Initial commit

.dockerignore

@@ -0,0 +1,18 @@
+.kpt-pipeline/
+charts/
+skaffold.yaml
+README.md
+.git/
+node_modules/
+.drone.yml
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+*.kpt-pipeline

.gitignore

@@ -0,0 +1,23 @@
+.DS_Store
+node_modules
+/dist
+
+
+# local env files
+.env.local
+.env.*.local
+
+# Log files
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Editor directories and files
+.idea
+.vscode
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

Dockerfile

@@ -0,0 +1,21 @@
+FROM node AS dev
+
+# define /app as working directory
+WORKDIR /app
+
+# copy package.json and package-lock.json to /app
+COPY package.json /app
+COPY package-lock.json /app
+
+# install node dependencies
+RUN npm install
+COPY . /app
+
+# launch node server
+ENTRYPOINT npm run dev
+
+# production
+# we will not use npm in production as it wants to write on the container filesystem. this should be prohibited on production. however, we need to allow it while developing.
+FROM dev AS prod
+RUN npm install --production
+ENTRYPOINT node app.js

app.js

@@ -0,0 +1,42 @@
+import express from 'express'
+import {Issuer, generators} from 'openid-client'
+import bodyParser from 'body-parser'
+
+async function run() {
+    const app = express();
+    app.use(bodyParser.urlencoded());
+    app.use(bodyParser.json())
+
+    const issuer = await Issuer.discover('https://gateway-gab7y.codemowers.ee/');
+    console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata);
+
+    const client = new issuer.Client({
+        client_id: 'foo',
+        redirect_uris: ['https://client-gab7y.codemowers.ee/cb'],
+        response_types: ['id_token'],
+        // id_token_signed_response_alg (default "RS256")
+    })
+    const nonce = generators.nonce();
+
+    app.get('/', async function (req, res) {
+        let url = client.authorizationUrl({
+            redirect_uri: 'https://client-gab7y.codemowers.ee/cb',
+            scope: 'openid',
+            response_mode: 'form_post',
+            nonce,
+        });
+
+        res.redirect(url);
+    });
+    app.post('/cb', async function (req, res) {
+        const params = client.callbackParams(req);
+        const tokenSet = await client.callback('https://client-gab7y.codemowers.ee/ok', params, {nonce});
+        console.log('received and validated tokens %j', tokenSet);
+        console.log('validated ID Token claims %j', tokenSet.claims());
+        res.send(tokenSet.claims());
+    });
+
+    app.listen(3000);
+}
+
+run().catch(console.dir);

deployment.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: oidc-test-client
+  annotations:
+    kubernetes.io/ingress.class: shared
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns.alpha.kubernetes.io/target: traefik.codemowers.ee
+spec:
+  rules:
+    - host: client-gab7y.codemowers.ee
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: oidc-test-client
+                port:
+                  number: 3000
+  tls:
+    - hosts:
+        - "*.codemowers.ee"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: oidc-test-client
+spec:
+  type: ClusterIP
+  selector:
+    app: oidc-test-client
+  ports:
+    - protocol: TCP
+      port: 3000
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: oidc-test-client
+  labels:
+    app: oidc-test-client
+spec:
+  selector:
+    matchLabels:
+      app: oidc-test-client
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: oidc-test-client
+    spec:
+      containers:
+        - name: oidc-test-client
+          image: oidc-test-client
+          ports:
+            - containerPort: 3000

package.json

@@ -0,0 +1,19 @@
+{
+  "name": "oidc-test-client",
+  "version": "0.1.0",
+  "description": "",
+  "main": "app.js",
+  "scripts": {
+    "dev": "nodemon --inspect=0.0.0.0 app.js -e ejs,js,css,html,jpg,png,scss"
+  },
+  "type": "module",
+  "dependencies": {
+    "express": "^4.17.2",
+    "body-parser": "1.20.1",
+    "openid-client": "^5.4.0"
+  },
+  "devDependencies": {
+    "nodemon": "^2.0.20"
+  },
+  "author": "Erki Aas"
+}

skaffold.yaml

@@ -0,0 +1,26 @@
+apiVersion: skaffold/v4beta1
+kind: Config
+build:
+  artifacts:
+    - image: oidc-test-client
+
+manifests:
+  rawYaml:
+    - deployment.yaml
+
+profiles:
+  - name: dev
+    activation:
+      - command: dev
+    build:
+      artifacts:
+        - image: oidc-test-client
+          docker:
+            target: dev
+          sync:
+            manual:
+              - src: 'app.js'
+                dest: .
+    deploy:
+      kubectl: {}
+