Can't get Auth0 integration working with feathers - feathersjs

I'm having a hard time getting Auth0 integration working. I'm getting the response shown below
{
"name": "NotAuthenticated",
"message": "error:0909006C:PEM routines:get_name:no start line",
"code": 401,
"className": "not-authenticated",
"data": {
"library": "PEM routines",
"function": "get_name",
"reason": "no start line",
"code": "ERR_OSSL_PEM_NO_START_LINE"
},
"errors": {}
}
When doing a GET to https://localhost:433/users with headers
{
Authorization: Bearer REMOVED
}
The REMOVED part above was the token returned from calling
curl 'http://localhost:3030/users/' -H 'Content-Type: application/json'
Here is my default.json
{
"host": "localhost",
"port": 433,
"public": "../public/",
"paginate": {
"default": 10,
"max": 50
},
"authentication": {
"entity": "user",
"service": "users",
"secret": "REMOVED",
"authStrategies": [
"jwt",
"local"
],
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "http://vice-node-boilerplate",
"issuer": "feathers",
"algorithm": "RS256",
"expiresIn": "1d"
},
"local": {
"usernameField": "email",
"passwordField": "password"
},
"oauth": {
"redirect": "/",
"auth0": {
"key": "REMOVED",
"secret": "REMOVED",
"subdomain": "vicesoftware"
}
}
},
"postgres": "postgres://postgres:#localhost:5432/vice_node_boilerplate"
}
I've updated authentication.js as shown below
const { AuthenticationService, JWTStrategy } = require('#feathersjs/authentication');
const { LocalStrategy } = require('#feathersjs/authentication-local');
const { expressOauth, OAuthStrategy } = require('#feathersjs/authentication-oauth');
class Auth0Strategy extends OAuthStrategy {
async getEntityData(profile) {
const baseData = await super.getEntityData(profile);
return {
...baseData,
email: profile.email
};
}
}
module.exports = app => {
const authentication = new AuthenticationService(app);
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
authentication.register('auth0', new Auth0Strategy());
app.use('/authentication', authentication);
app.configure(expressOauth());
};
and I've updated index.js as shown below
/* eslint-disable no-console */
const https = require('https');
const fs = require('fs');
const logger = require('./logger');
const app = require('./app');
const port = app.get('port');
const key = fs.readFileSync(__dirname + '/localhost-key.pem');
const cert = fs.readFileSync(__dirname + '/localhost.pem');
if (!key) {
throw Error("Unable to read certificate key file");
}
if (!cert){
throw Error("Unable to read certificate cert key file");
}
const server = https.createServer({
key,
cert
}, app).listen(port);
process.on('unhandledRejection', (reason, p) =>
logger.error('Unhandled Rejection at: Promise ', p, reason)
);
server.on('listening', () =>
logger.info('Feathers application started on http://%s:%d', app.get('host'), port)
);
I generated the local dev cert files localhost-key.pem and localhost.pem following the instructions found here: https://auth0.com/docs/libraries/secure-local-development
Edit 1
Note that I also tried generating a cert using these instructions from node.js docs: https://nodejs.org/en/knowledge/HTTP/servers/how-to-create-a-HTTPS-server/

You changed the jwtOptions.algorithm configuration to RS256. This needs additional configuration, specifically a valid private key. The error indicates that the private key provided is not valid. More information can be found in the node-jsonwebtoken documentation. I recommend to stick with the default HS256/384/512 algorithms if you are not sure.

Related

Web Application doesn't communicate correctly with Ethereum smart contract deployed through Truffle

I coded this really simple smart contract in Solidity which allows users to add todo tasks to their personal list, to fetch their list of todos, and so on.
pragma solidity ^0.8.0;
contract ToDo {
struct Task {
string content;
bool completed;
}
mapping(address => Task[]) private tasks;
function addTask(string memory content) public {
tasks[msg.sender].push(Task(content, false));
}
function changeTaskState(uint256 taskId) public {
tasks[msg.sender][taskId].completed = !tasks[msg.sender][taskId].completed;
}
function editTaskContent(uint256 taskId, string memory content) public {
tasks[msg.sender][taskId].content = content;
}
function getTasks() public view returns(Task[] memory) {
return tasks[msg.sender];
}
}
This works exactly as intended when deployed through Truffle and tested in the Truffle(develop) terminal:
truffle(develop)> const todo = await ToDo.deployed()
undefined
truffle(develop)> todo.getTasks()
[]
truffle(develop)> todo.addTask("Hello, world!")
{
tx: '0x7e607352c1ab8f6532c5b43e282eb20f29d5bfa451dfbb873bac3506df00cb1a',
receipt: {
transactionHash: '0x7e607352c1ab8f6532c5b43e282eb20f29d5bfa451dfbb873bac3506df00cb1a',
transactionIndex: 0,
blockHash: '0x98b361190eadf1905c3e15b5054aa4ace8eaa33a2b4d35898f78e2165ea996a2',
blockNumber: 5,
from: '0x3455100c0b0617afbf0f53db5e5c07366e20791b',
to: '0x645a78fe8eb3529291ba63a8e420d26c7baf61a0',
gasUsed: 66634,
cumulativeGasUsed: 66634,
contractAddress: null,
logs: [],
status: true,
logsBloom: '0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000',
rawLogs: []
},
logs: []
}
truffle(develop)> todo.changeTaskState(0)
{
tx: '0xddb313978411cd3f1429f1eb61b9bbde816e3a874d765aa5588a69508d226b44',
receipt: {
transactionHash: '0xddb313978411cd3f1429f1eb61b9bbde816e3a874d765aa5588a69508d226b44',
transactionIndex: 0,
blockHash: '0xbae43abf22ca06de65a41e3e54493ad944f4b997b12a3ed407bc5f778d00a3be',
blockNumber: 6,
from: '0x3455100c0b0617afbf0f53db5e5c07366e20791b',
to: '0x645a78fe8eb3529291ba63a8e420d26c7baf61a0',
gasUsed: 45320,
cumulativeGasUsed: 45320,
contractAddress: null,
logs: [],
status: true,
logsBloom: '0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000',
rawLogs: []
},
logs: []
}
truffle(develop)> todo.getTasks()
[
[ 'Hello, world!', true, content: 'Hello, world!', completed: true ]
]
However, when I try to call these contract's functions from a web-app, it seems like there are some kind of communication errors with the local blockchain provided by Truffle.
Of course I've installed Metamask in my browser and I've connected it to http://127.0.0.1:9545 (as Truffle tells me to do upon executing the truffle develop command). I've also imported the private phrase provided by Truffle, so that I could access the 10 test addresses on that local network.
I've also found the contract's address and ABI in the build/contracts directory and set up a simple front end in React.
import Web3 from 'web3';
import React, { useState, useEffect } from "react";
const TODO_ABI =
[
{
"inputs": [
{
"internalType": "string",
"name": "content",
"type": "string"
}
],
"name": "addTask",
"outputs": [],
"stateMutability": "nonpayable",
"type": "function"
},
{
"inputs": [
{
"internalType": "uint256",
"name": "taskId",
"type": "uint256"
}
],
"name": "changeTaskState",
"outputs": [],
"stateMutability": "nonpayable",
"type": "function"
},
{
"inputs": [
{
"internalType": "uint256",
"name": "taskId",
"type": "uint256"
},
{
"internalType": "string",
"name": "content",
"type": "string"
}
],
"name": "editTaskContent",
"outputs": [],
"stateMutability": "nonpayable",
"type": "function"
},
{
"inputs": [],
"name": "getTasks",
"outputs": [
{
"components": [
{
"internalType": "string",
"name": "content",
"type": "string"
},
{
"internalType": "bool",
"name": "completed",
"type": "bool"
}
],
"internalType": "struct ToDo.Task[]",
"name": "",
"type": "tuple[]"
}
],
"stateMutability": "view",
"type": "function",
"constant": true
}
];
const TODO_ADDRESS = "0x645a78fe8eb3529291ba63a8e420d26c7baf61a0";
function ChangeTaskStateButton(props) {
return (
<button onClick={ () => props.contract.methods.changeTaskState(props.id).call() }>{ props.state }</button>
);
}
function Task(props) {
return (
<li>
{ props.content } | <ChangeTaskStateButton contract={ props.contract } id={ props.id } state={ props.completed ? "Completed" : "Pending "}></ChangeTaskStateButton>
</li>
);
}
function TasksList(props) {
let tasks = [];
const tasksData = props.tasks;
for(let i = 0; i < tasksData.length; i++) {
tasks.push(<Task id={i} content={ tasksData[i].content } completed={ tasksData[i].completed } contract={ props.contract }></Task>);
}
return (
<div>
<ul>
{ tasks }
</ul>
</div>
);
}
function TaskForm(props) {
const [content, setContent] = useState("");
const handleSubmit = (event) => {
event.preventDefault();
props.contract.methods.addTask(content).call()
.then(() => props.setTasks(props.tasks.concat({content: content, completed: false})));
};
const handleChange = (event) => {
setContent(event.target.value);
};
return(
<form onSubmit={ handleSubmit }>
<input type="text" onChange={ handleChange }></input>
<button type="submit">Submit</button>
</form>
);
}
function App() {
const [web3] = useState(new Web3(Web3.givenProvider || "http://localhost:9545"));
const [contract] = useState(new web3.eth.Contract(TODO_ABI, TODO_ADDRESS));
const [tasks, setTasks] = useState([]);
useEffect(() => {
contract.methods.getTasks().call()
.then(tasks => {
setTasks(tasks);
});
}, [contract.methods]);
return (
<div>
<TaskForm contract={contract} setTasks={setTasks} tasks={tasks}></TaskForm>
<TasksList tasks={tasks} contract={contract}></TasksList>
</div>
);
}
The call to getTasks() always returns an empty array, even if I add a task through the terminal with the same address that's currently in use on Metamask, while the call to addTask() doesn't store anything in the smart contracts's map. The call to these two functions don't cause any errors or warnings to appear in the browser's console. However, the call to changeTaskState() does cause two errors do be displayed:
inpage.js:1 MetaMask - RPC Error: Internal JSON-RPC error.
{code: -32603, message: "Internal JSON-RPC error.", data: {…}}
code: -32603
data: {message: "VM Exception while processing transaction: revert", code: -32000, data: {…}}
message: "Internal JSON-RPC error."
__proto__: Object
index.js:50 Uncaught (in promise) Error: Internal JSON-RPC error.
{
"message": "VM Exception while processing transaction: revert",
"code": -32000,
"data": {
"0x359c33ac64b2b3eb0096b40b2d225679d4212f40fc86ef938af49fcc47159f2c": {
"error": "revert",
"program_counter": 994,
"return": "0x4e487b710000000000000000000000000000000000000000000000000000000000000032"
},
"stack": "RuntimeError: VM Exception while processing transaction: revert\n at Function.RuntimeError.fromResults (C:\\Users\\gianm\\AppData\\Roaming\\npm\\node_modules\\truffle\\build\\webpack:\\node_modules\\ganache-core\\lib\\utils\\runtimeerror.js:94:1)\n at C:\\Users\\gianm\\AppData\\Roaming\\npm\\node_modules\\truffle\\build\\webpack:\\node_modules\\ganache-core\\lib\\blockchain_double.js:568:1",
"name": "RuntimeError"
}
}
at Object._fireError (index.js:50)
at sendTxCallback (index.js:540)
at cb (util.js:689)
at callbackifyOnRejected (util.js:666)
at Item.push../node_modules/process/browser.js.Item.run (browser.js:153)
at drainQueue (browser.js:123)
I've also tried to use Ganache, instead of Truffle's built-in local blockchain, and I even tried to change browser, but nothing seems to work. I've also checked whether Metamask was actually connected to the webapp and sure enough it was. What am I missing here?
There are two main ways to interact with a smart contract. A call (read-only, free) and a transaction (read-write, requires gas fees).
Your react code uses the .call() method for addTask() and changeTaskState(), which doesn't allow writing in the contract storage.
Since you're working with MetaMask, you should use the Ethereum Provider API and submit a request to MM that will ask the user to confirm the transaction.
So instead of the props.contract.methods.addTask(content).call() you can get the contents of the data field and then generate the transaction request.
const data = props.contract.methods.addTask(content).encodeABI();
ethereum.request({
method: 'eth_sendTransaction',
params: [{
from: senderAddress,
to: contractAddress,
data: data
}],
});
Note: You can set the senderAddress after connecting to MM.
Another way is to use the web3 .send() method, but this requires passing the private key of the sender to web3 (bad idea in a frontend JS app) or unlocked provider account (local providers usually have few unlocked accounts, but production ones don't).

#feathersjs Server Multiple JWT Authentication Services Not Allowed?

I'm looking for an answer to best practices for this solution. I have an IOT project im working on that requires authentication on two paths. User and device.
What I am attempting to do is have full control over route authentication separately on user and device so i thought that creating two separate JWT services would be appropriate.
Feathers: 4.5.8
My authentication Service looks like this
export default function (app: Application): void {
const deviceAuthentication = new DeviceAuthService(app, 'device-authentication');
deviceAuthentication.register('device-jwt', new DeviceJWTStrategy());
deviceAuthentication.register('device', new DeviceStrategy());
const authentication = new AuthService(app, 'authentication');
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
app.use('/device-authentication', deviceAuthentication);
app.use('/authentication', authentication);
app.configure(expressOauth());
}
//hooks /someapi
{before:{ get: [authenticate('device-jwt')]}
//config
"device-authentication": {
"entity": "device",
"service": "devices",
"secret": "***",
"authStrategies": [
"device-jwt",
"device"
],
"device": {
"usernameField": "uuid",
"altUsernameField": "email",
"passwordField": "password"
},
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "https://something.com",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
}
},
"authentication": {
"entity": "user",
"service": "users",
"secret": "*****",
"authStrategies": [
"jwt",
"local"
],
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "https://somthing.com",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
},
"local": {
"usernameField": "email",
"passwordField": "password"
},
"oauth": {
"redirect": "/",
"auth0": {
"key": "<auth0 oauth key>",
"secret": "<auth0 oauth secret>",
"subdomain": "<auth0 subdomain>"
},
"google": {
"key": "<google oauth key>",
"secret": "<google oauth secret>",
"scope": [
"email",
"profile",
"openid"
]
},
"facebook": {
"key": "<facebook oauth key>",
"secret": "<facebook oauth secret>"
},
"twitter": {
"key": "<twitter oauth key>",
"secret": "<twitter oauth secret>"
},
"github": {
"key": "<github oauth key>",
"secret": "<github oauth secret>"
}
}
},
The problem I am running into is that when i use GET on users, I expect to authenticate on the jwt strategy for the /authentication service. Debugging says i am parsing to the jwt strategy but get a result as see here
Invalid authentication information (strategy not allowed in authStrategies)
the jwt strategy attempted in debug is "device-jwt"
if Swap the service functions to
export default function (app: Application): void {
const authentication = new SippAuthService(app, 'authentication');
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
const deviceAuthentication = new SippDeviceAuthService(app, 'device-authentication');
deviceAuthentication.register('device-jwt', new DeviceJWTStrategy());
deviceAuthentication.register('device', new DeviceStrategy());
app.use('/device-authentication', deviceAuthentication);
app.use('/authentication', authentication);
app.configure(expressOauth());
}
Just the opposite happens, i will get the same message on the users auth service but it will never reach the device auth service
The error is thrown here
///AuthenticationService.authenticate. node_modules/#feathersjs/authentication/src/core.js (204)
if (!authentication || !authStrategy || !strategyAllowed) {
const additionalInfo = (!strategy && ' (no `strategy` set)') ||
(!strategyAllowed && ' (strategy not allowed in authStrategies)') || '';
// If there are no valid strategies or `authentication` is not an object
throw new NotAuthenticated('Invalid authentication information' + additionalInfo);
}
and as expected strategyAllowed is false because "jwt" is not allowed in "device-jwt"
Is there a better way to go about this? Is there a way to utilize express next() functionality to validate the request and pass it to the correct authentication service?

Need to add more than usernameField in feathersjs

I'm new to feathersjs I'm building a backend server using it, and need to add 2 ways of local authentication, by email, or mobile
I've already added new local to the config/default.json as the following
"local-mobile": {
"usernameField": "mobile",
"passwordField": "password"
},
here's my authentication.js file
const { AuthenticationService, JWTStrategy } = require('#feathersjs/authentication');
const { LocalStrategy } = require('#feathersjs/authentication-local');
const { expressOauth } = require('#feathersjs/authentication-oauth');
module.exports = app => {
const authentication = new AuthenticationService(app);
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
authentication.register('local-mobile', new LocalStrategy());
app.use('/authentication', authentication);
app.configure(expressOauth());
};
in src/authentication
But when I send a post request to the authentication endpoint using postman with the following body
{
"strategy":"local-mobile",
"mobile":".......",
"password":"........"
}
the response is coming
{
"name": "NotAuthenticated",
"message": "Invalid authentication information",
"code": 401,
"className": "not-authenticated",
"errors": {}
}
any Idea ?
If you want to allow authentication through the authenticate endpoint, the strategy also has to be added to the authStrategies configuration setting in your config/default.json (feathers-chat example):
{
"authentication": {
// ...
"authStrategies": [
"jwt",
"local",
"local-mobile",
]
}
// ...
}

Joi validation feathersjs

I have a feathersjs API with a messages service. I want to validate the message model with feathers-hooks-validate-joi module.
Here is my messages-hooks.js file:
const validate = require('feathers-hooks-validate-joi');
const schema = require('./messages.validator');
module.exports = {
before: {
create: [validate.form(schema)],
//others method fields
},
after: {...},
error: {...}
};
Here is my messages.validator.js file:
const Joi = require('joi');
const schema = Joi.object().keys({
name: Joi.string().trim().min(2).required(),
text: Joi.string().trim().min(2).required()
});
module.exports = {schema};
When I try to post a message via curl:
curl 'http://localhost:3030/messages/' -H 'Content-Type: application/json' --data-binary '{ "name": "Hello", "text": "World" }'
I receive this error message:
{
"name": "BadRequest",
"message": "Invalid data",
"code": 400,
"className": "bad-request",
"data": {},
"errors": {
"name": "\"name\" is not allowed",
"text": "\"text\" is not allowed"
}
}
Am I missing something? Am I using the feathers hook correctly?
module.exports = {schema};
This should be:
module.exports = schema;
shouldn't it?
Alternatively, your require statement should be changed to:
const {schema } = require('./messages.validator');

Use API's URL to receive json

I am accessing the api of world weather online. I have configured the url and it is displayed below-
http://api.worldweatheronline.com/premium/v1/marine.ashx?key=XXXXXXXXXXXXXXXX&q=-34.48,150.92&format=json
Note: my API key is displayed as XXXXXXXXXXXX and this is returning the following:
{
"data": {
"request": [],
"weather": [
{
"date": "2016-11-20",
"astronomy": [],
"maxtempC": "27",
"maxtempF": "80",
"mintempC": "15",
"mintempF": "58",
"hourly": [
{
"time": "0",
"tempC": "15",
...
I want to GET this json in JS and then log the value of TempC.
How can this be done?
The simplest way would be using request. You can install it with npm install request
const request = require('request')
const apiKey = 'XXXXXXXX'
let url = 'http://api.worldweatheronline.com/premium/v1/marine.ashx'
let qs = {
q: '-34.48,150.92',
format: 'json',
key: apiKey
}
request({ url, qs }, (err, response, body) => {
if (err)
return console.error(err)
if (response.statusCode != 200)
return console.error('status:', response.statusCode, body)
body = JSON.parse(body)
console.log(body.data.weather[0].hourly[0].tempC)
})