Xavier/clerk integration (#153)

* Set up Clerk * Set up Clerk * Fix some errors apparently * Cleaned up backend * Cleaned up backend * Removed passlink * Renamed middleware * Added codespaces support * Fixed type issues --------- Co-authored-by: “xavilien” <“[email protected]”>
ScottyLabs · May 18, 2024 · affebe8 · affebe8
1 parent 68bcded
commit affebe8
Show file tree

Hide file tree

Showing 27 changed files with 2,560 additions and 1,260 deletions.
diff --git a/backend/src/app.ts b/backend/src/app.ts
@@ -2,28 +2,12 @@ import "dotenv/config";
 import morgan from "morgan";
 import express, { ErrorRequestHandler } from "express";
 import cors from "cors";
-import { generateSigningRequestHandler, KeyStore } from "passlink-server";
 import { isUser } from "./controllers/user.mjs";
 import { getAllCourses, getCourseByID, getCourses, getFilteredCourses } from "./controllers/courses.mjs";
 import { getFCEs } from "./controllers/fces.mjs";
 import { getInstructors } from "./controllers/instructors.mjs";
 
-// because there is a bug in the typing for passlink
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-// @ts-ignore
-KeyStore.readKey(process.env.LOGIN_API_KEY);
-
 const app = express();
-const signingRequestHandler = generateSigningRequestHandler(
-  {
-    redirectUrl: "",
-    restrictDomain: true,
-    applicationId: process.env.LOGIN_API_ID ?? "",
-  },
-  KeyStore.getSecretKey(),
-  true,
-);
-
 const port = process.env.PORT || 3000;
 
 app.use(cors());
@@ -32,10 +16,6 @@ app.use(express.urlencoded({ extended: true }));
 app.use(express.json());
 app.use(morgan("dev"));
 
-app.get("/signingrequest", (req, res) => {
-  signingRequestHandler(req, res);
-});
-
 app.route("/course/:courseID").get(getCourseByID);
 app.route("/courses").get(getCourses);
 app.route("/courses").post(isUser, getCourses);

diff --git a/backend/src/controllers/user.mts b/backend/src/controllers/user.mts
@@ -1,34 +1,27 @@
 import * as jose from "jose";
-import axios from "axios";
-import cron from "node-cron";
 import { NextFunction, Request, Response } from "express";
 
-let JWT_PUBKEY: jose.KeyLike | undefined;
-
-async function fetchLoginKey() {
-  const pubkey = (await axios.get("https://login.scottylabs.org/login/pubkey")).data;
-
-  JWT_PUBKEY = await jose.importSPKI(pubkey, "RS256");
-  return JWT_PUBKEY;
-}
-
-if (!JWT_PUBKEY) fetchLoginKey();
-
-async function getLoginKey(): Promise<jose.KeyLike> {
-  return JWT_PUBKEY ?? (await fetchLoginKey());
-}
+const verifyUserToken = async (token: string) => {
+  const pubkey = process.env.CLERK_PEM_KEY || "";
 
-cron.schedule("0 0 * * *", fetchLoginKey);
+  const JWT_PUBKEY = await jose.importSPKI(pubkey, "RS256");
 
-const verifyUserToken = async (token: string) => {
-  const { payload } = await jose.jwtVerify(token, await getLoginKey(), {
+  const { payload } = await jose.jwtVerify(token, JWT_PUBKEY, {
     algorithms: ["RS256"]
   });
 
+  const currentTime = Math.floor(Date.now() / 1000);
+  const BACKEND_ENV = process.env.BACKEND_ENV || "dev";
+  const CLERK_LOGIN_HOST = process.env.CLERK_LOGIN_HOST || "http://localhost:3010";
+
   if (!payload) {
     throw "No token present. Did you forget to pass in the token with the API call?";
-  } else if (payload.applicationId !== process.env.LOGIN_API_ID || !payload.email) {
-    throw "Bad token";
+  } else if (payload.exp && payload.exp < currentTime) {
+    throw "Token has expired.";
+  } else if (payload.nbf && payload.nbf > currentTime) {
+    throw "Token is not valid yet.";
+  } else if (BACKEND_ENV === "prod" && payload.azp && payload.azp !== CLERK_LOGIN_HOST) {
+    throw "Token is not valid for this host.";
   }
 };
 

diff --git a/frontend/next-env.d.ts b/frontend/next-env.d.ts
@@ -1,5 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
+/// <reference types="next/navigation-types/compat/navigation" />
 
 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/basic-features/typescript for more information.
diff --git a/frontend/next.config.js b/frontend/next.config.js
@@ -1,14 +1,15 @@
 require("dotenv").config({ path: "../.env" });
-const withTM = require("next-transpile-modules")(["passlink"]);
 const { PHASE_DEVELOPMENT_SERVER } = require("next/constants");
 
-module.exports = (phase, defaultConfig) =>
-  withTM({
+module.exports = (phase) => {
+  return {
     env: {
       backendUrl:
         process.env.BACKEND_URL ||
+        process.env.CODESPACES && `https://${process.env.CODESPACE_NAME}-3000.app.github.dev` ||
         (phase === PHASE_DEVELOPMENT_SERVER
           ? "http://localhost:3000"
           : "https://course-tool-backend-2kh6wuzobq-uc.a.run.app"),
     },
-  });
+  };
+}