-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
✨ Introduce a serverless token auth proxy, fixes #20
We're using a serverless approach to GitHub GraphQL API authentication thanks to a Cloud Function. It acts as a proxy to the API handling the Personal Access Token on the server side. The serverless function should be configured with `GITHUB_GRAPHQL_API_URL` and `GITHUB_PAT` and is deployed using Terraform. The serverless function is currently deployed to: https://us-east1-gitpop3.cloudfunctions.net/gitpop3-graphql
- Loading branch information
1 parent
1673510
commit c3234e8
Showing
21 changed files
with
1,433 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,10 @@ | ||
# the base64 encoded Personal Access Token | ||
# https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token | ||
# echo $PAT | base64 | ||
REACT_APP_GITHUB_PAT=<base64_encoded_personal_access_token> | ||
## React environment variables (loaded automatically) | ||
# the GraphQL endpoint that handles the Personal Access Token before forwarding to the GitHub GraphQL API | ||
REACT_APP_GRAPHQL_ENDPOINT=https://us-east1-gitpop3.cloudfunctions.net/gitpop3-graphql | ||
## Cloud Function environment variables (must be manually sourced) | ||
# CORS header | ||
ALLOWED_ORIGINS=http://localhost:3000,https://andremiras.github.io | ||
# the API we proxy to | ||
GITHUB_GRAPHQL_API_URL=https://api.github.com/graphql | ||
# the Personal Access Token with the `public_repo` scope | ||
GITHUB_PAT= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
SHELL=/bin/bash | ||
|
||
|
||
devops/terraform/fmt: | ||
terraform -chdir=terraform fmt -recursive -diff | ||
|
||
devops/terraform/init: | ||
terraform -chdir=terraform init | ||
|
||
devops/terraform/plan: | ||
terraform -chdir=terraform plan | ||
|
||
devops/terraform/apply: | ||
terraform -chdir=terraform apply -auto-approve | ||
|
||
devops/terraform/output: | ||
terraform -chdir=terraform output | ||
|
||
lint/terraform: | ||
terraform -chdir=terraform fmt -recursive -check -diff | ||
|
||
lint/node: | ||
yarn lint | ||
|
||
lint: lint/node lint/terraform | ||
|
||
format/node: | ||
yarn format | ||
|
||
format/terraform: devops/terraform/fmt | ||
|
||
format: format/node format/terraform |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Serverless function | ||
|
||
We're using a serverless approach to GitHub GraphQL API authentication thanks to a Cloud Function. | ||
It acts as a proxy to the API handling the Personal Access Token on the server side. | ||
|
||
## Configuration | ||
|
||
It requires the following environment variables to be setup | ||
|
||
- `ALLOWED_ORIGINS` | ||
- `GITHUB_GRAPHQL_API_URL` | ||
- `GITHUB_PAT` | ||
|
||
## Run | ||
|
||
To run locally, build and run with: | ||
|
||
``` | ||
npx tsc | ||
source .env | ||
npx functions-framework --target=main | ||
``` | ||
|
||
## Deployment | ||
|
||
The Cloud Function is deployed using Terraform from the project root directory. | ||
|
||
```sh | ||
make devops/terraform/apply | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{ | ||
"name": "gitpop3-graphql", | ||
"version": "1.0.0", | ||
"description": "A GitHub GraphQL API proxy to handle PAT token authentication server side.", | ||
"main": "build/index.js", | ||
"scripts": { | ||
"start": "npx functions-framework --target=main" | ||
}, | ||
"author": "", | ||
"dependencies": {}, | ||
"devDependencies": { | ||
"@google-cloud/functions-framework": "^3.3.0" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
import { Request, Response } from "express"; | ||
import { HttpFunction } from "@google-cloud/functions-framework"; | ||
|
||
/** | ||
* Sets CORS headers on the response based on the request's origin. | ||
* Allows only origins specified in the allowedOrigins array. | ||
* | ||
* @param {Request} req - The incoming request object. | ||
* @param {Response} res - The outgoing response object. | ||
* @param {string[]} allowedOrigins - A list of allowed origins for CORS. | ||
*/ | ||
const setCors = (req: Request, res: Response, allowedOrigins: string[]) => { | ||
const origin = req.headers.origin; | ||
if (origin && allowedOrigins.includes(origin)) { | ||
res.setHeader("Access-Control-Allow-Origin", origin); | ||
} | ||
res.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS"); | ||
res.set("Access-Control-Allow-Headers", "Content-Type"); | ||
}; | ||
|
||
/** | ||
* Main function for handling incoming HTTP requests. | ||
* Forwards the request to the GitHub GraphQL API with appropriate authorization. | ||
* | ||
* @param {Request} req - The incoming request object. | ||
* @param {Response} res - The outgoing response object. | ||
*/ | ||
const main: HttpFunction = async (req: Request, res: Response) => { | ||
const githubApiUrl = process.env.GITHUB_GRAPHQL_API_URL; | ||
const githubPat = process.env.GITHUB_PAT; | ||
const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(",") || []; | ||
if (!githubApiUrl || !githubPat) { | ||
res.status(500).send("GitHub API URL or PAT is not configured."); | ||
return; | ||
} | ||
setCors(req, res, allowedOrigins); | ||
try { | ||
const response = await fetch(githubApiUrl, { | ||
method: "POST", | ||
headers: { | ||
Authorization: `Bearer ${githubPat}`, | ||
"Content-Type": "application/json", | ||
}, | ||
body: JSON.stringify(req.body), | ||
}); | ||
const data = await response.text(); | ||
res.status(response.status).send(data); | ||
} catch (error) { | ||
console.error("Error forwarding request to GitHub:", error); | ||
res.status(500).send("Error forwarding request to GitHub."); | ||
} | ||
}; | ||
|
||
export { main }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export { main } from "./controller"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"compilerOptions": { | ||
"module": "commonjs", | ||
"target": "es6", | ||
"esModuleInterop": true, | ||
"moduleResolution": "node", | ||
"declaration": true, | ||
"outDir": "./build", | ||
"strict": true, | ||
"noUnusedLocals": true, | ||
"noUnusedParameters": true, | ||
"skipLibCheck": true, | ||
"preserveConstEnums": true | ||
}, | ||
"include": ["src/**/*"] | ||
} |
Oops, something went wrong.