Merge branch 'develop' of github.com:thecodingmachine/workadventure into refactor_wokas

pusher/Dockerfile

@@ -1,17 +1,23 @@
+# The building of ProtoBuf "messages" must be done out of Docker because grpc-node does not ship with ARM64 binaries.
+# See: https://github.com/grpc/grpc-node/issues/1405
+# When the issue above is closed, we can move back messages building inside Dockerfile
+
 # protobuf build
-FROM node:14.18.2-buster-slim@sha256:20bedf0c09de887379e59a41c04284974f5fb529cf0e13aab613473ce298da3d as builder
-WORKDIR /usr/src
-COPY messages .
-RUN yarn install && yarn proto
+#FROM node:14.18.2-buster-slim@sha256:20bedf0c09de887379e59a41c04284974f5fb529cf0e13aab613473ce298da3d as proto-builder
+#WORKDIR /usr/src
+#COPY messages/yarn.lock messages/package.json ./
+#RUN yarn install
+#COPY messages .
+#RUN yarn proto
 
 # typescript build
-FROM node:14.18.2-buster-slim@sha256:20bedf0c09de887379e59a41c04284974f5fb529cf0e13aab613473ce298da3d as builder2
+FROM node:14.18.2-buster-slim@sha256:20bedf0c09de887379e59a41c04284974f5fb529cf0e13aab613473ce298da3d as builder
 WORKDIR /usr/src
 COPY pusher/yarn.lock pusher/package.json ./
 RUN yarn install
 COPY pusher .
-COPY --from=builder /usr/src/generated src/Messages/generated
-COPY --from=builder /usr/src/JsonMessages src/Messages/JsonMessages
+#COPY --from=proto-builder /usr/src/generated src/Messages/generated
+#COPY --from=proto-builder /usr/src/JsonMessages src/Messages/JsonMessages
 ENV NODE_ENV=production
 RUN yarn run tsc
 
@@ -19,9 +25,9 @@ RUN yarn run tsc
 FROM node:14.18.2-buster-slim@sha256:20bedf0c09de887379e59a41c04284974f5fb529cf0e13aab613473ce298da3d
 WORKDIR /usr/src
 COPY pusher/yarn.lock pusher/package.json ./
-COPY --from=builder2 /usr/src/dist /usr/src/dist
 ENV NODE_ENV=production
 RUN yarn install --production
+COPY --from=builder /usr/src/dist /usr/src/dist
 
 USER node
 CMD ["yarn", "run", "runprod"]

pusher/src/Controller/AuthenticateController.ts

@@ -140,7 +140,13 @@ export class AuthenticateController extends BaseHttpController {
                         }
 
                         const resCheckTokenAuth = await openIDClient.checkTokenAuth(authTokenData.accessToken);
-                        return res.json({ ...resCheckTokenAuth, ...resUserData, authToken: token });
+                        return res.json({
+                            ...resCheckTokenAuth,
+                            ...resUserData,
+                            authToken: token,
+                            username: authTokenData?.username,
+                            locale: authTokenData?.locale,
+                        });
                     } catch (err) {
                         console.info("User was not connected", err);
                     }
@@ -161,13 +167,18 @@ export class AuthenticateController extends BaseHttpController {
                 if (!email) {
                     throw new Error("No email in the response");
                 }
-                const authToken = jwtTokenManager.createAuthToken(email, userInfo?.access_token);
+                const authToken = jwtTokenManager.createAuthToken(
+                    email,
+                    userInfo?.access_token,
+                    userInfo?.username,
+                    userInfo?.locale
+                );
 
                 //Get user data from Admin Back Office
                 //This is very important to create User Local in LocalStorage in WorkAdventure
                 const data = await this.getUserByUserIdentifier(email, playUri as string, IPAddress);
 
-                return res.json({ ...data, authToken });
+                return res.json({ ...data, authToken, username: userInfo?.username, locale: userInfo?.locale });
             } catch (e) {
                 console.error("openIDCallback => ERROR", e);
                 return this.castErrorToResponse(e, res);
@@ -204,7 +215,7 @@ export class AuthenticateController extends BaseHttpController {
                 console.error("openIDCallback => logout-callback", error);
             }
 
-            return res.status(200).send('');
+            return res.status(200).send("");
         });
     }
 

pusher/src/Enum/EnvironmentVariable.ts

@@ -18,6 +18,9 @@ export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
 export const OPID_CLIENT_REDIRECT_URL = process.env.OPID_CLIENT_REDIRECT_URL || FRONT_URL + "/jwt";
 export const OPID_PROFILE_SCREEN_PROVIDER = process.env.OPID_PROFILE_SCREEN_PROVIDER || ADMIN_URL + "/profile";
+export const OPID_SCOPE = process.env.OPID_SCOPE || "openid email";
+export const OPID_USERNAME_CLAIM = process.env.OPID_USERNAME_CLAIM || "username";
+export const OPID_LOCALE_CLAIM = process.env.OPID_LOCALE_CLAIM || "locale";
 export const DISABLE_ANONYMOUS: boolean = process.env.DISABLE_ANONYMOUS === "true";
 
 // If set to the string "true", the /openapi route will return the OpenAPI definition and the swagger-ui/ route will display the documentation

pusher/src/Services/JWTTokenManager.ts

@@ -5,6 +5,8 @@ import { InvalidTokenError } from "../Controller/InvalidTokenError";
 export interface AuthTokenData {
     identifier: string; //will be a email if logged in or an uuid if anonymous
     accessToken?: string;
+    username?: string;
+    locale?: string;
 }
 export interface AdminSocketTokenData {
     authorizedRoomIds: string[]; //the list of rooms the client is authorized to read from.
@@ -16,8 +18,8 @@ class JWTTokenManager {
         return Jwt.verify(token, ADMIN_SOCKETS_TOKEN) as AdminSocketTokenData;
     }
 
-    public createAuthToken(identifier: string, accessToken?: string) {
-        return Jwt.sign({ identifier, accessToken }, SECRET_KEY, { expiresIn: "30d" });
+    public createAuthToken(identifier: string, accessToken?: string, username?: string, locale?: string) {
+        return Jwt.sign({ identifier, accessToken, username, locale }, SECRET_KEY, { expiresIn: "30d" });
     }
 
     public verifyJWTToken(token: string, ignoreExpiration: boolean = false): AuthTokenData {

pusher/src/Services/OpenIDClient.ts

@@ -4,6 +4,9 @@ import {
     OPID_CLIENT_SECRET,
     OPID_CLIENT_ISSUER,
     OPID_CLIENT_REDIRECT_URL,
+    OPID_USERNAME_CLAIM,
+    OPID_LOCALE_CLAIM,
+    OPID_SCOPE,
 } from "../Enum/EnvironmentVariable";
 
 class OpenIDClient {
@@ -25,8 +28,11 @@ class OpenIDClient {
 
     public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
         return this.initClient().then((client) => {
+            if (!OPID_SCOPE.includes("email") || !OPID_SCOPE.includes("openid")) {
+                throw new Error("Invalid scope, 'email' and 'openid' are required in OPID_SCOPE.");
+            }
             return client.authorizationUrl({
-                scope: "openid email",
+                scope: OPID_SCOPE,
                 prompt: "login",
                 state: state,
                 nonce: nonce,
@@ -36,7 +42,10 @@ class OpenIDClient {
         });
     }
 
-    public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string }> {
+    public getUserInfo(
+        code: string,
+        nonce: string
+    ): Promise<{ email: string; sub: string; access_token: string; username: string; locale: string }> {
         return this.initClient().then((client) => {
             return client.callback(OPID_CLIENT_REDIRECT_URL, { code }, { nonce }).then((tokenSet) => {
                 return client.userinfo(tokenSet).then((res) => {
@@ -45,6 +54,8 @@ class OpenIDClient {
                         email: res.email as string,
                         sub: res.sub,
                         access_token: tokenSet.access_token as string,
+                        username: res[OPID_USERNAME_CLAIM] as string,
+                        locale: res[OPID_LOCALE_CLAIM] as string,
                     };
                 });
             });