Initial implementation for Red Hat SSO authentication provider

Signed-off-by: Denis Golovin [email protected]

Author: dgolovin

.gitignore

@@ -0,0 +1,6 @@
+.electron-vendors.cache.json
+builtin
+dist
+node_modules
+redhat-authentication.cdix
+ 

.nvmrc

@@ -0,0 +1 @@
+16

package.json

@@ -0,0 +1,36 @@
+{
+  "name": "redhat-authentication",
+  "displayName": "Red Hat Authentication",
+  "description": "Login to Red Hat Developers",
+  "version": "0.0.1",
+  "icon": "icon.png",
+  "publisher": "dgolvoin",
+  "license": "Apache-2.0",
+  "engines": {
+    "podman-desktop": "^0.0.1"
+  },
+  "main": "./dist/extension.js",
+  "contributes": {
+    "commands": [
+      {
+        "command": "redhat.auth.login",
+        "title": "Red Hat Authentication: login"
+      }
+    ]
+  },
+  "scripts": {
+    "build": "rollup --bundleConfigAsCjs --config rollup.config.js --compact --environment BUILD:production  && node ./scripts/build.js",
+    "watch": "rollup --bundleConfigAsCjs --config rollup.config.js -w"
+  },
+  "dependencies": {
+    "@podman-desktop/api": "^0.0.1",
+    "js-yaml": "^4.1.0",
+    "openid-client": "5.4.0"
+  },
+  "devDependencies": {
+    "7zip-min": "^1.4.3",
+    "@types/js-yaml": "^4.0.5",
+    "mkdirp": "^2.1.3",
+    "zip-local": "^0.3.5"
+  }
+}

rollup.config.js

@@ -0,0 +1,39 @@
+// rollup.config.js
+import typescript from '@rollup/plugin-typescript';
+import commonjs from '@rollup/plugin-commonjs';
+import json from '@rollup/plugin-json';
+import { nodeResolve } from '@rollup/plugin-node-resolve';
+
+export default {
+  input: 'src/extension.ts',
+  output: {
+    dir: 'dist',
+    format: 'cjs',
+    sourcemap: true,
+  },
+  external: [
+    '@podman-desktop/api',
+    'electron',
+    'node:stream',
+    'node:http',
+    'node:url',
+    'node:process',
+    'node:tls',
+    'node:util',
+    'node:buffer',
+    'node:https',
+    'node:events',
+    'node:net',
+    'node:process',
+    'node:path',
+    'node:os',
+    'node:fs',
+    'node:child_process',
+  ],
+  plugins: [
+    typescript(),
+    commonjs({ extensions: ['.js', '.ts'] }), // the ".ts" extension is required],
+    json(),
+    nodeResolve({preferBuiltins: true}),
+  ],
+};

scripts/build.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+/**********************************************************************
+ * Copyright (C) 2022 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ***********************************************************************/
+
+const zipper = require('zip-local');
+const path = require('path');
+const package = require('../package.json');
+const { mkdirp } = require('mkdirp');
+const fs = require('fs');
+
+const destFile = path.resolve(__dirname, `../${package.name}.cdix`);
+const builtinDirectory = path.resolve(__dirname, '../builtin');
+const unzippedDirectory = path.resolve(builtinDirectory, `${package.name}.cdix`);
+// remove the .cdix file before zipping
+if (fs.existsSync(destFile)) {
+  fs.rmSync(destFile);
+}
+// remove the builtin folder before zipping
+if (fs.existsSync(builtinDirectory)) {
+  fs.rmSync(builtinDirectory, { recursive: true, force: true });
+}
+
+zipper.sync.zip(path.resolve(__dirname, '../')).compress().save(destFile);
+
+// create unzipped built-in
+mkdirp(unzippedDirectory).then(() => {
+  zipper.sync.unzip(destFile).save(unzippedDirectory);
+});

src/authentication-server.ts

@@ -0,0 +1,127 @@
+/**********************************************************************
+ * Copyright (C) 2022 - 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ***********************************************************************/
+
+import * as fs from 'fs';
+import * as http from 'http';
+import * as path from 'path';
+import * as url from 'url';
+import { ServerConfig, AuthConfig } from './configuration';
+
+interface Deferred<T> {
+  resolve: (result: T | Promise<T>) => void;
+  reject: (reason: any) => void;
+}
+
+export function createServer(config: AuthConfig, nonce: string) {
+  type RedirectResult =
+    | { req: http.IncomingMessage; res: http.ServerResponse }
+    | { err: any; res: http.ServerResponse };
+  let deferredRedirect: Deferred<RedirectResult>;
+  const redirectPromise = new Promise<RedirectResult>((resolve, reject) => (deferredRedirect = { resolve, reject }));
+
+  let deferredCallback: Deferred<RedirectResult>;
+  const callbackPromise = new Promise<RedirectResult>((resolve, reject) => (deferredCallback = { resolve, reject }));
+
+  const server = http.createServer(function (req, res) {
+    const reqUrl = url.parse(req.url!, /* parseQueryString */ true);
+    console.log(`Received ${reqUrl.pathname}`);
+    switch (reqUrl.pathname) {
+      case '/signin':
+        // eslint-disable-next-line no-case-declarations
+        const receivedNonce = ((reqUrl.query.nonce as string) || '').replace(/ /g, '+');
+        if (receivedNonce === nonce) {
+          deferredRedirect.resolve({ req, res });
+        } else {
+          const err = new Error('Nonce does not match.');
+          deferredRedirect.resolve({ err, res });
+        }
+        break;
+      case '/':
+        sendFile(res, path.join(__dirname, '../www/success.html'), 'text/html; charset=utf-8');
+        break;
+      case '/auth.css':
+        sendFile(res, path.join(__dirname, '../www/auth.css'), 'text/css; charset=utf-8');
+        break;
+      case '/favicon.ico':
+        sendFile(res, path.join(__dirname, '../www/favicon.ico'), 'image/vnd.microsoft.icon');
+        break;
+      case `/${config.serverConfig.callbackPath}`:
+        deferredCallback.resolve({ req, res });
+        break;
+      default:
+        res.writeHead(404);
+        res.end();
+        break;
+    }
+  });
+  return { server, redirectPromise, callbackPromise };
+}
+
+export async function startServer(config: ServerConfig, server: http.Server): Promise<string> {
+  let portTimer: NodeJS.Timer;
+
+  function cancelPortTimer() {
+    clearTimeout(portTimer);
+  }
+
+  const port = new Promise<string>((resolve, reject) => {
+    portTimer = setTimeout(() => {
+      reject(new Error('Timeout waiting for port'));
+    }, 5000);
+
+    server.on('listening', () => {
+      const address = server.address();
+      if (typeof address === 'undefined' || address === null) {
+        reject(new Error('adress is null or undefined'));
+      } else if (typeof address === 'string') {
+        resolve(address);
+      } else {
+        resolve(address.port.toString());
+      }
+    });
+
+    server.on('error', _ => {
+      reject(new Error('Error listening to server'));
+    });
+
+    server.on('close', () => {
+      reject(new Error('Closed'));
+    });
+
+    server.listen(config.port);
+  });
+
+  port.then(cancelPortTimer, cancelPortTimer);
+  return port;
+}
+
+function sendFile(res: http.ServerResponse, filepath: string, contentType: string) {
+  fs.readFile(filepath, (err, body) => {
+    if (err) {
+      console.error(err);
+      res.writeHead(404);
+      res.end();
+    } else {
+      res.writeHead(200, {
+        'Content-Length': body.length,
+        'Content-Type': contentType,
+      });
+      res.end(body);
+    }
+  });
+}