603 better oauth datasources #611
Conversation
…e api (localhost:8080 to be used instead of the old localhost:8006)
|
Minimum allowed coverage is Generated by 🐒 cobertura-action against 0e14b90 |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
ESLint found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
…handling of new route to get the redirect url for oauth to be completed
| server.get('/register', unauthedMiddlewareChain, checkSessionWelcome, renderStaticPage(app, '/register')); | ||
| server.get( | ||
| '/login', | ||
| unauthedMiddlewareChain, |
Check failure
Code scanning / CodeQL
Missing rate limiting High
…ve the internal airbyte api handle it
…ill need to patch bugs, fix issues, make dynamic
|
Current status of the code:
The next few commits will likely be refactoring the implementation to do the following in order:
|
|
I merged with #622 since locally rabbitmq was broken on my ubuntu environment, those changes fixed the issue with airbyte being unable to connect to rabbitmq as a destination locally for development. Consider removing that merge if it's unnecessary to push to dev/prod |
…n being passed through the oauth flow
… for dynamic custom passport use
| oauthRouter.get( | ||
| '/hubspot/callback', | ||
| useSession, | ||
| useJWT, |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 15 days ago
To fix the problem, we will introduce a rate-limiting middleware using the express-rate-limit package. This middleware will limit the number of requests a client can make to the server within a specified time window. We will apply this middleware to the routes that use the useJWT middleware to ensure that authorization operations are rate-limited.
- Install the
express-rate-limitpackage if it is not already installed. - Import the
express-rate-limitpackage in thewebapp/src/router.tsfile. - Set up a rate limiter with appropriate configuration (e.g., maximum 100 requests per 15 minutes).
- Apply the rate limiter to the routes that use the
useJWTmiddleware.
| @@ -32,2 +32,3 @@ | ||
| import Permissions from 'permissions/permissions'; | ||
| import rateLimit from 'express-rate-limit'; | ||
| import { PlanLimitsKeys, pricingMatrix, SubscriptionPlan } from 'struct/billing'; | ||
| @@ -37,2 +38,7 @@ | ||
|
|
||
| const limiter = rateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100, // limit each IP to 100 requests per windowMs | ||
| }); | ||
|
|
||
| import { restrictToFirstScrollableAncestor } from '@dnd-kit/modifiers'; | ||
| @@ -130,2 +136,4 @@ | ||
| useSession, | ||
| limiter, | ||
| limiter, | ||
| useJWT, |
| @@ -123,3 +123,4 @@ | ||
| "tsconfig-paths": "^4.2.0", | ||
| "uuid": "^9.0.1" | ||
| "uuid": "^9.0.1", | ||
| "express-rate-limit": "^7.4.1" | ||
| }, |
| Package | Version | Security advisories |
| express-rate-limit (npm) | 7.4.1 | None |
| oauthRouter.get( | ||
| '/salesforce/callback', | ||
| useSession, | ||
| useJWT, |
Check failure
Code scanning / CodeQL
Missing rate limiting High
| oauthRouter.get( | ||
| '/xero/callback', | ||
| useSession, | ||
| useJWT, |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to introduce rate limiting to the route handlers that perform authorization. The best way to achieve this is by using the express-rate-limit package, which allows us to easily set up and apply rate limiting middleware to the relevant routes.
- Install the
express-rate-limitpackage. - Import the
express-rate-limitpackage in thewebapp/src/router.tsfile. - Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
- Apply the rate limiter to the relevant routes.
| @@ -33,2 +33,8 @@ | ||
| import { PlanLimitsKeys, pricingMatrix, SubscriptionPlan } from 'struct/billing'; | ||
| import RateLimit from 'express-rate-limit'; | ||
|
|
||
| const limiter = RateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100, // max 100 requests per windowMs | ||
| }); | ||
|
|
||
| @@ -150,2 +156,3 @@ | ||
| '/salesforce/callback', | ||
| limiter, | ||
| useSession, | ||
| @@ -171,2 +178,4 @@ | ||
| '/xero/callback', | ||
| limiter, | ||
| limiter, | ||
| useSession, |
| @@ -123,3 +123,4 @@ | ||
| "tsconfig-paths": "^4.2.0", | ||
| "uuid": "^9.0.1" | ||
| "uuid": "^9.0.1", | ||
| "express-rate-limit": "^7.4.1" | ||
| }, |
| Package | Version | Security advisories |
| express-rate-limit (npm) | 7.4.1 | None |
…tible verify callback
| oauthRouter.get( | ||
| '/airtable/callback', | ||
| useSession, | ||
| useJWT, |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 15 days ago
To fix the problem, we need to introduce rate limiting to the routes that use the useJWT middleware. We can use the express-rate-limit package to achieve this. The rate limiter should be configured to allow a reasonable number of requests per window of time to prevent abuse while not hindering legitimate users.
- Install the
express-rate-limitpackage. - Import the
express-rate-limitpackage in thewebapp/src/router.tsfile. - Configure the rate limiter with appropriate settings.
- Apply the rate limiter to the routes that use the
useJWTmiddleware.
| @@ -33,2 +33,8 @@ | ||
| import { PlanLimitsKeys, pricingMatrix, SubscriptionPlan } from 'struct/billing'; | ||
| import rateLimit from 'express-rate-limit'; | ||
|
|
||
| const limiter = rateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100, // limit each IP to 100 requests per windowMs | ||
| }); | ||
|
|
||
| @@ -207,2 +213,3 @@ | ||
| '/airtable/callback', | ||
| limiter, | ||
| useSession, | ||
| @@ -221,3 +228,3 @@ | ||
|
|
||
| server.use('/auth', useSession, passportInstance.session(), oauthRouter); | ||
| server.use('/auth', limiter, useSession, passportInstance.session(), oauthRouter); | ||
|
|
| @@ -123,3 +123,4 @@ | ||
| "tsconfig-paths": "^4.2.0", | ||
| "uuid": "^9.0.1" | ||
| "uuid": "^9.0.1", | ||
| "express-rate-limit": "^7.4.1" | ||
| }, |
| Package | Version | Security advisories |
| express-rate-limit (npm) | 7.4.1 | None |
|
Somewhere along the line here a bug was introduced that replaced the file upload/drop area with the connectors dropdown |
|
@NaderRNA what's happening with this PR?? where are we with this?? |
|
Currently the branch supports custom OAuth implementation for any OAuth provider where we have a Client ID and Client Secret for the oauth. Currently HubSpot is completley functional using OAuth but there are some issues with out Airtable, Salesforce and Xero app credentials so I'm just trying to iron those out with Andrew. |
Ability to connect to datasources (airbyte) using OAuth login page
Uses passport.js to authenticate the OAuth, gets the refreshToken (which is the only thing airbyte needs to establish a connection to a source with OAuth).
Aims to keep current datasource flow as unchanged as possible.
We only have client ID and client Secrets for the following which will be the only ones supported:
(crossed out oauth providers are implemented)