fix: use char(36) with golang uuid instead of sql uuid type (#78 )

resolves #77
feat: add instruction for railway.app
2021-12-14 22:57:45 +05:30 · 2021-12-11 23:07:19 +05:30 · 2021-12-11 06:45:15 +05:30 · 2021-12-11 06:41:35 +05:30 · 2021-12-09 09:17:32 +05:30
10 changed files with 70 additions and 16 deletions
--- a/4
+++ b/4
@@ -4,4 +4,6 @@ VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 cmd:
 	cd server && go build -ldflags "-w -X main.Version=$(VERSION)" -o '../build/server'
 clean:
-	rm -rf build
+	rm -rf build
+test:
+	cd server && go test ./...
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ This guide helps you practice using Authorizer to evaluate it before you use it
 - [Install using source code](#install-using-source-code)
 - [Install using binaries](#install-using-binaries)
 - [Install instance on heroku](#install-instance-on-Heroku)
+- [Install instance on railway.app](#install-instance-on-railway)

 ## Install using source code

@@ -134,12 +135,19 @@ Deploy Authorizer using [heroku](https://github.com/authorizerdev/authorizer-her
 <br/><br/>
 [![Deploy to Heroku](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/authorizerdev/authorizer-heroku)

+# Install instance on railway
+
+Deploy production ready Authorizer instance using [railway.app](https://github.com/authorizerdev/authorizer-railway) with postgres and redis for free and build with it in 30seconds
+<br/>
+
+[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/new/template?template=https%3A%2F%2Fgithub.com%2Fauthorizerdev%2Fauthorizer-railway&plugins=postgresql%2Credis&envs=ENV%2CDATABASE_TYPE%2CADMIN_SECRET%2CCOOKIE_NAME%2CJWT_ROLE_CLAIM%2CJWT_TYPE%2CJWT_SECRET%2CFACEBOOK_CLIENT_ID%2CFACEBOOK_CLIENT_SECRET%2CGOOGLE_CLIENT_ID%2CGOOGLE_CLIENT_SECRET%2CGITHUB_CLIENT_ID%2CGITHUB_CLIENT_SECRET%2CALLOWED_ORIGINS%2CROLES%2CPROTECTED_ROLES%2CDEFAULT_ROLES&optionalEnvs=FACEBOOK_CLIENT_ID%2CFACEBOOK_CLIENT_SECRET%2CGOOGLE_CLIENT_ID%2CGOOGLE_CLIENT_SECRET%2CGITHUB_CLIENT_ID%2CGITHUB_CLIENT_SECRET%2CALLOWED_ORIGINS%2CROLES%2CPROTECTED_ROLES%2CDEFAULT_ROLES&ENVDesc=Deployment+environment&DATABASE_TYPEDesc=With+railway+we+are+deploying+postgres+db&ADMIN_SECRETDesc=Secret+to+access+the+admin+apis&COOKIE_NAMEDesc=Name+of+http+only+cookie+that+will+be+used+as+session&FACEBOOK_CLIENT_IDDesc=Facebook+client+ID+for+facebook+login&FACEBOOK_CLIENT_SECRETDesc=Facebook+client+secret+for+facebook+login&GOOGLE_CLIENT_IDDesc=Google+client+ID+for+google+login&GOOGLE_CLIENT_SECRETDesc=Google+client+secret+for+google+login&GITHUB_CLIENT_IDDesc=Github+client+ID+for+github+login&GITHUB_CLIENT_SECRETDesc=Github+client+secret+for+github+login&ALLOWED_ORIGINSDesc=Whitelist+the+URL+for+which+this+instance+of+authorizer+is+allowed&ROLESDesc=Comma+separated+list+of+roles+that+platform+supports.+Default+role+is+user&PROTECTED_ROLESDesc=Comma+separated+list+of+protected+roles+for+which+sign-up+is+disabled&DEFAULT_ROLESDesc=Default+role+that+should+be+assigned+to+user.+It+should+be+one+from+the+list+of+%60ROLES%60+env.+Default+role+is+user&JWT_ROLE_CLAIMDesc=JWT+key+to+be+used+to+validate+the+role+field.&JWT_TYPEDesc=JWT+encryption+type&JWT_SECRETDesc=Random+string+that+will+be+used+for+encrypting+the+JWT+token&ENVDefault=PRODUCTION&DATABASE_TYPEDefault=postgres&COOKIE_NAMEDefault=authorizer&JWT_TYPEDefault=HS256&JWT_ROLE_CLAIMDefault=role)
+
 ### Things to consider

 - For social logins, you will need respective social platform key and secret
 - For having verified users, you will need an SMTP server with an email address and password using which system can send emails. The system will send a verification link to an email address. Once an email is verified then, only able to access it.
  > Note: One can always disable the email verification to allow open sign up, which is not recommended for production as anyone can use anyone's email address 😅
- For persisting user sessions, you will need Redis URL. If you do not configure a Redis server, sessions will be persisted until the instance is up or not restarted. For better response time on authorization requests/middleware, we recommend deploying Redis on the same infra/network as your authorizer server.
+- For persisting user sessions, you will need Redis URL (not in case of railway.app). If you do not configure a Redis server, sessions will be persisted until the instance is up or not restarted. For better response time on authorization requests/middleware, we recommend deploying Redis on the same infra/network as your authorizer server.

 ## Integrating into your website

@@ -180,3 +188,9 @@ This example demonstrates how you can use [`@authorizerdev/authorizer-js`](/auth
 	onLoad();
 </script>
 ```
+
+---
+
+### Support my work
+
+<a href="https://www.buymeacoffee.com/lakhansamani" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
--- a/server/db/roles.go
+++ b/server/db/roles.go
@@ -9,7 +9,7 @@ import (
 )

 type Role struct {
-	ID   uuid.UUID `gorm:"type:uuid;"`
+	ID   uuid.UUID `gorm:"primaryKey;type:char(36)"`
 	Role string    `gorm:"unique"`
 }

--- a/server/db/session.go
+++ b/server/db/session.go
@@ -9,8 +9,8 @@ import (
 )

 type Session struct {
-	ID        uuid.UUID `gorm:"type:uuid;"`
-	UserID    uuid.UUID `gorm:"type:uuid;"`
+	ID        uuid.UUID `gorm:"primaryKey;type:char(36)"`
+	UserID    uuid.UUID `gorm:"type:char(36)"`
 	User      User
 	UserAgent string
 	IP        string
--- a/server/db/user.go
+++ b/server/db/user.go
@@ -10,16 +10,16 @@ import (
 )

 type User struct {
-	ID              uuid.UUID `gorm:"type:uuid;"`
+	ID              uuid.UUID `gorm:"primaryKey;type:char(36)"`
 	FirstName       string
 	LastName        string
 	Email           string `gorm:"unique"`
-	Password        string
+	Password        string `gorm:"type:text"`
 	SignupMethod    string
 	EmailVerifiedAt int64
-	CreatedAt       int64 `gorm:"autoCreateTime"`
-	UpdatedAt       int64 `gorm:"autoUpdateTime"`
-	Image           string
+	CreatedAt       int64  `gorm:"autoCreateTime"`
+	UpdatedAt       int64  `gorm:"autoUpdateTime"`
+	Image           string `gorm:"type:text"`
 	Roles           string
 }

--- a/server/db/verificationRequests.go
+++ b/server/db/verificationRequests.go
@@ -9,8 +9,8 @@ import (
 )

 type VerificationRequest struct {
-	ID         uuid.UUID `gorm:"type:uuid;"`
-	Token      string    `gorm:"index"`
+	ID         uuid.UUID `gorm:"primaryKey;type:char(36)"`
+	Token      string    `gorm:"type:text"`
 	Identifier string
 	ExpiresAt  int64
 	CreatedAt  int64  `gorm:"autoCreateTime"`
--- a/server/handlers/oauthCallback.go
+++ b/server/handlers/oauthCallback.go
@@ -40,7 +40,7 @@ func processGoogleUserInfo(code string) (db.User, error) {
 	// Parse and verify ID Token payload.
 	idToken, err := verifier.Verify(ctx, rawIDToken)
 	if err != nil {
-		return user, fmt.Errorf("unable to verify id_token:", err.Error())
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
 	}

 	// Extract custom claims
--- a/server/utils/cookie.go
+++ b/server/utils/cookie.go
@@ -11,15 +11,23 @@ func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
 	host := GetHostName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}

 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", domain, secure, httpOnly)
 }

 func GetCookie(gc *gin.Context) (string, error) {
 	cookie, err := gc.Request.Cookie(constants.COOKIE_NAME)
 	if err != nil {
-		return "", err
+		cookie, err = gc.Request.Cookie(constants.COOKIE_NAME + "-client")
+		if err != nil {
+			return "", err
+		}
 	}

 	return cookie.Value, nil
@@ -29,8 +37,13 @@ func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true

-	host := GetHostName(constants.AUTHORIZER_URL)
+	host := GetDomainName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}

 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", domain, secure, httpOnly)
 }
--- a/server/utils/urls.go
+++ b/server/utils/urls.go
@@ -17,7 +17,7 @@ func GetHostName(auth_url string) string {
 	return host
 }

-// function to get domain name
+// GetDomainName function to get domain name
 func GetDomainName(auth_url string) string {
 	u, err := url.Parse(auth_url)
 	if err != nil {
--- a/server/utils/urls_test.go
+++ b/server/utils/urls_test.go
@@ -0,0 +1,25 @@
+package utils
+
+import "testing"
+
+func TestGetHostName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetHostName(authorizer_url)
+	want := "test.herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %s, wanted %s", got, want)
+	}
+}
+
+func TestGetDomainName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetDomainName(authorizer_url)
+	want := "herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %q, wanted %q", got, want)
+	}
+}
Author	SHA1	Message	Date
Lakhan Samani	155d2e65c2	fix: use char(36) with golang uuid instead of sql uuid type (#78 ) resolves #77	2021-12-14 22:57:45 +05:30
Lakhan Samani	4d341e9876	feat: add instruction for railway.app	2021-12-11 23:07:19 +05:30
Lakhan Samani	1761f41691	fix: read cookieName-client if cookie with cookieName is not present	2021-12-11 06:45:15 +05:30
Lakhan Samani	00565c8717	Fix/cookie host (#76 ) * fix: cookie host * feat: add test for url utils * fix: url test * fix: multi domain cookie if allowed	2021-12-11 06:41:35 +05:30
Lakhan Samani	74a551ae09	Update README.md	2021-12-09 09:17:32 +05:30