Oauth support

Makefile

@@ -13,6 +13,7 @@ PACKAGEVERSIONSUFFIX := -$(shell uname)-$(shell uname -m)
 # list of modules
 MODULES += dashboard
 MODULES += search
+MODULES += auth
 MODULES += depends
 MODULES += depends/nodejs
 MODULES += gui/backend

auth/.module.install

@@ -0,0 +1,4 @@
+mindbender-auth                         bin/mindbender.d/
+start-mongodb                           bin/mindbender.d/
+stop-mongodb                            bin/mindbender.d/
+

auth/README.md

@@ -0,0 +1,63 @@
+# Authentication and Authorization
+
+It is possible to use Mindbender with authentication and grant access only
+to users which you have authorized.
+
+## Authentication
+
+You first have to create an account at
+```
+https://console.developers.google.com/project
+```
+
+*  Select ```APIs & auth``` on the left, and then ```Credentials```.
+*  Click ```Add Credentials```. Choose a name.
+*  Add an ```Authorized JavaScript origin```. For testing, add
+   ```
+   http://localhost:8000
+   ```
+*  Add an ```Authorized redirect URI```. For testing, add
+   ```
+   http://localhost:8000/auth/google/callback
+   ```
+*  Copy the Client ID and Client secret shown at the top into your
+   ```
+   mindbender/auth/auth-api.coffee
+   ```
+*  Finally, choose if you would like to require users to authenticate
+   by setting
+   ```
+   REQUIRES_LOGIN = true
+   ```
+
+## Authorization
+
+In addition to requiring users to authenticate, you can also
+selectively grant access to some users.
+
+*  Make sure you are running the authorization mongo backend, by
+   executing
+   ```
+   mindbender auth start
+   ```
+   Note: You can run ```mindbender auth stop``` to quit this backend.
+
+*  In ```mindbender/auth/auth-api.coffee``` set variable ```AUTHORIZED_ONLY = true```.
+
+*  Now you can use the following commands to define your set of authorized
+   users.
+
+   ```
+   # Show authorized users:
+   curl http://localhost:8000/api/auth/authorized
+
+   # Add authorized user:
+   curl -H "Content-Type: application/json" -d '{"googleID":"000000000000000000000"}' http://localhost:8000/api/auth/authorized
+
+   # Remove authorized user:
+   curl -X DELETE http://localhost:8000/api/auth/authorized/000000000000000000000
+   ```
+*  Users will see their Google ID when their login fails, with a message to
+   request access by sending an email to ```REQUEST_EMAIL```.
+
+

auth/mindbender-auth

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# mindbender-auth -- Creates and maintains database of authorized users
+# 
+# To launch the database:
+# $ mindbender auth start
+# 
+set -eu
+set -o pipefail
+
+# parse command-line args
+case ${1:-} in
+      start)
+          ${MONGODB_RUNNING:-false} ||
+              exec start-mongodb
+          Action=$1; shift
+          ;;
+      stop)
+          exec stop-mongodb
+          Action=$1; shift
+          ;;
+     *)
+        usage "$0" "Invalid action given: gui, update, status, or drop"
+esac
+

auth/start-mongodb

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+# start-mongodb -- Launches mongod instance 
+# $ start-mongodb
+# Sets environment MONGODB_RUNNING=true when running COMMAND.
+#
+# Modeled after search/keep-elasticsearch-during.
+##
+# Author: Raphael Hoffmann
+# Created: 2015-09-18
+set -eu
+
+# default settings
+: ${MONGODB_BASEURL:=http://localhost:27017} # TODO randomize port?
+: ${MONGODB_HOME:="$PWD"/auth}
+
+# make sure mongodb instance is available
+mongodb-is-up() {
+    STDERR=$(mongo --eval "printjson(db.isMaster())" 2>&1 >/dev/null)
+    if [[ -z "$STDERR" ]]; then
+      return 0   # true
+    else
+      return 1   # false
+    fi
+}
+case $MONGODB_BASEURL in
+    http://localhost:*)
+        port=${MONGODB_BASEURL#http://localhost:}
+        port=${port%%/*}
+        # make sure search repo is initialized
+        mkdir -p "$MONGODB_HOME"/{config,data,logs,data/db}
+        [[ -e "$MONGODB_HOME"/config/mongod.yml ]] || cp -f "$MINDBENDER_HOME"/depends/bundled/mongodb/prefix/*/config/mongod.yml "$MONGODB_HOME"/config/
+        terminate-local-mongodb() {
+            local pidfile="$MONGODB_HOME"/mongodb.pid
+            local pid=$(cat "$pidfile" 2>/dev/null)
+            # kill the mongod process
+            [[ -z "$pid" ]] || kill -TERM $pid ||
+                # or just clean up the stale PID file if can't kill
+                rm -f "$MONGODB_HOME"/mongodb.pid
+        }
+        # terminate if something's running locally but perhaps on a different port
+        if [[ -e "$MONGODB_HOME"/mongodb.pid ]]; then
+            mongodb-is-up || terminate-local-mongodb
+        fi
+        # if no instance is running here yet
+        if ! [[ -e "$MONGODB_HOME"/mongodb.pid ]]; then
+            if mongodb-is-up; then
+                # port may be occupied
+                error "$port: port is already used, try another one, e.g.: export MONGODB_BASEURL=http://localhost:270${RANDOM:0:2}"
+            else
+                # launch an isolated elasticsearch
+                msg "Launching Mongodb for $MONGODB_BASEURL from $MONGODB_HOME"
+                mOpts+=(
+                    #--fork
+                    # in background with a PID file
+                    --pidfilepath "$MONGODB_HOME"/mongodb.pid
+
+                    # some paths outside path.home
+                    --config "$MONGODB_HOME"/config/mongod.yml
+                    --dbpath "$MONGODB_HOME"/data/db
+                    --logpath "$MONGODB_HOME"/logs/log
+
+                    # override ports
+                    --port $port
+                )
+                mongod "${mOpts[@]:-}" &
+            fi
+        fi
+        # wait until the instance boots up
+        until mongodb-is-up; do sleep 0.$RANDOM; done
+        ;;
+
+    *)
+        # skip setup since MONGODB_BASEURL is not localhost
+        # make sure the mongodb instance is there
+        mongodb-is-up ||
+            error "$MONGODB_BASEURL: Mongodb not responding"
+esac
+
+# run given command
+export MONGODB_BASEURL MONGODB_HOME MONGODB_RUNNING=true

auth/stop-mongodb

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# stop-mongodb -- Stops mongod instance 
+# $ stop-mongodb
+#
+# Modeled after search/keep-elasticsearch-during.
+##
+# Author: Raphael Hoffmann
+# Created: 2015-09-18
+set -eu
+
+# default settings
+: ${MONGODB_BASEURL:=http://localhost:27017} # TODO randomize port?
+: ${MONGODB_HOME:="$PWD"/auth}
+
+# make sure mongodb instance is available
+mongodb-is-up() {
+    mongo --eval "printjson(db.isMaster())" >/dev/null
+}
+case $MONGODB_BASEURL in
+    http://localhost:*)
+        terminate-local-mongodb() {
+            local pidfile="$MONGODB_HOME"/mongodb.pid
+            local pid=$(cat "$pidfile" 2>/dev/null)
+            echo "terminating pid $pid"
+            # kill the mongod process
+            [[ -z "$pid" ]] || {
+                kill -TERM $pid 
+                rm -f "$MONGODB_HOME"/mongodb.pid
+            }
+        }
+        # terminate if something's running locally but perhaps on a different port
+        if [[ -e "$MONGODB_HOME"/mongodb.pid ]]; then
+            terminate-local-mongodb
+        fi
+        ;;
+
+    *)
+        # skip setup since MONGODB_BASEURL is not localhost
+        # make sure the mongodb instance is there
+        error "$MONGODB_BASEURL: Not on localhost, cannot stop"
+esac
+

depends/bundle.conf

@@ -1,5 +1,6 @@
 ### List of Embedded Dependencies
 
+mongodb
 nodejs
 elasticsearch
 jq

depends/bundled/mongodb.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# install mongo 
+set -eu
+
+version=${DEPENDS_ON_MONGODB_VERSION:-3.0.6}
+
+self=$0
+name=`basename "$0" .sh`
+
+download() {
+    local url=$1; shift
+    local file=$1; shift
+    [ -s "$file" ] || curl -C- -RLO "$url"
+}
+
+# determine os and arch for downloading
+os=$(uname -s)
+case $os in
+    Darwin) os=osx ;;
+    Linux)  os=linux  ;;
+    *)
+        echo >&2 "$os: Unsupported operating system"
+        os=
+esac
+if [ -z "$os" ]; then
+    arch=
+else
+    arch=$(uname -m)
+    case $arch in
+        x86_64|amd64)
+            arch=x86_64 ;;
+        i686|i386|i86pc)
+            arch=i686 ;;
+        *)
+            echo >&2 "$arch: Unsupported architecture"
+            os= arch=
+    esac
+fi
+
+if [ -n "$os" -a -n "$arch" ]; then
+    # download binary distribution
+    fullname="mongodb-${os}-${arch}-${version}"
+    tarball="${fullname}.tgz"
+    download "https://fastdl.mongodb.org/${os}/${tarball}" "$tarball"
+    mkdir -p prefix
+    tar xf "$tarball" -C prefix
+fi
+
+# place symlinks for commands under $DEPENDS_PREFIX/bin/
+symlink-under-depends-prefix bin -x prefix/"$fullname"/bin/*
+

gui/backend/.module.install

@@ -3,6 +3,7 @@ mindbender-utils.coffee                 gui/
 mindtagger/                             gui/
 dashboard/                              gui/
 search/                                 gui/
+auth/                                   gui/
 
 extensions.js                           gui/files/mindbender/
 extensions.coffee                       gui/files/mindbender/