; +import type { MiddlewarePathConfig } from 'express-knifey'; +import { swissoidAuthLoadDict, SWISSOID_MIDDLEWARE } from 'swissoid-back'; const middlewareConfig: MiddlewarePathConfig = buildMiddlewareConfig([ { @@ -15,6 +17,7 @@ const middlewareConfig: MiddlewarePathConfig = buildMiddlewareConfig([ EXPRESS_MIDDLEWARE.cookieParser, EXPRESS_MIDDLEWARE.bodyParser, EXPRESS_MIDDLEWARE.urlencoded, + SWISSOID_MIDDLEWARE.oidcStandardRoutes, ], }, { @@ -23,23 +26,12 @@ const middlewareConfig: MiddlewarePathConfig = buildMiddlewareConfig([ }, ]); -const globalPath = '*'; -const enhancedGlobal: MiddlewareConfig[] = [ - ...(middlewareConfig[globalPath] ?? []), - { name: 'oidcStandardRoutesMiddleware', priority: 60 }, -]; - -middlewareConfig[globalPath] = enhancedGlobal; - -export const loadDict = mergeLDs( +export const loadDict: LoadDict = mergeLDs( expressLoadDict, swissoidAuthLoadDict, - { - middlewareConfig: { - factory: () => middlewareConfig, - locateDeps: {}, - }, - } + { middlewareConfig: { instance: middlewareConfig } }, ); -export default loadDict; +const diContainer = new DiContainer({ load: loadDict }); + +export default diContainer;