Remove Guardian, JWT related code

2 years ago · 361bf84e8c
parent 9869120dec
commit 361bf84e8c
17 changed files with 10 additions and 188 deletions
--- a/apps/block_scout_web/config/config.exs
+++ b/apps/block_scout_web/config/config.exs
@ -81,10 +81,6 @@ config :block_scout_web, BlockScoutWeb.WebRouter, enabled: System.get_env("DISAB
 # Configures Ueberauth local settings
 config :ueberauth, Ueberauth,
  providers: [
-    auth0_api: {
-      Ueberauth.Strategy.Auth0,
-      [callback_path: "/auth/auth0_api/api_callback"]
-    },
    auth0: {
      Ueberauth.Strategy.Auth0,
      [callback_path: "/auth/auth0/callback"]
@ -94,13 +90,6 @@ config :ueberauth, Ueberauth,
 config :hammer,
  backend: {Hammer.Backend.ETS, [expiry_ms: 60_000 * 60 * 4, cleanup_interval_ms: 60_000 * 10]}

-config :block_scout_web, BlockScoutWeb.Guardian, issuer: "block_scout_web"
-
-config :guardian, Guardian.DB,
-  repo: Explorer.Repo.Account,
-  schema_name: "guardian_tokens",
-  sweep_interval: 60
-
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{config_env()}.exs"
--- a/apps/block_scout_web/config/runtime/test.exs
+++ b/apps/block_scout_web/config/runtime/test.exs
@ -13,8 +13,6 @@ config :ueberauth, Ueberauth,
  logout_url: "example.com/logout",
  logout_return_to_url: "example.com/return"

-config :block_scout_web, BlockScoutWeb.Guardian, secret_key: "secret_key"
-
 variant =
  if is_nil(System.get_env("ETHEREUM_JSONRPC_VARIANT")) do
    "parity"
--- a/apps/block_scout_web/config/test.exs
+++ b/apps/block_scout_web/config/test.exs
@ -31,5 +31,3 @@ config :ueberauth, Ueberauth,
      [callback_url: "example.com/callback"]
    }
  ]
-
-config :block_scout_web, BlockScoutWeb.Guardian, issuer: "block_scout_web"
--- a/apps/block_scout_web/lib/block_scout_web/api_router.ex
+++ b/apps/block_scout_web/lib/block_scout_web/api_router.ex
@ -13,26 +13,12 @@ defmodule BlockScoutWeb.ApiRouter do
  Router for API
  """
  use BlockScoutWeb, :router
-  # alias BlockScoutWeb.Plug.CheckAuth

  pipeline :api do
    plug(:accepts, ["json"])
  end

  pipeline :account_api do
-    # plug(Guardian.Plug.VerifyHeader, module: BlockScoutWeb.Guardian, error_handler: BlockScoutWeb.GuardianErrorHandler)
-    # plug(CheckAuth)
-    plug(:fetch_session)
-    plug(:protect_from_forgery)
-  end
-
-  pipeline :tags_api do
-    # plug(Guardian.Plug.VerifyHeader,
-    #   module: BlockScoutWeb.Guardian,
-    #   error_handler: BlockScoutWeb.GuardianErrorHandler,
-    #   tolerant?: true,
-    #   halt: false
-    # )
    plug(:fetch_session)
    plug(:protect_from_forgery)
  end
@ -84,7 +70,7 @@ defmodule BlockScoutWeb.ApiRouter do

  scope "/account/v1" do
    pipe_through(:api)
-    pipe_through(:tags_api)
+    pipe_through(:account_api)

    scope "/tags" do
      get("/address/:address_hash", TagsController, :tags_address)
--- a/apps/block_scout_web/lib/block_scout_web/application.ex
+++ b/apps/block_scout_web/lib/block_scout_web/application.ex
@ -22,8 +22,7 @@ defmodule BlockScoutWeb.Application do
      child_spec(Endpoint, []),
      {Absinthe.Subscription, Endpoint},
      {RealtimeEventHandler, name: RealtimeEventHandler},
-      {BlocksIndexedCounter, name: BlocksIndexedCounter},
-      {Guardian.DB.Token.SweeperServer, []}
+      {BlocksIndexedCounter, name: BlocksIndexedCounter}
    ]

    opts = [strategy: :one_for_one, name: BlockScoutWeb.Supervisor, max_restarts: 1_000]
--- a/apps/block_scout_web/lib/block_scout_web/controllers/account/auth_controller.ex
+++ b/apps/block_scout_web/lib/block_scout_web/controllers/account/auth_controller.ex
@ -1,7 +1,6 @@
 defmodule BlockScoutWeb.Account.AuthController do
  use BlockScoutWeb, :controller

-  alias BlockScoutWeb.Guardian
  alias BlockScoutWeb.Models.UserFromAuth

  plug(Ueberauth)
@ -41,38 +40,6 @@ defmodule BlockScoutWeb.Account.AuthController do
    end
  end

-  def api_callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do
-    send_resp(conn, 200, "Failed to authenticate")
-  end
-
-  def api_callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
-    case UserFromAuth.find_or_create(auth, true) do
-      {:ok, user} ->
-        {:ok, token, _} = Guardian.encode_and_sign(user)
-
-        conn
-        |> put_resp_content_type("application/json")
-        |> send_resp(200, Jason.encode!(%{"auth_token" => token}))
-
-      {:error, _reason} ->
-        conn
-        |> put_resp_content_type("application/json")
-        |> send_resp(200, Jason.encode!(%{"message" => "Failed to authenticate."}))
-    end
-  end
-
-  def api_logout(conn, _params) do
-    if match?(["Bearer " <> _token], get_req_header(conn, "authorization")) do
-      ["Bearer " <> token] = get_req_header(conn, "authorization")
-      Guardian.revoke(token)
-    end
-
-    logout_url = Application.get_env(:ueberauth, Ueberauth)[:logout_url]
-
-    conn
-    |> redirect(external: logout_url)
-  end
-
  # for importing in other controllers
  def authenticate!(conn) do
    current_user(conn) || redirect(conn, to: root())
--- a/apps/block_scout_web/lib/block_scout_web/guardian.ex
+++ b/apps/block_scout_web/lib/block_scout_web/guardian.ex
@ -1,51 +0,0 @@
-defmodule BlockScoutWeb.Guardian do
-  @moduledoc """
-    Module is responsible for selecting the info which will be included into jwt
-  """
-  use Guardian, otp_app: :block_scout_web
-
-  alias BlockScoutWeb.Models.UserFromAuth
-  alias Guardian.DB
-
-  def subject_for_token(%{uid: uid}, _claims) do
-    sub = to_string(uid)
-    {:ok, sub}
-  end
-
-  def subject_for_token(_, _) do
-    {:error, :missing_id_field}
-  end
-
-  def resource_from_claims(%{"sub" => uid}) do
-    resource = UserFromAuth.find_identity(uid)
-    {:ok, resource}
-  end
-
-  def resource_from_claims(_claims) do
-    {:error, :invalid_data}
-  end
-
-  def after_encode_and_sign(resource, claims, token, _options) do
-    with {:ok, _} <- DB.after_encode_and_sign(resource, claims["sub"], claims, token) do
-      {:ok, token}
-    end
-  end
-
-  def on_verify(claims, token, _options) do
-    with {:ok, _} <- DB.on_verify(claims, token) do
-      {:ok, claims}
-    end
-  end
-
-  def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
-    with {:ok, _, _} <- DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
-      {:ok, {old_token, old_claims}, {new_token, new_claims}}
-    end
-  end
-
-  def on_revoke(claims, token, _options) do
-    with {:ok, _} <- DB.on_revoke(claims, token) do
-      {:ok, claims}
-    end
-  end
-end
--- a/apps/block_scout_web/lib/block_scout_web/guardian_error_handler.ex
+++ b/apps/block_scout_web/lib/block_scout_web/guardian_error_handler.ex
@ -1,22 +0,0 @@
-defmodule BlockScoutWeb.GuardianErrorHandler do
-  @moduledoc """
-    Module is responsible for handling errors on decoding Authorization header
-  """
-  import Plug.Conn
-
-  @behaviour Guardian.Plug.ErrorHandler
-
-  @impl Guardian.Plug.ErrorHandler
-  def auth_error(conn, {type, _reason}, opts) do
-    if Keyword.get(opts, :tolerant?) do
-      conn
-    else
-      body = Jason.encode!(%{message: to_string(type)})
-
-      conn
-      |> put_resp_content_type("application/json")
-      |> send_resp(401, body)
-      |> halt()
-    end
-  end
-end
--- a/apps/block_scout_web/lib/block_scout_web/plug/check_auth.ex
+++ b/apps/block_scout_web/lib/block_scout_web/plug/check_auth.ex
@ -1,21 +0,0 @@
-defmodule BlockScoutWeb.Plug.CheckAuth do
-  @moduledoc """
-    Checks if the guardian did find token. If not, send 401 Unauthorized response
-  """
-  import Plug.Conn
-
-  alias Guardian.Plug
-
-  def init(opts), do: opts
-
-  def call(conn, _opts) do
-    if is_nil(Plug.current_claims(conn)) do
-      conn
-      |> put_resp_content_type("application/json")
-      |> send_resp(401, Jason.encode!(%{message: "Unauthorized"}))
-      |> halt()
-    else
-      conn
-    end
-  end
-end
--- a/apps/block_scout_web/lib/block_scout_web/web_router.ex
+++ b/apps/block_scout_web/lib/block_scout_web/web_router.ex
@ -24,7 +24,6 @@ defmodule BlockScoutWeb.WebRouter do
    get("/profile", Account.AuthController, :profile)
    get("/logout", Account.AuthController, :logout)
    get("/:provider", Account.AuthController, :request)
-    get("/:provider/api_callback", Account.AuthController, :api_callback)
    get("/:provider/callback", Account.AuthController, :callback)
    get("/api/logout", Account.AuthController, :api_logout)
  end
--- a/apps/block_scout_web/mix.exs
+++ b/apps/block_scout_web/mix.exs
@ -131,10 +131,8 @@ defmodule BlockScoutWeb.Mixfile do
      {:ex_json_schema, "~> 0.9.1"},
      {:ueberauth, "~> 0.7"},
      {:ueberauth_auth0, "~> 2.0"},
-      {:guardian, "~> 2.2"},
      {:bureaucrat, "~> 0.2.9", only: :test},
-      {:poison, "~> 4.0.0"},
-      {:guardian_db, "~> 2.0"}
+      {:poison, "~> 4.0.0"}
    ]
  end

--- a/apps/block_scout_web/test/block_scout_web/controllers/account/api/v1/user_controller_test.exs
+++ b/apps/block_scout_web/test/block_scout_web/controllers/account/api/v1/user_controller_test.exs
@ -1,7 +1,6 @@
 defmodule BlockScoutWeb.Account.Api.V1.UserControllerTest do
  use BlockScoutWeb.ConnCase

-  alias BlockScoutWeb.Guardian
  alias BlockScoutWeb.Models.UserFromAuth

  setup %{conn: conn} do
--- a/apps/explorer/priv/account/migrations/20220729075714_guardiandb.exs
+++ b/apps/explorer/priv/account/migrations/20220729075714_guardiandb.exs
@ -1,17 +0,0 @@
-defmodule Explorer.Repo.Account.Migrations.CreateGuardianDBTokensTable do
-  use Ecto.Migration
-
-  def change do
-    create table(:guardian_tokens, primary_key: false) do
-      add(:jti, :string, primary_key: true)
-      add(:aud, :string, primary_key: true)
-      add(:typ, :string)
-      add(:iss, :string)
-      add(:sub, :string)
-      add(:exp, :bigint)
-      add(:jwt, :text)
-      add(:claims, :map)
-      timestamps()
-    end
-  end
-end
--- a/apps/explorer/priv/account/migrations/20220905195203_remove_guardian_tokens.exs
+++ b/apps/explorer/priv/account/migrations/20220905195203_remove_guardian_tokens.exs
@ -0,0 +1,7 @@
+defmodule Explorer.Repo.Account.Migrations.RemoveGuardianTokens do
+  use Ecto.Migration
+
+  def change do
+    drop_if_exists table("guardian_tokens")
+  end
+end
--- a/config/runtime.exs
+++ b/config/runtime.exs
@ -46,8 +46,6 @@ config :ueberauth, Ueberauth,
  logout_url: System.get_env("AUTH0_LOGOUT_URL"),
  logout_return_to_url: System.get_env("AUTH0_LOGOUT_RETURN_URL")

-config :block_scout_web, BlockScoutWeb.Guardian, secret_key: System.get_env("SECRET_KEY_GUARDIAN")
-
 config :block_scout_web,
  version: System.get_env("BLOCKSCOUT_VERSION"),
  release_link: System.get_env("RELEASE_LINK"),
--- a/docker/Makefile
+++ b/docker/Makefile
@ -385,9 +385,6 @@ endif
 ifdef PUBLIC_TAGS_AIRTABLE_API_KEY
 	BLOCKSCOUT_CONTAINER_PARAMS += -e 'PUBLIC_TAGS_AIRTABLE_API_KEY=$(PUBLIC_TAGS_AIRTABLE_API_KEY)'
 endif
-ifdef SECRET_KEY_GUARDIAN
-	BLOCKSCOUT_CONTAINER_PARAMS += -e 'SECRET_KEY_GUARDIAN=$(SECRET_KEY_GUARDIAN)'
-endif
 ifdef API_RATE_LIMIT
 	BLOCKSCOUT_CONTAINER_PARAMS += -e 'API_RATE_LIMIT=$(API_RATE_LIMIT)'
 endif
--- a/mix.lock
+++ b/mix.lock
@ -63,8 +63,6 @@
  "flow": {:hex, :flow, "1.2.0", "515e03aa3d056cecc3e3f1e80f6ca4bbf5f45b13c88dee5db880b2f3f24f1caa", [:mix], [{:gen_stage, "~> 1.0", [hex: :gen_stage, repo: "hexpm", optional: false]}], "hexpm", "1b45bfc8a9202c5ec80b077c21df133561e56c56189ba4082dddccb6b5762525"},
  "gen_stage": {:hex, :gen_stage, "1.1.2", "b1656cd4ba431ed02c5656fe10cb5423820847113a07218da68eae5d6a260c23", [:mix], [], "hexpm", "9e39af23140f704e2b07a3e29d8f05fd21c2aaf4088ff43cb82be4b9e3148d02"},
  "gettext": {:hex, :gettext, "0.20.0", "75ad71de05f2ef56991dbae224d35c68b098dd0e26918def5bb45591d5c8d429", [:mix], [], "hexpm", "1c03b177435e93a47441d7f681a7040bd2a816ece9e2666d1c9001035121eb3d"},
-  "guardian": {:hex, :guardian, "2.2.4", "3dafdc19665411c96b2796d184064d691bc08813a132da5119e39302a252b755", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "6f83d4309c16ec2469da8606bb2a9815512cc2fac1595ad34b79940a224eb110"},
-  "guardian_db": {:hex, :guardian_db, "2.1.0", "ec95a9d99cdd1e550555d09a7bb4a340d8887aad0697f594590c2fd74be02426", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:guardian, "~> 1.0 or ~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "f8e7d543ac92c395f3a7fd5acbe6829faeade57d688f7562e2f0fca8f94a0d70"},
  "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~>2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~>6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~>1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~>1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
  "hammer": {:hex, :hammer, "6.1.0", "f263e3c3e9946bd410ea0336b2abe0cb6260af4afb3a221e1027540706e76c55", [:make, :mix], [{:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}], "hexpm", "b47e415a562a6d072392deabcd58090d8a41182cf9044cdd6b0d0faaaf68ba57"},
  "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},