fix: remove session on logout

Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.20...v2.0.21)

.gitlab-ci.yml

@@ -16,7 +16,7 @@ image: buildtool/build-tools:${BUILDTOOLS_VERSION}
 build:
   stage: build
   services:
-  - docker:dind
+  - docker:${DOCKER_DIND_VERSION}
   script:
   - build
   - push

.gitlab/dependabot.yml

@@ -10,8 +10,10 @@ updates:
   schedule:
     interval: "daily"
   open-pull-requests-limit: 20
+  rebase-strategy: none
 - package-ecosystem: "docker"
   directory: "/"
   schedule:
     interval: "daily"
   open-pull-requests-limit: 20
+  rebase-strategy: none

.nvmrc

@@ -0,0 +1 @@
+18

.prettierignore

@@ -0,0 +1,2 @@
+*.yaml
+*.yml

.prettierrc

@@ -0,0 +1,9 @@
+{
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "arrowParens": "always",
+  "quoteProps": "as-needed",
+  "bracketSpacing": true,
+  "bracketSameLine": false
+}

README.md

@@ -3,47 +3,52 @@
 > This server helps you to simulate auth0 server locally. So, you are able to use the `/tokeninfo` endpoint to verify your token.
 
 ## Getting Started
-### Prerequisites
-* Install [Node.js](http://nodejs.org)
-    * on OSX use [homebrew](http://brew.sh) `brew install node`
-    * on Windows use [chocolatey](https://chocolatey.org/) `choco install nodejs`
 
+### Prerequisites
+
+- Install [Node.js](http://nodejs.org)
+  - on OSX use [homebrew](http://brew.sh) `brew install node`
+  - on Windows use [chocolatey](https://chocolatey.org/) `choco install nodejs`
 
 ## Installing
-* `fork` this repo
-* `clone` your fork
-* `npm install` to install all dependencies
+
+- `fork` this repo
+- `clone` your fork
+- `npm install` to install all dependencies
 
 ## Running the app
+
 After you have installed all dependencies you can now run the app.
 Run `npm start` to start a local server.
 The port will be displayed to you as `http://0.0.0.0:3333` (or if you prefer IPv6, if you're using `express` server, then it's `http://[::1]:3333/`).
 
-
 ## API Documentation
 
 ### `GET` /token/:username
+
 Returns a token with the given user(username). This token can the be used by your application.
 
 ### `POST` /tokeninfo
+
 Returns the data of the token like the username.
 
 **Body**
+
 ```
 {
     "id_token": "your-token-kjasdf6ashasl..."
 }
 ```
 
-
 ## Related Projects
-* [express-typescript-boilerplate](https://github.com/w3tecch/express-typescript-boilerplate) - Boilerplate for an restful express-apllication written in TypeScript
-* [express-graphql-typescript-boilerplate](https://github.com/w3tecch/express-graphql-typescript-boilerplate) - A starter kit for building amazing GraphQL API's with TypeScript and express by @w3tecch
 
+- [express-typescript-boilerplate](https://github.com/w3tecch/express-typescript-boilerplate) - Boilerplate for an restful express-apllication written in TypeScript
+- [express-graphql-typescript-boilerplate](https://github.com/w3tecch/express-graphql-typescript-boilerplate) - A starter kit for building amazing GraphQL API's with TypeScript and express by @w3tecch
 
 ## License
+
 [MIT](/LICENSE)
 
-
 ---
-Made with ♥ by Gery Hirschfeld ([@GeryHirschfeld1](https://twitter.com/GeryHirschfeld1))
+
+Made with ♥ by Gery Hirschfeld ([@GeryHirschfeld1](https://twitter.com/GeryHirschfeld1))

app.js

@@ -14,7 +14,10 @@ const cert = require('./cert')
 let issuer = process.env.ISSUER || 'localhost:3333'
 let jwksOrigin = `https://${issuer}/`
 const audience = process.env.AUDIENCE || 'https://generic-audience'
-const adminCustomClaim = process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
+const adminCustomClaim =
+  process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
+const emailCustomClaim =
+  process.env.EMAIL_CUSTOM_CLAIM || 'https://unbound.se/email'
 
 const debug = Debug('app')
 
@@ -27,10 +30,29 @@ const corsOpts = (req, cb) => {
   cb(null, { origin: req.headers.origin })
 }
 
+const addCustomClaims = (email, customClaims, token) => {
+  const emailClaim = {}
+  emailClaim[emailCustomClaim] = email
+  return [...customClaims, emailClaim].reduce((acc, claim) => {
+    return {
+      ...acc,
+      ...claim
+    }
+  }, token)
+}
+
+const signToken = (token) => {
+  return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
+    algorithm: 'RS256',
+    keyid: thumbprint
+  })
+}
+
 // Configure our small auth0-mock-server
-app.options('*', cors(corsOpts))
+app
+  .options('*', cors(corsOpts))
   .use(cors())
-  .use(bodyParser.json())
+  .use(bodyParser.json({ strict: false }))
   .use(bodyParser.urlencoded({ extended: true }))
   .use(cookieParser())
   .use(express.static(`${__dirname}/public`))
@@ -38,53 +60,78 @@ app.options('*', cors(corsOpts))
 
 // This route can be used to generate a valid jwt-token.
 app.post('/oauth/token', (req, res) => {
-  const code = req.body.code
-  const session = sessions[code]
-
   let date = Math.floor(Date.now() / 1000)
-  let accessToken = jwt.sign(Buffer.from(JSON.stringify({
-    iss: jwksOrigin,
-    aud: [audience],
-    sub: 'auth0|' + session.email,
-    iat: date,
-    exp: date + 7200,
-    azp: session.clientId
-  })), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
+  if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
+    let accessToken = signToken({
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id
+    })
 
-  const token = session.customClaims.reduce((acc, claim) => {
-    return {
-      ...acc,
-      ...claim
-    }
-  }, {
-    iss: jwksOrigin,
-    aud: session.clientId,
-    nonce: session.nonce,
-    sub: 'auth0|' + session.email,
-    iat: date,
-    exp: date + 7200,
-    azp: session.clientId,
-    name: 'Example Person',
-    picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-  })
-  let idToken = jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
+    let idToken = signToken({
+      iss: jwksOrigin,
+      aud: req.body.client_id,
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id,
+      name: 'Management API'
+    })
 
-  debug('Signed token for ' + session.email)
-  // res.json({ token });
+    debug('Signed token for management API')
 
-  res.json({
-    access_token: accessToken,
-    id_token: idToken,
-    scope: 'openid%20profile%20email',
-    expires_in: 7200,
-    token_type: 'Bearer'
-  })
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else if (req.body.code) {
+    const code = req.body.code
+    const session = sessions[code]
+    let accessToken = signToken(
+      addCustomClaims(session.email, session.customClaims, {
+        iss: jwksOrigin,
+        aud: [audience],
+        sub: 'auth0|' + session.email,
+        iat: date,
+        exp: date + 7200,
+        azp: session.clientId
+      })
+    )
+
+    let idToken = signToken(
+      addCustomClaims(session.email, session.customClaims, {
+        iss: jwksOrigin,
+        aud: session.clientId,
+        nonce: session.nonce,
+        sub: 'auth0|' + session.email,
+        iat: date,
+        exp: date + 7200,
+        azp: session.clientId,
+        name: 'Example Person',
+        picture:
+          'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+      })
+    )
+
+    debug('Signed token for ' + session.email)
+
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else {
+    res.status(401)
+    res.send('Missing client_id or client_secret')
+  }
 })
 
 // This route can be used to generate a valid jwt-token.
@@ -93,9 +140,12 @@ app.get('/token/:email', (req, res) => {
     debug('No user was given!')
     return res.status(400).send('user is missing')
   }
-  const token = jwt.sign({
-    user_id: 'auth0|' + req.params.email
-  }, privateKey)
+  const token = jwt.sign(
+    {
+      user_id: 'auth0|' + req.params.email
+    },
+    privateKey
+  )
   debug('Signed token for ' + req.params.email)
   res.json({ token })
 })
@@ -120,7 +170,9 @@ app.post('/code', (req, res) => {
     codeChallenge: req.body.codeChallenge,
     customClaims: [claim]
   }
-  res.redirect(`${req.body.redirect}?domain=${issuer}&code=${code}&state=${encodeURIComponent(state)}`)
+  res.redirect(
+    `${req.body.redirect}?code=${code}&state=${encodeURIComponent(state)}`
+  )
 })
 
 app.get('/authorize', (req, res) => {
@@ -131,13 +183,26 @@ app.get('/authorize', (req, res) => {
   const codeChallenge = req.query.code_challenge
   const prompt = req.query.prompt
   const responseMode = req.query.response_mode
+  if (responseMode === 'query') {
+    const code = req.cookies['auth0']
+    const session = sessions[code]
+    if (session) {
+      session.nonce = nonce
+      session.state = state
+      session.codeChallenge = codeChallenge
+      sessions[codeChallenge] = session
+      res.redirect(`${redirect}?code=${codeChallenge}&state=${state}`)
+      return
+    }
+  }
   if (prompt === 'none' && responseMode === 'web_message') {
     const code = req.cookies['auth0']
     const session = sessions[code]
-    session.nonce = nonce
-    session.state = state
-    session.codeChallenge = codeChallenge
-    res.send(`
+    if (session) {
+      session.nonce = nonce
+      session.state = state
+      session.codeChallenge = codeChallenge
+      res.send(`
 <!DOCTYPE html>
 <html>
   <body>
@@ -155,13 +220,16 @@ app.get('/authorize', (req, res) => {
   </script>
   </body>
 </html>`)
-  } else {
-    res.cookie('auth0', codeChallenge, {
-      sameSite: 'None',
-      secure: true,
-      httpOnly: true
-    })
-    res.send(`
+      return
+    }
+  }
+
+  res.cookie('auth0', codeChallenge, {
+    sameSite: 'None',
+    secure: true,
+    httpOnly: true
+  })
+  res.send(`
 <html lang='en'>
   <head>
     <meta charset='utf-8'>
@@ -202,21 +270,29 @@ app.get('/authorize', (req, res) => {
   </body>
 </html>
 `)
-  }
 })
 
 app.get('/userinfo', (req, res) => {
-  res.contentType('application/json').send(JSON.stringify({ picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg' }))
+  res.contentType('application/json').send(
+    JSON.stringify({
+      picture:
+        'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+    })
+  )
 })
 
 app.get('/v2/logout', (req, res) => {
-  res.redirect(`${req.query.returnTo}?domain=${issuer}`)
+  const code = req.cookies['auth0']
+  const session = sessions[code]
+  if (session) {
+    delete sessions[code]
+  }
+  res.redirect(req.query.returnTo)
 })
 
 app.get('/.well-known/jwks.json', (req, res) => {
-  res
-    .contentType('application/json')
-    .send(JSON.stringify({
+  res.contentType('application/json').send(
+    JSON.stringify({
       keys: [
         {
           alg: 'RS256',
@@ -230,7 +306,8 @@ app.get('/.well-known/jwks.json', (req, res) => {
           x5t: thumbprint
         }
       ]
-    }))
+    })
+  )
 })
 
 // This route returns the inside of a jwt-token. Your main application
@@ -257,7 +334,13 @@ app.post('/issuer', (req, res) => {
   }
   issuer = req.body.issuer
   jwksOrigin = `https://${issuer}/`
-  const { privateKey: key, certDer: der, thumbPrint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
+  const {
+    privateKey: key,
+    certDer: der,
+    thumbprint: thumb,
+    exponent: exp,
+    modulus: mod
+  } = cert(jwksOrigin)
   privateKey = key
   certDer = der
   thumbprint = thumb
@@ -267,6 +350,28 @@ app.post('/issuer', (req, res) => {
   res.send('ok')
 })
 
+app.get('/api/v2/users-by-email', (req, res) => {
+  res.json([])
+})
+
+app.post('/api/v2/users', (req, res) => {
+  const email = req.body.email
+  res.json({
+    user_id: `auth0|${email}`
+  })
+})
+
+app.post('/api/v2/tickets/password-change', (req, res) => {
+  res.json({
+    ticket: `https://some-url`
+  })
+})
+
+app.use(function (req, res, next) {
+  console.log('404', req.path)
+  res.status(404).send('error: 404 Not Found ' + req.path)
+})
+
 app.listen(3333, () => {
   debug('Auth0-Mock-Server listening on port 3333!')
 })

cert.js

@@ -1,132 +1,128 @@
-const base64url = require('base64-url');
-const createHash = require('crypto').createHash;
-const forge = require('node-forge');
-const NodeRSA = require('node-rsa');
+const base64url = require('base64-url')
+const createHash = require('crypto').createHash
+const forge = require('node-forge')
+const NodeRSA = require('node-rsa')
 
 const PRIVATE_KEY_PEM =
-    '-----BEGIN RSA PRIVATE KEY-----\n' +
-    'MIIEpAIBAAKCAQEApoocpO3bbUF6o8eyJlQCfwLahEsunWdVF++yOEyKu4Lp1j0m\n' +
-    '2j/P7iHOtxBAkjdM2X2oW3qO1mR0sIFefqnm93g0q2nRuYEoS+W3o6X50wjOVm8f\n' +
-    'r/tLqELzy5BoET0AQl7Axp1DNsb0HNOBcoIBt+xVY4I+k6uXJJJMzbgvahAgSLZ9\n' +
-    'RW0Z0WT+dCHZpZUj0nLxNXIPdci65Bw6IognqXHP6AwKZXpT6jCzjzq9uyHxVcud\n' +
-    'qw6j0kQw48/A5A6AN5fIVy1cKnd0sKdqRX1NUqVoiOrO4jaDB1IdLD+YmRE/JjOH\n' +
-    'sWIMElYCPxKqnsNo6VCslGX/ziinArHhqRBrHwIDAQABAoIBAHAdmpsN5iLvafjI\n' +
-    'f45+EBAhg6p8Uq102zx6CakNHniN8Y5hLL7RJtJRwDBNqKrGv93LUoQDRhXfGw+Y\n' +
-    'iF0NVIhVTF/5pU8VPGOcCr0JB96ilwZpWRPIQW7NZAMu/GBeiMYls/IB/TXrSnv9\n' +
-    'h6/nBfEkEXgkPqx7YA0m0L3NuV3U1lCY/LhBJY4Xvi0uRdqu3tTHXftehuPwC4UB\n' +
-    '42eJTWv/qLeOlkCdUUV4f7+dNaES88Vdhj6lu/BusnNhvnwHQik4dNwzPCGeP8NV\n' +
-    '5gaesWiNWFZuTURGKk1B65p5LzNPjsVT50RDuW8FnSZwIvNcohrX9ILPsmg/t0Kr\n' +
-    'ozcOksECgYEA4XWOK4twx5RG162zveRHqU7H9RBWSz7/PzM9Eob9vx/tC/b1YqBR\n' +
-    'VShk23vje19eNiYWAkxcpobIP4ek/0ZT8nHkJg8wl+J/hnXADcvwv2dKnoFnm5pn\n' +
-    'rTBUKc8R3wrSlAV8XQAtdnxsfFa5AOQJ6WFVI9AdfH3Iw8XZk4gIIPMCgYEAvRlY\n' +
-    'y80HnR3kwMOqY488V1qk41dmfNqa+YDL+zkPF1HhHI9VnK5BQuI7lyKJl984KwHu\n' +
-    '0gbwx3Wp4XkD5JUboEpl5LnaLsjEWemjTaQWdvJHPd5wkJ0m/jRQ2YeT4g2gFu4y\n' +
-    'Pi/pWkrzhnzQQVAmOdAm5Kj27LtDzp0lspw3uCUCgYEAw2YdvFGSgfZZW4147QeO\n' +
-    'sAbON+9bysUjdMPUl10VR/LEgA0d6MdnFfX3S13Y7tDdlvJ1OrKxzcWcgaru7ism\n' +
-    'kEXy5KVfiRNNUNx2gb6RvWEpA6zFfc9ZMXlkSAPlyjfX/1+tw/Bmdn0pjK2gk0wP\n' +
-    '5wtrPameFInzWPD9O+a2nM8CgYBZ6UhgNs+M9B7FTQOiLQPa4R2PfwobCXIwef4D\n' +
-    'KIE1bFgl1T02r2AWZi1BUkmr7ZXuVQ/xyx0HKbopm/mu4PruvxEtrPTB0/IQcleU\n' +
-    'XhXUXqRjFXXePOrCaaubkqxNCn95B67aBLvmk8awxn3a4DocuQ0VIgWuT+gQwIWh\n' +
-    'JEgWBQKBgQDKD+2Yh1/rUzu15lbPH0JSpozUinuFjePieR/4n+5CtEUxWJ2f0WeK\n' +
-    's4XWWf2qgUccjpiGju2UR840mgWROoZ8BfSTd5tg1F7bo0HMgu2hu0RIRpZcRhsA\n' +
-    'Cd0GrJvf1t0QIdDCXAy+RpgU1SLSq4Q6Lomc0WA5C5nBw9RKEUOV9A==\n' +
-    '-----END RSA PRIVATE KEY-----\n';
+  '-----BEGIN RSA PRIVATE KEY-----\n' +
+  'MIIEpAIBAAKCAQEApoocpO3bbUF6o8eyJlQCfwLahEsunWdVF++yOEyKu4Lp1j0m\n' +
+  '2j/P7iHOtxBAkjdM2X2oW3qO1mR0sIFefqnm93g0q2nRuYEoS+W3o6X50wjOVm8f\n' +
+  'r/tLqELzy5BoET0AQl7Axp1DNsb0HNOBcoIBt+xVY4I+k6uXJJJMzbgvahAgSLZ9\n' +
+  'RW0Z0WT+dCHZpZUj0nLxNXIPdci65Bw6IognqXHP6AwKZXpT6jCzjzq9uyHxVcud\n' +
+  'qw6j0kQw48/A5A6AN5fIVy1cKnd0sKdqRX1NUqVoiOrO4jaDB1IdLD+YmRE/JjOH\n' +
+  'sWIMElYCPxKqnsNo6VCslGX/ziinArHhqRBrHwIDAQABAoIBAHAdmpsN5iLvafjI\n' +
+  'f45+EBAhg6p8Uq102zx6CakNHniN8Y5hLL7RJtJRwDBNqKrGv93LUoQDRhXfGw+Y\n' +
+  'iF0NVIhVTF/5pU8VPGOcCr0JB96ilwZpWRPIQW7NZAMu/GBeiMYls/IB/TXrSnv9\n' +
+  'h6/nBfEkEXgkPqx7YA0m0L3NuV3U1lCY/LhBJY4Xvi0uRdqu3tTHXftehuPwC4UB\n' +
+  '42eJTWv/qLeOlkCdUUV4f7+dNaES88Vdhj6lu/BusnNhvnwHQik4dNwzPCGeP8NV\n' +
+  '5gaesWiNWFZuTURGKk1B65p5LzNPjsVT50RDuW8FnSZwIvNcohrX9ILPsmg/t0Kr\n' +
+  'ozcOksECgYEA4XWOK4twx5RG162zveRHqU7H9RBWSz7/PzM9Eob9vx/tC/b1YqBR\n' +
+  'VShk23vje19eNiYWAkxcpobIP4ek/0ZT8nHkJg8wl+J/hnXADcvwv2dKnoFnm5pn\n' +
+  'rTBUKc8R3wrSlAV8XQAtdnxsfFa5AOQJ6WFVI9AdfH3Iw8XZk4gIIPMCgYEAvRlY\n' +
+  'y80HnR3kwMOqY488V1qk41dmfNqa+YDL+zkPF1HhHI9VnK5BQuI7lyKJl984KwHu\n' +
+  '0gbwx3Wp4XkD5JUboEpl5LnaLsjEWemjTaQWdvJHPd5wkJ0m/jRQ2YeT4g2gFu4y\n' +
+  'Pi/pWkrzhnzQQVAmOdAm5Kj27LtDzp0lspw3uCUCgYEAw2YdvFGSgfZZW4147QeO\n' +
+  'sAbON+9bysUjdMPUl10VR/LEgA0d6MdnFfX3S13Y7tDdlvJ1OrKxzcWcgaru7ism\n' +
+  'kEXy5KVfiRNNUNx2gb6RvWEpA6zFfc9ZMXlkSAPlyjfX/1+tw/Bmdn0pjK2gk0wP\n' +
+  '5wtrPameFInzWPD9O+a2nM8CgYBZ6UhgNs+M9B7FTQOiLQPa4R2PfwobCXIwef4D\n' +
+  'KIE1bFgl1T02r2AWZi1BUkmr7ZXuVQ/xyx0HKbopm/mu4PruvxEtrPTB0/IQcleU\n' +
+  'XhXUXqRjFXXePOrCaaubkqxNCn95B67aBLvmk8awxn3a4DocuQ0VIgWuT+gQwIWh\n' +
+  'JEgWBQKBgQDKD+2Yh1/rUzu15lbPH0JSpozUinuFjePieR/4n+5CtEUxWJ2f0WeK\n' +
+  's4XWWf2qgUccjpiGju2UR840mgWROoZ8BfSTd5tg1F7bo0HMgu2hu0RIRpZcRhsA\n' +
+  'Cd0GrJvf1t0QIdDCXAy+RpgU1SLSq4Q6Lomc0WA5C5nBw9RKEUOV9A==\n' +
+  '-----END RSA PRIVATE KEY-----\n'
 
 const PUBLIC_KEY_PEM =
-    '-----BEGIN PUBLIC KEY-----\n' +
-    'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoocpO3bbUF6o8eyJlQC\n' +
-    'fwLahEsunWdVF++yOEyKu4Lp1j0m2j/P7iHOtxBAkjdM2X2oW3qO1mR0sIFefqnm\n' +
-    '93g0q2nRuYEoS+W3o6X50wjOVm8fr/tLqELzy5BoET0AQl7Axp1DNsb0HNOBcoIB\n' +
-    't+xVY4I+k6uXJJJMzbgvahAgSLZ9RW0Z0WT+dCHZpZUj0nLxNXIPdci65Bw6Iogn\n' +
-    'qXHP6AwKZXpT6jCzjzq9uyHxVcudqw6j0kQw48/A5A6AN5fIVy1cKnd0sKdqRX1N\n' +
-    'UqVoiOrO4jaDB1IdLD+YmRE/JjOHsWIMElYCPxKqnsNo6VCslGX/ziinArHhqRBr\n' +
-    'HwIDAQAB\n' +
-    '-----END PUBLIC KEY-----\n';
+  '-----BEGIN PUBLIC KEY-----\n' +
+  'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoocpO3bbUF6o8eyJlQC\n' +
+  'fwLahEsunWdVF++yOEyKu4Lp1j0m2j/P7iHOtxBAkjdM2X2oW3qO1mR0sIFefqnm\n' +
+  '93g0q2nRuYEoS+W3o6X50wjOVm8fr/tLqELzy5BoET0AQl7Axp1DNsb0HNOBcoIB\n' +
+  't+xVY4I+k6uXJJJMzbgvahAgSLZ9RW0Z0WT+dCHZpZUj0nLxNXIPdci65Bw6Iogn\n' +
+  'qXHP6AwKZXpT6jCzjzq9uyHxVcudqw6j0kQw48/A5A6AN5fIVy1cKnd0sKdqRX1N\n' +
+  'UqVoiOrO4jaDB1IdLD+YmRE/JjOHsWIMElYCPxKqnsNo6VCslGX/ziinArHhqRBr\n' +
+  'HwIDAQAB\n' +
+  '-----END PUBLIC KEY-----\n'
 
-const createCertificate = ({
-                               publicKey,
-                               privateKey,
-                               jwksOrigin,
-                           }) => {
-    const cert = forge.pki.createCertificate();
-    cert.publicKey = publicKey;
-    cert.serialNumber = '123';
-    const attrs = [
-        {
-            name: 'commonName',
-            value: `${jwksOrigin}`,
-        },
-    ];
-    cert.validity.notBefore = new Date();
-    cert.validity.notAfter = new Date();
-    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
-    cert.setSubject(attrs);
-    cert.setIssuer(attrs);
-    cert.sign(privateKey);
-    return forge.pki.certificateToPem(cert)
-};
+const createCertificate = ({ publicKey, privateKey, jwksOrigin }) => {
+  const cert = forge.pki.createCertificate()
+  cert.publicKey = publicKey
+  cert.serialNumber = '123'
+  const attrs = [
+    {
+      name: 'commonName',
+      value: `${jwksOrigin}`
+    }
+  ]
+  cert.validity.notBefore = new Date()
+  cert.validity.notAfter = new Date()
+  cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
+  cert.setSubject(attrs)
+  cert.setIssuer(attrs)
+  cert.sign(privateKey)
+  return forge.pki.certificateToPem(cert)
+}
 
 const getCertThumbprint = (certificate) => {
-    const shasum = createHash('sha1');
-    const der = Buffer.from(certificate).toString('binary');
-    shasum.update(der);
-    return shasum.digest('base64')
-};
+  const shasum = createHash('sha1')
+  const der = Buffer.from(certificate).toString('binary')
+  shasum.update(der)
+  return shasum.digest('base64')
+}
 
 const createKeyPair = () => {
-    const privateKey = forge.pki.privateKeyFromPem(PRIVATE_KEY_PEM);
-    const publicKey = forge.pki.publicKeyFromPem(PUBLIC_KEY_PEM);
-    return {
-        privateKey,
-        publicKey,
-    }
-};
+  const privateKey = forge.pki.privateKeyFromPem(PRIVATE_KEY_PEM)
+  const publicKey = forge.pki.publicKeyFromPem(PUBLIC_KEY_PEM)
+  return {
+    privateKey,
+    publicKey
+  }
+}
 
 const bnToB64 = (bn) => {
-    let hex = BigInt(bn).toString(16);
-    if (hex.length % 2) {
-        hex = '0' + hex;
-    }
+  let hex = BigInt(bn).toString(16)
+  if (hex.length % 2) {
+    hex = '0' + hex
+  }
 
-    const bin = [];
-    let i = 0;
-    let d;
-    let b;
-    while (i < hex.length) {
-        d = parseInt(hex.slice(i, i + 2), 16);
-        b = String.fromCharCode(d);
-        bin.push(b);
-        i += 2;
-    }
+  const bin = []
+  let i = 0
+  let d
+  let b
+  while (i < hex.length) {
+    d = parseInt(hex.slice(i, i + 2), 16)
+    b = String.fromCharCode(d)
+    bin.push(b)
+    i += 2
+  }
 
-    return Buffer.from(bin.join(''), 'binary').toString('base64');
-};
+  return Buffer.from(bin.join(''), 'binary').toString('base64')
+}
 
 const setup = (jwksOrigin) => {
-    const {privateKey, publicKey} = createKeyPair();
-    const certPem = createCertificate({
-        jwksOrigin,
-        privateKey,
-        publicKey,
-    });
-    const certDer = forge.util.encode64(
-        forge.asn1
-            .toDer(forge.pki.certificateToAsn1(forge.pki.certificateFromPem(certPem)))
-            .getBytes()
-    );
-    const thumbprint = base64url.encode(getCertThumbprint(certDer));
+  const { privateKey, publicKey } = createKeyPair()
+  const certPem = createCertificate({
+    jwksOrigin,
+    privateKey,
+    publicKey
+  })
+  const certDer = forge.util.encode64(
+    forge.asn1
+      .toDer(forge.pki.certificateToAsn1(forge.pki.certificateFromPem(certPem)))
+      .getBytes()
+  )
+  const thumbprint = base64url.encode(getCertThumbprint(certDer))
 
-    const helperKey = new NodeRSA();
-    helperKey.importKey(forge.pki.privateKeyToPem(privateKey));
-    const {n: modulus, e: exponent} = helperKey.exportKey('components');
+  const helperKey = new NodeRSA()
+  helperKey.importKey(forge.pki.privateKeyToPem(privateKey))
+  const { n: modulus, e: exponent } = helperKey.exportKey('components')
 
-    return {
-        privateKey: forge.pki.privateKeyToPem(privateKey),
-        certDer: certDer,
-        thumbPrint: thumbprint,
-        exponent: bnToB64(exponent),
-        modulus: modulus.toString('base64')
-    }
-};
+  return {
+    privateKey: forge.pki.privateKeyToPem(privateKey),
+    certDer,
+    thumbprint: thumbprint.toString(),
+    exponent: bnToB64(exponent),
+    modulus: modulus.toString('base64')
+  }
+}
 
-module.exports = setup;
+module.exports = setup

k8s/deploy.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: auth0mock
-          image: registry.gitlab.com/unboundsoftware/shiny/auth0mock:${COMMIT}
+          image: registry.gitlab.com/unboundsoftware/auth0mock:${COMMIT}
           imagePullPolicy: "IfNotPresent"
           resources:
             requests:

package.json

@@ -6,23 +6,29 @@
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
     "dev": "nodemon ./app.js",
-    "start": "node ./app.js"
+    "start": "node ./app.js",
+    "lint:prettier": "prettier --check .",
+    "lint": "yarn lint:prettier",
+    "lintfix": "prettier --write --list-different ."
   },
   "author": "",
   "license": "MIT",
   "dependencies": {
     "base64-url": "^2.3.3",
-    "body-parser": "^1.20.0",
+    "body-parser": "^1.20.2",
     "buffer": "^6.0.3",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.3",
     "debug": "^4.3.4",
-    "express": "^4.17.3",
+    "express": "^4.18.2",
     "https-localhost": "^4.7.1",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "node-forge": "^1.3.1",
     "node-rsa": "^1.1.1",
-    "nodemon": "^2.0.15",
+    "nodemon": "^2.0.21",
     "serve-favicon": "^2.4.2"
+  },
+  "devDependencies": {
+    "prettier": "^2.8.4"
   }
 }