Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add VA Azure Integration #367

Merged
merged 9 commits into from
Feb 7, 2024
Merged

Add VA Azure Integration #367

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a92c2b2
Add VA Azure Integration
vibhanshub Jan 21, 2024
9fe18da
Add logo and update summary
vibhanshub Jan 22, 2024
1e9f1d8
Make requested changes
vibhanshub Jan 24, 2024
f3ec874
Add lock file and update lint script
vibhanshub Jan 24, 2024
2b6ca66
Merge branch 'main' into azure-va-integration
vibhanshub Jan 24, 2024
1a19941
Update lock file...
vibhanshub Jan 24, 2024
88727a3
Use latest assets and update manifest
vibhanshub Jan 30, 2024
c694439
Use URL package
vibhanshub Feb 7, 2024
c48a03d
Merge branch 'main' into azure-va-integration
vibhanshub Feb 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions integrations/va-azure/.eslintrc.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"extends": ["@gitbook/eslint-config/integration"]
}
Binary file added integrations/va-azure/assets/azure-preview.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added integrations/va-azure/assets/icon.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions integrations/va-azure/gitbook-manifest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: VA-Azure
title: VA Azure
icon: ./assets/icon.png
previewImages:
- ./assets/azure-preview.png
description: Visitor Authentication with Azure

visibility: public
script: ./src/index.tsx
scopes:
- space:metadata:read
- space:visitor:auth
- space:content:read
organization: d8f63b60-89ae-11e7-8574-5927d48c4877
summary: |
# Overview
Visitor Authentication allows you to publish content behind an authentication wall, so your content is only accessible to people you choose.

This integration lets you control access to your published content as determined by Azure (Entra).

# Configure
Install this integration on a space and then populate the configuration screen with the details of your Azure application and Azure subscription.
You can then open the Share menu, publish the space with Visitor Authentication, choose this integration as the authentication backend, and hit Save.

Your space is now published with Visitor Authentication using Azure.
categories:
- other
configurations:
space:
componentId: config
20 changes: 20 additions & 0 deletions integrations/va-azure/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"name": "@gitbook/integration-va-azure",
"version": "0.0.1",
"private": true,
"dependencies": {
"@gitbook/api": "*",
"@gitbook/runtime": "*",
"itty-router": "^4.0.14",
"@tsndr/cloudflare-worker-jwt": "2.3.2"
},
"devDependencies": {
"@gitbook/cli": "*"
},
"scripts": {
"lint": "eslint ./**/*.ts*",
"typecheck": "tsc --noEmit",
"publish-integrations-staging": "gitbook publish .",
"publish-integrations": "gitbook publish ."
}
}
289 changes: 289 additions & 0 deletions integrations/va-azure/src/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,289 @@
import { sign } from '@tsndr/cloudflare-worker-jwt';
import { Router } from 'itty-router';

import { IntegrationInstallationConfiguration } from '@gitbook/api';
import {
createIntegration,
FetchEventCallback,
Logger,
RuntimeContext,
RuntimeEnvironment,
createComponent,
} from '@gitbook/runtime';

const logger = Logger('azure.visitor-auth');

type AzureRuntimeEnvironment = RuntimeEnvironment<{}, AzureSpaceInstallationConfiguration>;

type AzureRuntimeContext = RuntimeContext<AzureRuntimeEnvironment>;

type AzureSpaceInstallationConfiguration = {
client_id?: string;
tenant_id?: string;
client_secret?: string;
};

type AzureState = AzureSpaceInstallationConfiguration;

type AzureProps = {
installation: {
configuration?: IntegrationInstallationConfiguration;
};
spaceInstallation: {
configuration?: AzureSpaceInstallationConfiguration;
};
};

export type AzureAction = { action: 'save.config' };

const configBlock = createComponent<AzureProps, AzureState, AzureAction, AzureRuntimeContext>({
componentId: 'config',
initialState: (props) => {
return {
client_id: props.spaceInstallation.configuration?.client_id?.toString() || '',
tenant_id: props.spaceInstallation.configuration?.tenant_id?.toString() || '',
client_secret: props.spaceInstallation.configuration?.client_secret?.toString() || '',
};
},
action: async (element, action, context) => {
switch (action.action) {
case 'save.config':
const { api, environment } = context;
const spaceInstallation = environment.spaceInstallation;

const configurationBody = {
...spaceInstallation.configuration,
client_id: element.state.client_id,
client_secret: element.state.client_secret,
tenant_id: element.state.tenant_id,
};

await api.integrations.updateIntegrationSpaceInstallation(
spaceInstallation.integration,
spaceInstallation.installation,
spaceInstallation.space,
{
configuration: {
...configurationBody,
},
}
);
return element;
}
},
render: async (element, context) => {
const VACallbackURL = `${context.environment.spaceInstallation?.urls?.publicEndpoint}/visitor-auth/response`;
return (
<block>
<input
label="Client ID"
hint={
<text>
The unique identifier of your app registration.
<link
target={{
url: 'https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#register-an-application',
}}
>
{' '}
More Details
</link>
</text>
}
element={<textinput state="client_id" placeholder="Client ID" />}
/>

<input
label="Tenant ID"
hint={
<text>
The Tenant ID of your subscription.
<link
target={{
url: 'https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#register-an-application',
}}
>
{' '}
More Details
</link>
</text>
}
element={<textinput state="tenant_id" placeholder="Tenant ID" />}
/>

<input
label="Client Secret"
hint={
<text>
The secret that the application uses to prove its identity when
requesting a token.
<link
target={{
url: 'https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-a-client-secret',
}}
>
{' '}
More Details
</link>
</text>
}
element={<textinput state="client_secret" placeholder="Client Secret" />}
/>

<input
label=""
hint=""
element={
<button
style="primary"
disabled={false}
label="Save"
tooltip="Save configuration"
onPress={{
action: 'save.config',
}}
/>
}
/>

<divider size="medium" />
<text>
The following URL needs to be saved as an allowed Redirect URI in Azure:
</text>
<codeblock content={VACallbackURL} />
</block>
);
},
});

const handleFetchEvent: FetchEventCallback<AzureRuntimeContext> = async (request, context) => {
const { environment } = context;
const installationURL = environment.spaceInstallation?.urls?.publicEndpoint;
if (installationURL) {
const router = Router({
base: new URL(installationURL).pathname,
});

router.get('/visitor-auth/response', async (request) => {
if (context.environment.spaceInstallation?.space) {
const space = await context.api.spaces.getSpaceById(
context.environment.spaceInstallation?.space
);
const spaceData = space.data;
const privateKey = context.environment.signingSecrets.spaceInstallation;
let token;
try {
token = await sign(
{ exp: Math.floor(Date.now() / 1000) + 1 * (60 * 60) },
privateKey
);
} catch (e) {
return new Response('Error: Could not sign JWT token', {
status: 500,
});
}

const tenantId = environment.spaceInstallation?.configuration.tenant_id;
const clientId = environment.spaceInstallation?.configuration.client_id;
const clientSecret = environment.spaceInstallation?.configuration.client_secret;
if (clientId && clientSecret) {
const searchParams = new URLSearchParams({
grant_type: 'authorization_code',
client_id: clientId,
client_secret: clientSecret,
code: `${request.query.code}`,
scope: 'openid',
redirect_uri: `${installationURL}/visitor-auth/response`,
});
const accessTokenURL = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token/`;
const resp: any = await fetch(accessTokenURL, {
method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
body: searchParams,
})
.then((response) => response.json())
.catch((err) => {
return new Response('Error: Could not fetch access token from Azure', {
status: 401,
});
});

if ('access_token' in resp) {
let url;
if (request.query.state) {
url = new URL(`${spaceData.urls?.published}${request.query.state}`);
url.searchParams.append('jwt_token', token);
} else {
url = new URL(spaceData.urls?.published);
url.searchParams.append('jwt_token', token);
}
if (spaceData.urls?.published && token) {
return Response.redirect(url.toString());
} else {
return new Response(
"Error: Either JWT token or space's published URL is missing",
{
status: 500,
}
);
}
} else {
return new Response('Error: No Access Token found in response from Azure', {
status: 401,
});
}
} else {
return new Response('Error: Either ClientId or Client Secret is missing', {
status: 400,
});
}
}
});

let response;
try {
response = await router.handle(request, context);
} catch (error: any) {
logger.error('error handling request', error);
return new Response(error.message, {
status: error.status || 500,
});
}

if (!response) {
return new Response(`No route matching ${request.method} ${request.url}`, {
status: 404,
});
}

return response;
}
};

export default createIntegration({
fetch: handleFetchEvent,
components: [configBlock],
fetch_visitor_authentication: async (event, context) => {
const { environment } = context;
const installationURL = environment.spaceInstallation?.urls?.publicEndpoint;
const tenantId = environment.spaceInstallation?.configuration.tenant_id;
const clientId = environment.spaceInstallation?.configuration.client_id;
const location = event.location ? event.location : '';

const url = new URL(`https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`);
url.searchParams.append('client_id', clientId);
url.searchParams.append('response_type', 'code');
url.searchParams.append('redirect_uri', `${installationURL}/visitor-auth/response`);
url.searchParams.append('response_mode', 'query');
url.searchParams.append('scope', 'openid');
url.searchParams.append('state', location);

try {
return Response.redirect(url.toString());
} catch (e) {
return new Response(e.message, {
status: e.status || 500,
});
}
},
});
3 changes: 3 additions & 0 deletions integrations/va-azure/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"extends": "@gitbook/tsconfig/integration.json"
}
Loading
Loading