m2m token

.circleci/config.yml

@@ -82,7 +82,7 @@ workflows:
       - "build-dev":
           filters:
             branches:
-              only: [dev, 'feature/notification-email-improvements']
+              only: dev
       - "build-prod":
           filters:
             branches:

README.md

@@ -13,9 +13,8 @@ Configuration for the notification server is at `config/default.js`.
 The following parameters can be set in config files or in env variables:
 - LOG_LEVEL: the log level
 - PORT: the notification server port
-- authSecret: TC auth secret
-- authDomain: TC auth domain
-- validIssuers: TC auth valid issuers
+- AUTH_SECRET: TC auth secret
+- VALID_ISSUERS: TC auth valid issuers
 - jwksUri: TC auth JWKS URI
 - DATABASE_URL: URI to PostgreSQL database
 - DATABASE_OPTIONS: database connection options
@@ -84,9 +83,8 @@ In case it expires, you may get a new token in this way:
 
 ## Local deployment
 - for local development environment you can set variables as following:
-  - `authSecret`, `authDomain`, `validIssuers` can get from [tc-project-service config](https://github.com/topcoder-platform/tc-project-service/blob/dev/config/default.json)
+  - `AUTH_SECRET`,`VALID_ISSUERS` can get from [tc-project-service config](https://github.com/topcoder-platform/tc-project-service/blob/dev/config/default.json)
   - `PORT=4000` because **connect-app** call this port by default
-  - `jwksUri` - any
   - `KAFKA_TOPIC_IGNORE_PREFIX=joan-26673.` (with point at the end)
   - `TC_API_V4_BASE_URL=https://api.topcoder-dev.com/v4`
   - `TC_API_V3_BASE_URL=https://api.topcoder-dev.com/v3`

config/default.js

@@ -5,9 +5,7 @@ module.exports = {
   ENV: process.env.ENV,
   LOG_LEVEL: process.env.LOG_LEVEL,
   PORT: process.env.PORT,
-  authSecret: process.env.authSecret,
-  authDomain: process.env.authDomain,
-  jwksUri: process.env.jwksUri,
+  AUTH_SECRET: process.env.authSecret,
   DATABASE_URL: process.env.DATABASE_URL,
   DATABASE_OPTIONS: {
     dialect: 'postgres',
@@ -21,7 +19,7 @@ module.exports = {
     },
   },
 
-  validIssuers: process.env.validIssuers ? process.env.validIssuers.replace(/\\"/g, '') : null,
+  VALID_ISSUERS: process.env.validIssuers ? process.env.validIssuers.replace(/\\"/g, '') : null,
   KAFKA_URL: process.env.KAFKA_URL,
   KAFKA_TOPIC_IGNORE_PREFIX: process.env.KAFKA_TOPIC_IGNORE_PREFIX,
   KAFKA_GROUP_ID: process.env.KAFKA_GROUP_ID,
@@ -44,4 +42,14 @@ module.exports = {
   ENABLE_DEV_MODE: process.env.ENABLE_DEV_MODE || true,
   DEV_MODE_EMAIL: process.env.DEV_MODE_EMAIL,
   API_CONTEXT_PATH: process.env.API_CONTEXT_PATH || '/v5/notifications',
+
+  // Configuration for generating machine to machine auth0 token.
+  // The token will be used for calling another internal API.
+  AUTH0_URL: process.env.AUTH0_URL,
+  AUTH0_AUDIENCE: process.env.AUTH0_AUDIENCE,
+  // The token will be cached.
+  // We define the time period of the cached token.
+  TOKEN_CACHE_TIME: process.env.TOKEN_CACHE_TIME || 86400000,
+  AUTH0_CLIENT_ID: process.env.AUTH0_CLIENT_ID,
+  AUTH0_CLIENT_SECRET: process.env.AUTH0_CLIENT_SECRET,
 };

connect/config.js

@@ -19,4 +19,5 @@ module.exports = {
 
   // id of the BOT user which creates post with various events in discussions
   TCWEBSERVICE_ID: process.env.TCWEBSERVICE_ID || '22838965',
+
 };

connect/service.js

@@ -2,8 +2,10 @@
  * Service to get data from TopCoder API
  */
 const request = require('superagent');
-const config = require('./config');
+const config = require('config');
 const _ = require('lodash');
+const tcCoreLibAuth = require('tc-core-library-js').auth;
+const m2m = tcCoreLibAuth.m2m(config);
 
 /**
  * Get project details
@@ -68,23 +70,32 @@ const getRoleMembers = (roleId) => request
  */
 const getUsersById = (ids) => {
   const query = _.map(ids, (id) => 'userId:' + id).join(' OR ');
-  return request
-    .get(`${config.TC_API_V3_BASE_URL}/members/_search?fields=userId,email,handle,firstName,lastName&query=${query}`)
-    .set('accept', 'application/json')
-    .set('authorization', `Bearer ${config.TC_ADMIN_TOKEN}`)
-    .then((res) => {
-      if (!_.get(res, 'body.result.success')) {
-        throw new Error(`Failed to get users by id: ${ids}`);
-      }
+  return m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET)
+    .then((token) => {
+      if (!token && config.TC_ADMIN_TOKEN) token = config.TC_ADMIN_TOKEN;
 
-      const users = _.get(res, 'body.result.content');
-      return users;
-    }).catch((err) => {
-      const errorDetails = _.get(err, 'response.body.result.content.message');
-      throw new Error(
-        `Failed to get users by ids: ${ids}.` +
-        (errorDetails ? ' Server response: ' + errorDetails : '')
-      );
+      return request
+      .get(`${config.TC_API_V3_BASE_URL}/members/_search?fields=userId,email,handle,firstName,lastName&query=${query}`)
+      .set('accept', 'application/json')
+      .set('authorization', `Bearer ${token}`)
+      .then((res) => {
+        if (!_.get(res, 'body.result.success')) {
+          throw new Error(`Failed to get users by id: ${ids}`);
+        }
+
+        const users = _.get(res, 'body.result.content');
+        return users;
+      }).catch((err) => {
+        const errorDetails = _.get(err, 'response.body.result.content.message');
+        throw new Error(
+          `Failed to get users by ids: ${ids}.` +
+          (errorDetails ? ' Server response: ' + errorDetails : '')
+        );
+      });
+    })
+    .catch((err) => {
+      err.message = 'Error generating m2m token: ' + err.message;
+      throw err;
     });
 };
 
@@ -97,24 +108,32 @@ const getUsersById = (ids) => {
  */
 const getUsersByHandle = (handles) => {
   const query = _.map(handles, (handle) => 'handle:' + handle).join(' OR ');
-  return request
-    .get(`${config.TC_API_V3_BASE_URL}/members/_search?fields=userId,handle,firstName,lastName&query=${query}`)
-    .set('accept', 'application/json')
-    .set('authorization', `Bearer ${config.TC_ADMIN_TOKEN}`)
-    .then((res) => {
-      if (!_.get(res, 'body.result.success')) {
-        throw new Error(`Failed to get users by handle: ${handles}`);
-      }
+  return m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET)
+    .then((token) => {
+      if (!token && config.TC_ADMIN_TOKEN) token = config.TC_ADMIN_TOKEN;
 
-      const users = _.get(res, 'body.result.content');
+      return request
+      .get(`${config.TC_API_V3_BASE_URL}/members/_search?fields=userId,handle,firstName,lastName&query=${query}`)
+      .set('accept', 'application/json')
+      .set('authorization', `Bearer ${token}`)
+      .then((res) => {
+        if (!_.get(res, 'body.result.success')) {
+          throw new Error(`Failed to get users by handle: ${handles}`);
+        }
+        const users = _.get(res, 'body.result.content');
 
-      return users;
-    }).catch((err) => {
-      const errorDetails = _.get(err, 'response.body.result.content.message');
-      throw new Error(
-        `Failed to get users by handles: ${handles}.` +
-        (errorDetails ? ' Server response: ' + errorDetails : '')
-      );
+        return users;
+      }).catch((err) => {
+        const errorDetails = _.get(err, 'response.body.result.content.message');
+        throw new Error(
+          `Failed to get users by handles: ${handles}.` +
+          (errorDetails ? ' Server response: ' + errorDetails : '')
+        );
+      });
+    })
+    .catch((err) => {
+      err.message = 'Error generating m2m token: ' + err.message;
+      throw err;
     });
 };