Merge pull request #246 from GBSL-Informatik/feature/better-auth

feature: use better-auth

Author: lebalz

.env.example

@@ -1,7 +1,3 @@
-CLIENT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-TENANT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
 APP_URL="http://localhost:3000"
 BACKEND_URL="http://localhost:3002"
-API_URI="api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/access_as_user"
-STUDENT_USERNAME_PATTERN="@edu"
 DEFAULT_TEST_USER="[email protected]"

.github/workflows/deploy.yml

@@ -21,9 +21,6 @@ jobs:
           cache: yarn
       - name: Install dependencies and build website
         env:
-          CLIENT_ID: ${{ secrets.CLIENT_ID }}
-          TENANT_ID: ${{ secrets.TENANT_ID }}
-          API_URI: ${{ secrets.API_URI }}
           APP_URL: ${{ secrets.APP_URL }}
           BACKEND_URL: ${{ secrets.BACKEND_URL }}
           GH_OAUTH_CLIENT_ID: ${{ vars.GH_OAUTH_CLIENT_ID}}

README.md

@@ -11,10 +11,6 @@ This website is built using [Docusaurus](https://docusaurus.io/), a modern stati
 | :------------------------- | :------------- | :---------------------------------- | :------------------------------ | :----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `APP_URL`                  | Production     | `http://localhost:3000`             |                                 | Domain of the hosted app                                                                                                                                           |
 | `BACKEND_URL`              | Production     | `http://localhost:3002`             |                                 | Url of the API Endpoint                                                                                                                                            |
-| `CLIENT_ID`                | Production     |                                     |                                 | Azure ID: Client ID                                                                                                                                                |
-| `TENANT_ID`                | Production     |                                     |                                 | Azure AD: Tenant Id                                                                                                                                                |
-| `API_URI`                  | Production     |                                     |                                 | Azure AD: API Url                                                                                                                                                  |
-| `STUDENT_USERNAME_PATTERN` | Production     |                                     | `@edu`                          | Users with usernames matching this RegExp pattern are displayed as students (regardless of admin status). If unset, all non-admin users are displayed as students. |
 | `DEFAULT_TEST_USER`        | Development    |                                     | `[email protected]`             | To log in offline. Email of the user to be selected by default. Must correspond to a user email found in the API's database.\*                                     |
 | `OFFLINE_API`              | Dev/Production | `memory`                            | `true` | `memory` | `indexedDB` | In case the project shall be fully functional, but API persistent data is not needed (e.g. when run in Github Codespace), set this option to true (=`memory`).     |
 | `SENTRY_DSN`               | Production     |                                     |                                 | Sentry DSN for error tracking                                                                                                                                      |

docs/tdev/app-architecture/api-deploy/index.mdx

@@ -5,7 +5,7 @@ page_id: 560cfd4d-4464-42ff-a121-a3d116ea1994
 import Steps from '@tdev-components/Steps'
 import { Val, TemplateCode, DynamicInput } from '@tdev-components/DynamicValues';
 import _ from 'es-toolkit/compat';
-import { generateRandomBase64 } from './secureToken';
+import { generateRandomBase64 } from '../helpers/secureToken';
 
 # API Aufsetzen
 
@@ -16,7 +16,6 @@ import { generateRandomBase64 } from './secureToken';
       <DynamicInput name="app" default='inf-teaching-api' />
       <DynamicInput name="domain" default='teaching-api.gbsl.website' />
       <DynamicInput name="APP_NAME" derived default={(page) => _.camelCase((page.dynamicValues.get('app') || 'inf-teaching-api'))} />
-      <DynamicInput name="API_URI" placeholder='api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' />
       <DynamicInput name="ALLOWED_ORIGINS" default='gbsl.website' />
       <DynamicInput name="ALLOW_SUBDOMAINS" default='true' />
       <DynamicInput name="SESSION_SECRET" monospace default='$(openssl rand -base64 32)' onRecalculate={() => generateRandomBase64()} />

docs/tdev/app-architecture/dokku/index.mdx

@@ -4,6 +4,7 @@ page_id: 323ff390-40d6-4bd5-ac6c-7a05f3515526
 
 import Steps from '@tdev-components/Steps'
 import { Val, TemplateCode, DynamicInput } from '@tdev-components/DynamicValues';
+import { generateRandomBase64 } from '../helpers/secureToken';
 
 # Dokku Deploy
 
@@ -18,8 +19,8 @@ Durch das Hosten auf einem eigenen Server kann mit bspw. `http-auth` der Zugriff
   1. Eine neue App __<Val name="app" />__ auf dem Server erstellen
       <DynamicInput name="app" default='info-teaching-website' />
       <DynamicInput name="domain" default='info.gbsl.website' />
-      <DynamicInput name="API_URI" default='api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' />
-      <DynamicInput name="BACKEND_URL" default='https://xxx-api.gbsl.website' />
+      <DynamicInput name="BETTER_AUTH_URL" default='https://xxx-api.gbsl.website' />
+      <DynamicInput name="BETTER_AUTH_SECRET" monospace default='$(openssl rand -base64 32)' onRecalculate={() => generateRandomBase64()} />
       <DynamicInput name="CLIENT_ID" default='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' />
       <DynamicInput name="TENANT_ID" default='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' />
       <TemplateCode>
@@ -34,7 +35,7 @@ Durch das Hosten auf einem eigenen Server kann mit bspw. `http-auth` der Zugriff
 
          dokku config:set --no-restart {{app}} API_URI={{API_URI}}
          dokku config:set --no-restart {{app}} APP_URL=https://{{domain}}
-         dokku config:set --no-restart {{app}} BACKEND_URL={{BACKEND_URL}}
+         dokku config:set --no-restart {{app}} BETTER_AUTH_URL={{BETTER_AUTH_URL}}
          dokku config:set --no-restart {{app}} CLIENT_ID={{CLIENT_ID}}
          dokku config:set --no-restart {{app}} TENANT_ID={{TENANT_ID}}
          ```
@@ -44,7 +45,7 @@ Durch das Hosten auf einem eigenen Server kann mit bspw. `http-auth` der Zugriff
          ```bash title="/home/dokku/{{app}}/ENV"
          API_URI="{{API_URI}}"
          APP_URL="https://{{domain}}"
-         BACKEND_URL="{{BACKEND_URL}}"
+         BETTER_AUTH_URL="{{BETTER_AUTH_URL}}"
          CLIENT_ID="{{CLIENT_ID}}"
          TENANT_ID="{{TENANT_ID}}"
          NGINX_ROOT="build"

docs/tdev/app-architecture/api-deploy/secureToken.ts renamed to docs/tdev/app-architecture/helpers/secureToken.ts

@@ -71,8 +71,6 @@ const config: Config = applyTransformers({
     /** Use test user in local dev: set DEFAULT_TEST_USER to the default test users email adress*/
     TEST_USER: DEFAULT_TEST_USER,
     OFFLINE_API: OFFLINE_API,
-    /** User.ts#isStudent returns `true` for users matching this pattern. If unset, it returns `true` for all non-admin users. */
-    STUDENT_USERNAME_PATTERN: process.env.STUDENT_USERNAME_PATTERN,
     NO_AUTH: (process.env.NODE_ENV !== 'production' || OFFLINE_API) && !!DEFAULT_TEST_USER,
     /** The Domain Name where the api is running */
     APP_URL: process.env.NETLIFY
@@ -82,12 +80,6 @@ const config: Config = applyTransformers({
       : process.env.APP_URL || 'http://localhost:3000',
     /** The Domain Name of this app */
     BACKEND_URL: process.env.BACKEND_URL || 'http://localhost:3002',
-    /** The application id generated in https://portal.azure.com */
-    CLIENT_ID: process.env.CLIENT_ID,
-    /** Tenant / Verzeichnis-ID (Mandant) */
-    TENANT_ID: process.env.TENANT_ID,
-    /** The application id uri generated in https://portal.azure.com */
-    API_URI: process.env.API_URI,
     GIT_COMMIT_SHA: GIT_COMMIT_SHA,
     SENTRY_DSN: process.env.SENTRY_DSN,
     GH_OAUTH_CLIENT_ID: GH_OAUTH_CLIENT_ID,

docusaurus.config.ts

@@ -23,8 +23,6 @@
         "updateTdev": "ts-node updateSync/updateTdev.ts"
     },
     "dependencies": {
-        "@azure/msal-browser": "^v3.28.0",
-        "@azure/msal-react": "^2.2.0",
         "@docusaurus/core": "^3.8.1",
         "@docusaurus/faster": "^3.8.1",
         "@docusaurus/preset-classic": "^3.8.1",
@@ -49,6 +47,7 @@
         "@sentry/webpack-plugin": "^3.3.1",
         "ace-builds": "^1.41.0",
         "axios": "^1.9.0",
+        "better-auth": "^1.3.26",
         "browser-image-compression": "^2.0.2",
         "clsx": "^2.1.1",
         "docusaurus-plugin-sass": "^0.2.6",

package.json

@@ -11,9 +11,9 @@ class MemoryDbAdapter implements DbAdapter {
 
     async getAll<T>(storeName: string): Promise<T[]> {
         if (!this.db[storeName]) {
-            return [];
+            return Promise.resolve([]);
         }
-        return Object.values(this.db[storeName]) as T[];
+        return Promise.resolve(Object.values(this.db[storeName]) as T[]);
     }
 
     async byDocumentRootId<T extends DocumentType>(
@@ -22,31 +22,34 @@ class MemoryDbAdapter implements DbAdapter {
         if (!documentRootId) {
             return Promise.resolve([]);
         }
-        return this.filter('documents', (doc) => doc.documentRootId === documentRootId) as Promise<
-            Document<T>[]
-        >;
+        return Promise.resolve(
+            this.filter('documents', (doc) => doc.documentRootId === documentRootId) as Promise<Document<T>[]>
+        );
     }
 
     async put<T>(storeName: string, item: T & { id: string }): Promise<void> {
         if (!this.db[storeName]) {
             this.db[storeName] = {};
         }
         this.db[storeName][item.id] = item;
+        return Promise.resolve();
     }
 
     async delete(storeName: string, id: string): Promise<void> {
         if (this.db[storeName] && this.db[storeName][id]) {
             delete this.db[storeName][id];
         }
+        return Promise.resolve();
     }
     async filter<T>(storeName: string, filterFn: (item: T) => boolean): Promise<T[]> {
         const allItems = await this.getAll<T>(storeName);
-        return allItems.filter(filterFn);
+        return Promise.resolve(allItems.filter(filterFn));
     }
 
     async destroyDb(): Promise<void> {
         this.db = {};
         console.log('MemoryDbAdapter: Database destroyed');
+        return Promise.resolve();
     }
 }
 

src/api/OfflineApi/Adapter/MemoryDb.ts

@@ -18,6 +18,7 @@ const LOG_REQUESTS = false;
 let OfflineUser: User = {
     id: 'c23c0238-4aeb-457f-9a2c-3d2d5d8931c0',
     email: '[email protected]',
+    name: 'Offline User',
     firstName: 'Offline',
     lastName: 'User',
     role: process.env.NODE_ENV === 'production' ? Role.STUDENT : Role.ADMIN,
@@ -29,6 +30,7 @@ const DB_NAME = `${siteConfig.organizationName ?? 'gbsl'}-${siteConfig.projectNa
 const DOCUMENTS_STORE = 'documents';
 const STUDENT_GROUPS_STORE = 'studentGroups';
 const PERMISSIONS_STORE = 'permissions';
+export const getOfflineUser = () => ({ ...OfflineUser });
 
 const resolveResponse = <T>(data: T, statusCode: number = 200, statusText: string = ''): AxiosPromise<T> => {
     return Promise.resolve({
@@ -90,6 +92,7 @@ export default class OfflineApi {
                 this.dbAdapter = new MemoryDbAdapter();
             }
         } else {
+            console.log('setup memory adapter');
             this.dbAdapter = new MemoryDbAdapter();
         }
         if (LOG_REQUESTS) {
@@ -236,8 +239,6 @@ export default class OfflineApi {
                 return resolveResponse([] as unknown as T);
             case 'allowedActions':
                 return resolveResponse([] as unknown as T);
-            case 'checklogin':
-                return resolveResponse({ user: OfflineUser } as unknown as T, 200, 'ok');
             case 'documents':
                 if (id) {
                     const document = await this.dbAdapter.get<Document<any>>(DOCUMENTS_STORE, id);