reearth · yk-eukarya · May 30, 2023 · May 29, 2023 · May 29, 2023 · May 30, 2023
@@ -17,6 +17,11 @@ REEARTH_AUTH0_CLIENTID=
 REEARTH_AUTH0_CLIENTSECRET=
 REEARTH_AUTH0_WEBCLIENTID=
 
+# AWS cognito
+REEARTH_COGNITO_REGION=
+REEARTH_COGNITO_USERPOOLID=
+REEARTH_COGNITO_CLIENTID=
+
 # Auth client
 #REEARTH_AUTH_ISS=https://hoge.com
 #REEARTH_AUTH_AUD=https://api.reearth.example.com

@@ -5,13 +5,14 @@ import (
 	"testing"
 
 	"github.com/reearth/reearth/server/internal/app"
+	"github.com/reearth/reearth/server/internal/app/config"
 	"github.com/reearth/reearth/server/pkg/dataset"
 )
 
 func TestDatasetExport(t *testing.T) {
 	e := StartServer(t, &app.Config{
 		Origins: []string{"https://example.com"},
-		AuthSrv: app.AuthSrvConfig{
+		AuthSrv: config.AuthSrvConfig{
 			Disabled: true,
 		},
 	}, true, baseSeeder)

@@ -5,12 +5,13 @@ import (
 	"testing"
 
 	"github.com/reearth/reearth/server/internal/app"
+	"github.com/reearth/reearth/server/internal/app/config"
 )
 
 func TestMe(t *testing.T) {
 	e := StartServer(t, &app.Config{
 		Origins: []string{"https://example.com"},
-		AuthSrv: app.AuthSrvConfig{
+		AuthSrv: config.AuthSrvConfig{
 			Disabled: true,
 		},
 	},

@@ -5,12 +5,13 @@ import (
 	"testing"
 
 	"github.com/reearth/reearth/server/internal/app"
+	"github.com/reearth/reearth/server/internal/app/config"
 )
 
 func TestCreateProject(t *testing.T) {
 	e := StartServer(t, &app.Config{
 		Origins: []string{"https://example.com"},
-		AuthSrv: app.AuthSrvConfig{
+		AuthSrv: config.AuthSrvConfig{
 			Disabled: true,
 		},
 	},

@@ -5,12 +5,13 @@ import (
 	"testing"
 
 	"github.com/reearth/reearth/server/internal/app"
+	"github.com/reearth/reearth/server/internal/app/config"
 )
 
 func TestPingAPI(t *testing.T) {
 	e := StartServer(t, &app.Config{
 		Origins: []string{"https://example.com"},
-		AuthSrv: app.AuthSrvConfig{
+		AuthSrv: config.AuthSrvConfig{
 			Disabled: true,
 		},
 	}, false, nil)

@@ -53,8 +53,8 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
 
 	e.Use(
 		jwtEchoMiddleware(cfg),
-		parseJwtMiddleware(),
-		authMiddleware(cfg),
+		loadAuthInfoMiddleware(),
+		attachOpMiddleware(cfg),
 	)
 
 	// enable pprof
@@ -100,11 +100,11 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
 
 	// apis
 	api := e.Group("/api")
-	api.GET("/ping", Ping(), private)
+	api.GET("/ping", Ping(), privateCache)
 	api.GET("/published/:name", PublishedMetadata())
 	api.GET("/published_data/:name", PublishedData("", true))
 
-	apiPrivate := api.Group("", private)
+	apiPrivate := api.Group("", privateCache)
 	apiPrivate.POST("/graphql", GraphqlAPI(cfg.Config.GraphQL, gqldev))
 	apiPrivate.GET("/layers/:param", ExportLayer(), AuthRequiredMiddleware())
 	apiPrivate.GET("/datasets/:datasetSchemaId", http2.ExportDataset(), AuthRequiredMiddleware())
@@ -196,7 +196,7 @@ func errorMessage(err error, log func(string, ...interface{})) (int, string) {
 	return code, msg
 }
 
-func private(next echo.HandlerFunc) echo.HandlerFunc {
+func privateCache(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		c.Response().Header().Set(echo.HeaderCacheControl, "private, no-store, no-cache, must-revalidate")
 		return next(c)

@@ -13,7 +13,10 @@ import (
 	"github.com/reearth/reearthx/util"
 )
 
-func authMiddleware(cfg *ServerConfig) echo.MiddlewareFunc {
+// load user from db and attach it to context along with operator
+// user id can be from debug header or jwt token
+// if its new user, create new user and attach it to context
+func attachOpMiddleware(cfg *ServerConfig) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
 			req := c.Request()
@@ -31,8 +34,8 @@ func authMiddleware(cfg *ServerConfig) echo.MiddlewareFunc {
 			// debug mode
 			if cfg.Debug {
 				if userID := c.Request().Header.Get(debugUserHeader); userID != "" {
-					if id, err := id.UserIDFrom(userID); err == nil {
-						user2, err := cfg.Repos.User.FindByID(ctx, id)
+					if uId, err := id.UserIDFrom(userID); err == nil {
+						user2, err := cfg.Repos.User.FindByID(ctx, uId)
 						if err == nil && user2 != nil {
 							u = user2
 						}

@@ -5,19 +5,18 @@ import (
 	"errors"
 
 	"github.com/labstack/echo/v4"
+	"github.com/reearth/reearth/server/internal/app/config"
 	"github.com/reearth/reearth/server/internal/usecase/repo"
-	"github.com/reearth/reearth/server/pkg/config"
+	authconfig "github.com/reearth/reearth/server/pkg/config"
 	"github.com/reearth/reearth/server/pkg/user"
 	"github.com/reearth/reearthx/authserver"
 	"github.com/reearth/reearthx/rerror"
 	"github.com/zitadel/oidc/pkg/oidc"
 )
 
-const authServerDefaultClientID = "reearth-authsrv-client-default"
-
 var ErrInvalidEmailORPassword = errors.New("wrong email or password")
 
-func authServer(ctx context.Context, e *echo.Echo, cfg *AuthSrvConfig, repos *repo.Container) {
+func authServer(ctx context.Context, e *echo.Echo, cfg *config.AuthSrvConfig, repos *repo.Container) {
 	if cfg.Disabled {
 		return
 	}
@@ -26,7 +25,7 @@ func authServer(ctx context.Context, e *echo.Echo, cfg *AuthSrvConfig, repos *re
 		Issuer:          cfg.Issuer,
 		URL:             cfg.DomainURL(),
 		WebURL:          cfg.UIDomainURL(),
-		DefaultClientID: authServerDefaultClientID,
+		DefaultClientID: config.AuthServerDefaultClientID,
 		Dev:             cfg.Dev,
 		Key:             cfg.Key,
 		DN:              cfg.DN.AuthServerDNConfig(),
@@ -101,7 +100,7 @@ func (c *authServerConfig) Save(ctx context.Context, cfg *authserver.Config) err
 	if cfg == nil {
 		return nil
 	}
-	return c.Config.SaveAuth(ctx, &config.Auth{
+	return c.Config.SaveAuth(ctx, &authconfig.Auth{
 		Cert: cfg.Cert,
 		Key:  cfg.Key,
 	})

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/labstack/echo/v4"
+	"github.com/reearth/reearth/server/internal/app/config"
 	"github.com/reearth/reearth/server/internal/infrastructure/mongo"
 	"github.com/reearth/reearth/server/internal/usecase/repo"
 	"github.com/reearth/reearth/server/pkg/user"
@@ -55,7 +56,7 @@ func TestEndpoint(t *testing.T) {
 	ts := httptest.NewServer(e)
 	defer ts.Close()
 
-	authServer(ctx, e, &AuthSrvConfig{
+	authServer(ctx, e, &config.AuthSrvConfig{
 		Domain:   "https://example.com",
 		UIDomain: "https://web.example.com",
 	}, &repo.Container{
@@ -68,7 +69,7 @@ func TestEndpoint(t *testing.T) {
 	verifier, challenge := randomCodeChallenge()
 	res := send(http.MethodGet, ts.URL+"/authorize", false, map[string]string{
 		"response_type":         "code",
-		"client_id":             authServerDefaultClientID,
+		"client_id":             config.AuthServerDefaultClientID,
 		"redirect_uri":          "https://web.example.com",
 		"scope":                 "openid email profile",
 		"state":                 "hogestate",
@@ -110,7 +111,7 @@ func TestEndpoint(t *testing.T) {
 	res2 := send(http.MethodPost, ts.URL+"/oauth/token", true, map[string]string{
 		"grant_type":    "authorization_code",
 		"redirect_uri":  "https://web.example.com",
-		"client_id":     authServerDefaultClientID,
+		"client_id":     config.AuthServerDefaultClientID,
 		"code":          code,
 		"code_verifier": verifier,
 	}, nil)