feat(roadmap): Allow signin with GitLab to show confidential issues

fix #3

Author: nprail

app.js

@@ -5,6 +5,9 @@ const app = express()
 // setup express app
 require('./config/express')(app)
 
+// setup passport
+require('./config/passport')(app)
+
 app.use('/', require('./routes')())
 
 // setup error handlers

app.json

@@ -25,6 +25,28 @@
       "description": "ID of GitLab issue board",
       "required": true
     },
+    "GL_RM_INT_CONFIG_GL_APP": {
+      "description": "Enable login with GitLab?",
+      "value":"false",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_GL_CLIENT_ID": {
+      "description": "GitLab application client ID",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_GL_CLIENT_SECRET": {
+      "description": "GitLab application client secret",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_BASE_URL": {
+      "description": "Base url of the roadmap",
+      "required": false
+    },
+    "GL_RM_INT_CONFIG_COOKIE_SECRET": {
+      "description": "Random secret for cookies",
+      "generator":"secret",
+      "required": false
+    },
     "GL_RM_CONFIG_THEME": {
       "description": "Bootstrap CSS theme",
       "value": "https://bootswatch.com/4/materia/bootstrap.min.css",

config.example.yml

@@ -3,6 +3,11 @@ internal-config:
   url: https://gitlab.com # gitlab instance address
   project-id: filiosoft/roadmap # can be ID or path
   board-id: 49 # issue board ID
+  gl-app: true # enable login with GitLab?
+  gl-client-id: f135d8df73f083f632d877ffa4d5252e953255de5bd78458cbe994dbb92cc9a9 # gitlab application client id
+  gl-client-secret: 51ca773af0789f1c6afe1a8a118364cace26fa06a511227acfa9f5de0c83da13 # gitlab application client secret
+  base-url: https://roadmap.filiosoft.com # base url of roadmap
+  cookie-secret: change-me # random secret
 config:
   theme: https://bootswatch.com/4/materia/bootstrap.min.css # boostrap theme
   domain: roadmap.filiosoft.com # domain to deploy to

config/config.js

@@ -4,18 +4,22 @@ const getConfig = () => {
   const internalConfig = {}
   const config = {}
 
-  // convert undefined string to actual undefined
-  const convertUndefined = input => {
+  // convert undefined, true, and false string to type
+  const convert = input => {
     if (input === 'undefined') {
       return undefined
+    } else if (input === 'false') {
+      return false
+    } else if (input === 'true') {
+      return true
     }
     return input
   }
 
   const loadConfig = (prefix, object) => {
     for (const key in process.env) {
       if (key.startsWith(prefix)) {
-        const newValue = convertUndefined(process.env[key])
+        const newValue = convert(process.env[key])
         const newKey = key.replace(prefix, '').toLowerCase()
 
         object[newKey] = newValue

config/express.js

@@ -10,6 +10,7 @@ const axios = require('../config/axios')(internalConfig)
 module.exports = async app => {
   // set config globals
   app.locals.config = config
+  app.locals.appEnabled = internalConfig.gl_app
   try {
     const projectResp = await axios.get('/')
     app.locals.project = projectResp.data

config/passport.js

@@ -0,0 +1,77 @@
+const passport = require('passport')
+const GitLabStrategy = require('passport-gitlab2').Strategy
+const cookieSession = require('cookie-session')
+const express = require('express')
+
+const { internalConfig } = require('./config')()
+
+const router = express.Router()
+
+module.exports = app => {
+  // only enable if gl_app var is true
+  if (internalConfig.gl_app) {
+    // cookieSession config
+    app.use(
+      cookieSession({
+        maxAge: 24 * 60 * 60 * 1000, // One day in milliseconds
+        keys: [internalConfig.cookie_secret]
+      })
+    )
+
+    app.use(passport.initialize()) // Used to initialize passport
+    app.use(passport.session()) // Used to persist login sessions
+
+    passport.use(
+      new GitLabStrategy(
+        {
+          clientID: internalConfig.gl_client_id,
+          clientSecret: internalConfig.gl_client_secret,
+          callbackURL: `${internalConfig.base_url}/auth/gitlab/callback`,
+          baseURL: internalConfig.url
+        },
+        (accessToken, refreshToken, profile, cb) => {
+          const user = {
+            id: profile.id,
+            username: profile.username,
+            accessToken
+          }
+          return cb(null, user)
+        }
+      )
+    )
+
+    passport.serializeUser((user, done) => {
+      done(null, user)
+    })
+
+    // Used to decode the received cookie and persist session
+    passport.deserializeUser((user, done) => {
+      done(null, user)
+    })
+
+    // passport.authenticate middleware is used here to authenticate the request
+    router.get(
+      '/gitlab',
+      passport.authenticate('gitlab', {
+        scope: ['api'] // Used to specify the required data
+      })
+    )
+
+    // The middleware receives the data from GitLab and runs the function on Strategy config
+    router.get(
+      '/gitlab/callback',
+      passport.authenticate('gitlab'),
+      (req, res) => {
+        res.redirect('/')
+      }
+    )
+
+    // Logout route
+    router.get('/logout', (req, res) => {
+      req.logout()
+      res.redirect('/')
+    })
+
+    app.use('/auth', router)
+  }
+}

example.env

@@ -3,6 +3,12 @@ GL_RM_INT_CONFIG_URL=https://gitlab.com
 GL_RM_INT_CONFIG_PROJECT_ID=filiosoft/roadmap
 GL_RM_INT_CONFIG_BOARD_ID=49
 
+GL_RM_INT_CONFIG_GL_APP=true
+GL_RM_INT_CONFIG_GL_CLIENT_ID=f135d8df73f083f632d877ffa4d5252e953255de5bd78458cbe994dbb92cc9a9
+GL_RM_INT_CONFIG_GL_CLIENT_SECRET=51ca773af0789f1c6afe1a8a118364cace26fa06a511227acfa9f5de0c83da13
+GL_RM_INT_CONFIG_BASE_URL=https://roadmap.filiosoft.com
+GL_RM_INT_CONFIG_COOKIE_SECRET=YV9k9GO7Y1pt
+
 GL_RM_CONFIG_THEME=https://bootswatch.com/4/materia/bootstrap.min.css
 GL_RM_CONFIG_DOMAIN=roadmap.filiosoft.com
 GL_RM_CONFIG_LINK=https://filiosoft.com