Add support for auth0

CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.7)
-set(CMAKE_C_STANDARD 11)
 
-project(sist2 C)
+project(sist2)
+set(CMAKE_C_STANDARD 11)
 
 option(SIST_DEBUG "Build a debug executable" on)
 option(SIST_FAST "Enable more optimisation flags" off)
@@ -40,9 +40,12 @@ add_executable(sist2
         src/stats.c src/stats.h src/ctx.c
         src/parsing/sidecar.c src/parsing/sidecar.h
 
+        src/auth0/auth0_c_api.h src/auth0/auth0_c_api.cpp
+
         # argparse
         third-party/argparse/argparse.h third-party/argparse/argparse.c
         )
+set_target_properties(sist2 PROPERTIES LINKER_LANGUAGE C)
 
 target_link_directories(sist2 PRIVATE BEFORE ${_VCPKG_INSTALLED_DIR}/${VCPKG_TARGET_TRIPLET}/lib/)
 set(CMAKE_FIND_LIBRARY_SUFFIXES .a .lib)

docs/USAGE.md

@@ -74,6 +74,10 @@ Web options
     --es-index=<str>                  Elasticsearch index name. DEFAULT=sist2
     --bind=<str>                      Listen on this address. DEFAULT=localhost:4090
     --auth=<str>                      Basic auth in user:password format
+    --auth0-audience=<str>            API audience/identifier
+    --auth0-domain=<str>              Application domain
+    --auth0-client-id=<str>           Application client ID
+    --auth0-public-key-file=<str>     Path to Auth0 public key file extracted from <domain>/pem
     --tag-auth=<str>                  Basic auth in user:password format for tagging
     --tagline=<str>                   Tagline in navbar
     --dev                             Serve html & js files from disk (for development)
@@ -268,6 +272,7 @@ sist2 index --print ./my_index/ | jq | less
  * `--dev` Serve html & js files from disk (for development, used to modify frontend files without having to recompile)
  * `--lang=<str>` Set the default web UI language (See #180 for a list of supported languages, default
    is `en`). The user can change the language in the configuration page
+ * `--auth0-audience`, `--auth0-domain`, `--auth0-client-id`, `--auth0-public-key-file` See [Authentication with Auth0](auth0.md)
 
 ### Web examples
 

docs/auth0.md

@@ -0,0 +1,19 @@
+
+# Authentication with Auth0
+
+1. Create a new Auth0 application (Single page app)
+2. Create a new Auth0 API:
+   1. Choose `RS256` signing algorithm
+   2. Set identifier (audience) to `https://sist2`
+3. Download the Auth0 certificate from https://<domain>.auth0.com/pem (you can find the domain Applications->Basic information)
+4. Extract the public key from the certificate using `openssl x509 -pubkey -noout -in cert.pem > pubkey.txt`
+5. Start the sist2 web server
+
+Example options:
+```bash
+sist2 web \
+  --auth0-client-id XXX \
+  --auth0-audience https://sist2 \
+  --auth0-domain YYY.auth0.com \
+  --auth0-public-key-file /ZZZ/pubkey.txt
+```

sist2-admin/frontend/dist/index.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="favicon.ico"><title>sist2-admin</title><link href="css/app.0f0b676b.css" rel="preload" as="style"><link href="css/chunk-vendors.aa66c7e8.css" rel="preload" as="style"><link href="js/app.b34f501e.js" rel="preload" as="script"><link href="js/chunk-vendors.fad0ee6a.js" rel="preload" as="script"><link href="css/chunk-vendors.aa66c7e8.css" rel="stylesheet"><link href="css/app.0f0b676b.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but sist2-admin-vue doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="js/chunk-vendors.fad0ee6a.js"></script><script src="js/app.b34f501e.js"></script></body></html>
+<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="favicon.ico"><title>sist2-admin</title><link href="css/app.css" rel="preload" as="style"><link href="css/chunk-vendors.css" rel="preload" as="style"><link href="js/app.js" rel="preload" as="script"><link href="js/chunk-vendors.js" rel="preload" as="script"><link href="css/chunk-vendors.css" rel="stylesheet"><link href="css/app.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but sist2-admin-vue doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="js/chunk-vendors.js"></script><script src="js/app.js"></script></body></html>

sist2-admin/frontend/src/components/WebOptions.vue

@@ -34,6 +34,22 @@
     <label>{{ $t("webOptions.tagAuth") }}</label>
     <b-form-input v-model="options.tag_auth" @change="update()"></b-form-input>
 
+    <br>
+    <h5>Auth0 options</h5>
+    <label>{{ $t("webOptions.auth0Audience") }}</label>
+    <b-form-input v-model="options.auth0_audience" @change="update()"></b-form-input>
+
+    <label>{{ $t("webOptions.auth0Domain") }}</label>
+    <b-form-input v-model="options.auth0_domain" @change="update()"></b-form-input>
+
+    <label>{{ $t("webOptions.auth0ClientId") }}</label>
+    <b-form-input v-model="options.auth0_client_id" @change="update()"></b-form-input>
+
+    <label>{{ $t("webOptions.auth0PublicKey") }}</label>
+    <b-textarea rows="10" v-model="options.auth0_public_key" @change="update()"></b-textarea>
+
+
+
   </div>
 </template>
 

sist2-admin/frontend/src/i18n/messages.js

@@ -47,6 +47,7 @@ export default {
 
         selectJobs: "Select jobs",
         webOptions: {
+            title: "Web options",
             esUrl: "Elasticsearch URL",
             esIndex: "Elasticsearch index name",
             esInsecure: "Do not verify SSL connections to Elasticsearch.",

sist2-admin/frontend/src/views/Frontend.vue

@@ -48,7 +48,7 @@
 
       <br/>
 
-      <h4>{{ $t("jobOptions.title") }}</h4>
+      <h4>{{ $t("webOptions.title") }}</h4>
       <b-card>
         <WebOptions :options="frontend.web_options" :frontend-name="$route.params.name" @change="update()"></WebOptions>
       </b-card>

sist2-admin/frontend/vue.config.js

@@ -1,3 +1,5 @@
 module.exports = {
-    publicPath: ""
+    publicPath: "",
+    filenameHashing: false,
+    productionSourceMap: false,
 };

sist2-admin/sist2_admin/sist2.py

@@ -37,6 +37,11 @@ class WebOptions(BaseModel):
     tagline: str = "Lightning-fast file system indexer and search tool"
     dev: bool = False
     lang: str = "en"
+    auth0_audience: str = None
+    auth0_domain: str = None
+    auth0_client_id: str = None
+    auth0_public_key: str = None
+    auth0_public_key_file: str = None
 
     def __init__(self, **kwargs):
         super().__init__(**kwargs)
@@ -45,6 +50,14 @@ def args(self):
         args = ["web", f"--es-url={self.es_url}", f"--bind={self.bind}",
                 f"--tagline={self.tagline}", f"--lang={self.lang}"]
 
+        if self.auth0_audience:
+            args.append(f"--auth0-audience={self.auth0_audience}")
+        if self.auth0_domain:
+            args.append(f"--auth0-domain={self.auth0_domain}")
+        if self.auth0_client_id:
+            args.append(f"--auth0-client-id={self.auth0_client_id}")
+        if self.auth0_public_key_file:
+            args.append(f"--auth0-public-key-file={self.auth0_public_key_file}")
         if self.es_insecure_ssl:
             args.append(f"--es-insecure-ssl")
         if self.auth:
@@ -283,6 +296,14 @@ def _consume_logs_stdout(logs_cb, proc):
             # pipe_wrapper.close()
 
     def web(self, options: WebOptions, name: str):
+
+        if options.auth0_public_key:
+            with NamedTemporaryFile("w", prefix="sist2-admin", suffix=".txt", delete=False) as f:
+                f.write(options.auth0_public_key)
+            options.auth0_public_key_file = f.name
+        else:
+            options.auth0_public_key_file = None
+
         args = [
             self._bin_path,
             *options.args()