WIP

Author: MarceloRGonc

packages/react-ui/src/app/routes/cloud-connection/cloud-connection-page.tsx

@@ -33,18 +33,14 @@ const CloudConnectionPage = () => {
     if (!flags || isLoading) {
       return;
     }
-    const { FRONTEGG_URL, FRONTEGG_CLIENT_ID, FRONTEGG_APP_ID } = flags;
+    const { FRONTEGG_URL } = flags;
 
-    if (!FRONTEGG_URL || !FRONTEGG_CLIENT_ID || !FRONTEGG_APP_ID) {
+    if (!FRONTEGG_URL) {
       navigate('/');
       return;
     }
 
-    const app = initializeFrontegg(
-      FRONTEGG_URL as string,
-      FRONTEGG_CLIENT_ID as string,
-      FRONTEGG_APP_ID as string,
-    );
+    const app = initializeFrontegg(FRONTEGG_URL as string);
 
     app.ready(() => {
       app.store.subscribe(() => {

packages/react-ui/src/app/routes/cloud-connection/cloud-logout-page.tsx

@@ -30,18 +30,14 @@ const CloudLogoutPage = () => {
     if (!flags || isLoading) {
       return;
     }
-    const { FRONTEGG_URL, FRONTEGG_CLIENT_ID, FRONTEGG_APP_ID } = flags;
+    const { FRONTEGG_URL } = flags;
 
-    if (!FRONTEGG_URL || !FRONTEGG_CLIENT_ID || !FRONTEGG_APP_ID) {
+    if (!FRONTEGG_URL) {
       navigate('/');
       return;
     }
 
-    const app = initializeFrontegg(
-      FRONTEGG_URL as string,
-      FRONTEGG_CLIENT_ID as string,
-      FRONTEGG_APP_ID as string,
-    );
+    const app = initializeFrontegg(FRONTEGG_URL as string);
 
     Cookies.remove('cloud-token');
     Cookies.remove('cloud-refresh-token');

packages/react-ui/src/app/routes/cloud-connection/frontegg-setup.ts

@@ -1,23 +1,21 @@
-import { initialize } from '@frontegg/js';
+import { FronteggApp, initialize } from '@frontegg/js';
 
 export const additionalFronteggParams = {
   // Google OAuth 2.0: Prompt the user to select an account. https://developers.google.com/identity/protocols/oauth2/web-server#creatingclient
   prompt: 'select_account',
 };
 
-export const initializeFrontegg = (
-  FRONTEGG_URL: string,
-  FRONTEGG_CLIENT_ID: string,
-  FRONTEGG_APP_ID: string,
-) =>
-  initialize({
+export function initializeFrontegg(url: string, tenant?: string): FronteggApp {
+  const tenantResolver = tenant ? () => ({ tenant: tenant }) : undefined;
+
+  return initialize({
     contextOptions: {
-      baseUrl: FRONTEGG_URL as string,
-      clientId: FRONTEGG_CLIENT_ID as string,
-      appId: FRONTEGG_APP_ID as string,
+      baseUrl: url,
+      tenantResolver,
     },
     authOptions: {
       keepSessionAlive: true,
     },
     hostedLoginBox: true,
   });
+}

packages/server/api/src/app/flags/flag.service.ts

@@ -251,18 +251,6 @@ export const flagService = {
         created,
         updated,
       },
-      {
-        id: FlagId.FRONTEGG_CLIENT_ID,
-        value: system.get(AppSystemProp.FRONTEGG_CLIENT_ID),
-        created,
-        updated,
-      },
-      {
-        id: FlagId.FRONTEGG_APP_ID,
-        value: system.get(AppSystemProp.FRONTEGG_APP_ID),
-        created,
-        updated,
-      },
       {
         id: FlagId.CLOUD_CONNECTION_PAGE_ENABLED,
         value: system.getBoolean(AppSystemProp.CLOUD_CONNECTION_PAGE_ENABLED),

packages/server/api/src/app/flow-template/cloud-template.controller.ts

@@ -2,30 +2,26 @@ import {
   FastifyPluginAsyncTypebox,
   Type,
 } from '@fastify/type-provider-typebox';
-import { IdentityClient } from '@frontegg/client';
 import { AppSystemProp, logger, system } from '@openops/server-shared';
 import { ALL_PRINCIPAL_TYPES, OpenOpsId } from '@openops/shared';
-import { getCloudToken, getCloudUser } from '../user-info/cloud-auth';
+import { getVerifiedUser } from '../user-info/cloud-auth';
 import { flowTemplateService } from './flow-template.service';
 
 export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
   app,
 ) => {
-  const fronteggClientId = system.get(AppSystemProp.FRONTEGG_CLIENT_ID);
-  const fronteggApiKey = system.get(AppSystemProp.FRONTEGG_API_KEY);
+  const publicKey = system.get(AppSystemProp.FRONTEGG_PUBLIC_KEY);
+  const connectionPageEnabled = system.getBoolean(
+    AppSystemProp.CLOUD_CONNECTION_PAGE_ENABLED,
+  );
 
-  if (!fronteggClientId || !fronteggApiKey) {
+  if (!publicKey || !connectionPageEnabled) {
     logger.info(
       'Missing Frontegg configuration, disabling cloud templates API',
     );
     return;
   }
 
-  const identityClient = new IdentityClient({
-    FRONTEGG_CLIENT_ID: fronteggClientId,
-    FRONTEGG_API_KEY: fronteggApiKey,
-  });
-
   // cloud templates are available on any origin
   app.addHook('onSend', (request, reply, payload, done) => {
     void reply.header(
@@ -38,7 +34,6 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
       'Content-Type,Ops-Origin,Authorization',
     );
     void reply.header('Access-Control-Allow-Credentials', 'true');
-
     if (request.method === 'OPTIONS') {
       return reply.status(204).send();
     }
@@ -70,9 +65,8 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
       },
     },
     async (request) => {
-      const token = getCloudToken(request);
-
-      if (!(await getCloudUser(identityClient, token))) {
+      const user = getVerifiedUser(request, publicKey);
+      if (!user) {
         return flowTemplateService.getFlowTemplates({
           search: request.query.search,
           tags: request.query.tags,
@@ -120,8 +114,9 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
       },
     },
     async (request, reply) => {
-      const token = getCloudToken(request);
-      if (!(await getCloudUser(identityClient, token))) {
+      const user = getVerifiedUser(request, publicKey);
+
+      if (!user) {
         const template = await flowTemplateService.getFlowTemplate(
           request.params.id,
         );

packages/server/api/src/app/user-info/cloud-auth.ts

@@ -1,34 +1,28 @@
-import { IdentityClient } from '@frontegg/client';
-import {
-  IAccessToken,
-  IEntityWithRoles,
-} from '@frontegg/client/dist/src/clients/identity/types';
 import { FastifyRequest } from 'fastify';
+import jwt, { JwtPayload } from 'jsonwebtoken';
 
 const CLOUD_TOKEN_COOKIE_NAME = 'cloud-token';
 
-export const getCloudToken = (request: FastifyRequest): string | undefined => {
+const getCloudToken = (request: FastifyRequest): string | undefined => {
   let token = request.headers.authorization?.replace('Bearer ', '');
   if (!token) {
     token = request.cookies[CLOUD_TOKEN_COOKIE_NAME];
   }
   return token;
 };
 
-export async function getCloudUser(
-  identityClient: IdentityClient,
-  token?: string,
-): Promise<null | IEntityWithRoles | IAccessToken> {
+export function getVerifiedUser(
+  request: FastifyRequest,
+  publicKey: string,
+): string | JwtPayload | undefined {
+  const token = getCloudToken(request);
   if (!token) {
-    return null;
+    return undefined;
   }
 
   try {
-    const user = await identityClient.validateIdentityOnToken(token);
-    return user;
-  } catch (e) {
-    // eslint-disable-next-line no-console
-    console.error(e);
-    return null;
+    return jwt.verify(token, publicKey);
+  } catch {
+    return undefined;
   }
 }

packages/server/api/src/app/user-info/user-info.module.ts

@@ -1,29 +1,25 @@
 import { FastifyPluginAsyncTypebox } from '@fastify/type-provider-typebox';
-import { IdentityClient } from '@frontegg/client';
 import { AppSystemProp, logger, system } from '@openops/server-shared';
 import { ALL_PRINCIPAL_TYPES } from '@openops/shared';
-import { getCloudToken, getCloudUser } from './cloud-auth';
+import { getVerifiedUser } from './cloud-auth';
 
 export const userInfoModule: FastifyPluginAsyncTypebox = async (app) => {
   await app.register(userInfoController, { prefix: '/v1/user-info' });
 };
 
 export const userInfoController: FastifyPluginAsyncTypebox = async (app) => {
-  const fronteggClientId = system.get(AppSystemProp.FRONTEGG_CLIENT_ID);
-  const fronteggApiKey = system.get(AppSystemProp.FRONTEGG_API_KEY);
+  const publicKey = system.get(AppSystemProp.FRONTEGG_PUBLIC_KEY);
+  const connectionPageEnabled = system.getBoolean(
+    AppSystemProp.CLOUD_CONNECTION_PAGE_ENABLED,
+  );
 
-  if (!fronteggClientId || !fronteggApiKey) {
+  if (!publicKey || !connectionPageEnabled) {
     logger.info(
       'Missing Frontegg configuration, disabling cloud templates API',
     );
     return;
   }
 
-  const identityClient = new IdentityClient({
-    FRONTEGG_CLIENT_ID: fronteggClientId,
-    FRONTEGG_API_KEY: fronteggApiKey,
-  });
-
   // user-info is available on any origin
   app.addHook('onSend', (request, reply, payload, done) => {
     void reply.header(
@@ -53,8 +49,7 @@ export const userInfoController: FastifyPluginAsyncTypebox = async (app) => {
       },
     },
     async (request, reply) => {
-      const token = getCloudToken(request);
-      const user = await getCloudUser(identityClient, token);
+      const user = getVerifiedUser(request, publicKey);
 
       if (!user) {
         return reply.status(401).send();

packages/server/shared/src/lib/system/system-prop.ts

@@ -82,9 +82,7 @@ export enum AppSystemProp {
   SHOW_DEMO_HOME_PAGE = 'SHOW_DEMO_HOME_PAGE',
 
   FRONTEGG_URL = 'FRONTEGG_URL',
-  FRONTEGG_CLIENT_ID = 'FRONTEGG_CLIENT_ID',
-  FRONTEGG_API_KEY = 'FRONTEGG_API_KEY',
-  FRONTEGG_APP_ID = 'FRONTEGG_APP_ID',
+  FRONTEGG_PUBLIC_KEY = 'FRONTEGG_PUBLIC_KEY',
 
   ENGINE_URL = 'ENGINE_URL',
   TELEMETRY_MODE = 'TELEMETRY_MODE',

packages/shared/src/lib/flag/flag.ts

@@ -58,8 +58,6 @@ export enum FlagId {
   DARK_THEME_ENABLED = 'DARK_THEME_ENABLED',
   ENVIRONMENT_ID = 'ENVIRONMENT_ID',
   FRONTEGG_URL = 'FRONTEGG_URL',
-  FRONTEGG_CLIENT_ID = 'FRONTEGG_CLIENT_ID',
-  FRONTEGG_APP_ID = 'FRONTEGG_APP_ID',
   CLOUD_CONNECTION_PAGE_ENABLED = 'CLOUD_CONNECTION_PAGE_ENABLED',
   SHOW_DEMO_HOME_PAGE = 'SHOW_DEMO_HOME_PAGE',
   OAUTH_PROXY_URL = 'OAUTH_PROXY_URL',