-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(cli): add @coveo/search-token-server package (#33)
- Loading branch information
Showing
11 changed files
with
3,452 additions
and
5 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # The unique identifier of the organization in which to generate a search token. | ||
| # Example: ORGANIZATION_ID=mycoveoorganizationg8tp8wu3. | ||
| # See https://docs.coveo.com/en/148/manage-an-organization/retrieve-the-organization-id | ||
| ORGANIZATION_ID=<YOUR_ORGANIZATION_ID> | ||
|
|
||
| # An API key granting the impersonate privilege in your organization. | ||
| # The API key should have the impersonate privilege. | ||
| # See https://docs.coveo.com/en/1718/manage-an-organization/manage-api-keys#add-an-api-key | ||
| API_KEY=<YOUR_API_KEY> | ||
|
|
||
| # The name of the security identity to impersonate. | ||
| # Example: USER_EMAIL="alicesmith@example.com" | ||
| # See https://docs.coveo.com/en/56/#name-string-required. | ||
| USER_EMAIL=<YOUR_USER_EMAIL> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # IDEs | ||
| .idea/ | ||
| jsconfig.json | ||
| .vscode/ | ||
|
|
||
| # Misc | ||
| node_modules/ | ||
| npm-debug.log* | ||
| yarn-error.log* | ||
|
|
||
| # Mac OSX Finder files. | ||
| **/.DS_Store | ||
| .DS_Store | ||
|
|
||
| # Sensitive | ||
| .env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # Simple search token generation server | ||
|
|
||
| An [Express](https://www.npmjs.com/package/express) server to generate [Coveo search tokens](https://docs.coveo.com/en/1346/). | ||
|
|
||
| ## Setup environment | ||
|
|
||
| Create the `.env` file at the root of this project using `.env.example` as starting point and make sure to replace all placeholder variables `<...>` by the proper information for your organization. | ||
| For more involved configurations, you can modify the request parameters used in the `middlewares/searchToken.ts` file. | ||
|
|
||
| ## Installation | ||
|
|
||
| ```bash | ||
| npm install | ||
| ``` | ||
|
|
||
| ## Usage | ||
|
|
||
| ```bash | ||
| npm start | ||
| ``` | ||
|
|
||
| This will start a server listening on port 3000. The app will return a [Coveo search token](https://docs.coveo.com/en/1346/) when you make a GET request to the [/token](http://localhost:3000/token) path. Every other path will respond by a **404 Not Found** error. | ||
|
|
||
| ## Documentation | ||
|
|
||
| ### Search Token Authentication | ||
|
|
||
| A search token is a special JSON web token typically used to temporarily grant the privilege to execute queries as a specific user and log usage analytics events. | ||
| To understand search tokens and how they work in more detail, visit the [Search Token Authentication](https://docs.coveo.com/en/56/build-a-search-ui/search-token-authentication) page. |
19 changes: 19 additions & 0 deletions
19
packages/search-token-server/middlewares/environmentCheck.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| import {Request, Response, NextFunction} from 'express'; | ||
|
|
||
| export function environmentCheck( | ||
| req: Request, | ||
| res: Response, | ||
| next: NextFunction | ||
| ) { | ||
| if ( | ||
| process.env.ORGANIZATION_ID === undefined || | ||
| process.env.API_KEY === undefined || | ||
| process.env.USER_EMAIL === undefined | ||
| ) { | ||
| const message = | ||
| 'Make sure to configure the environment variables in the ".env" file. Refer to the README to set up the server.'; | ||
| next({message}); | ||
| } else { | ||
| next(); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| import {NextFunction, Request, Response} from 'express'; | ||
|
|
||
| export function errorHandler( | ||
| err: any, | ||
| req: Request, | ||
| res: Response, | ||
| next: NextFunction | ||
| ) { | ||
| console.error(err); | ||
| res.status(err.statusCode || 500).send(err.message || 'Something broke!'); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| require('isomorphic-fetch'); | ||
| require('abortcontroller-polyfill'); | ||
|
|
||
| import {Request, Response, NextFunction} from 'express'; | ||
| import { | ||
| PlatformClient, | ||
| Environment, | ||
| Region, | ||
| RestUserIdType, | ||
| TokenModel, | ||
| } from '@coveord/platform-client'; | ||
|
|
||
| export function ensureTokenGenerated( | ||
| req: Request, | ||
| res: Response, | ||
| next: NextFunction | ||
| ) { | ||
| const platform: PlatformClient = | ||
| req.app.locals.platform || | ||
| new PlatformClient({ | ||
| /** | ||
| * The target environment. | ||
| * The platform.cloud.coveo.com is the default target host. | ||
| * However, you can target a different host by changing the environment. | ||
| * | ||
| * Example: | ||
| * environment: Environment.hipaa will target the HIPAA host (platformhipaa.cloud.coveo.com) | ||
| */ | ||
| environment: Environment.prod, | ||
| /** | ||
| * The target region. | ||
| * See https://docs.coveo.com/en/2976/coveo-solutions/deployment-regions-and-strategies#data-residency | ||
| */ | ||
| region: Region.US, | ||
| /** | ||
| * The unique identifier of your Coveo organization. | ||
| * To retrieve your org ID, see https://docs.coveo.com/en/148/manage-an-organization/retrieve-the-organization-id | ||
| */ | ||
| organizationId: process.env.ORGANIZATION_ID, | ||
| /** | ||
| * An API key with the impersonate privilege in the target organization. | ||
| * See https://docs.coveo.com/en/1718/manage-an-organization/manage-api-keys#add-an-api-key | ||
| */ | ||
| accessToken: process.env.API_KEY!, | ||
| }); | ||
|
|
||
| platform.search | ||
| .createToken({ | ||
| /****** Mandatory parameters ******/ | ||
| /** | ||
| * The security identities to impersonate when authenticating a query with this search token. | ||
| * The userIds array should contain at least one security indentity. | ||
| * See https://docs.coveo.com/en/56/#userids-array-of-restuserid-required | ||
| */ | ||
| userIds: [ | ||
| { | ||
| name: process.env.USER_EMAIL!, | ||
| provider: 'Email Security Provider', | ||
| type: RestUserIdType.User, | ||
| }, | ||
| ], | ||
|
|
||
| /****** Optional parameters ******/ | ||
| /** | ||
| * The name of the search hub to enforce when authenticating a query with this search token. | ||
| * The search hub is a descriptive name of the search interface on which the token is to be used. | ||
| *See https://docs.coveo.com/en/56/#searchhub-string-optional | ||
| * Example: | ||
| * searchHub: 'supporthub', | ||
| */ | ||
|
|
||
| /** | ||
| * The filter query expression to apply when authenticating a query with this search token. | ||
| * See https://docs.coveo.com/en/56/#filter-string-optional | ||
| * | ||
| * Example: | ||
| * filter: 'NOT @source="my secured source"', | ||
| */ | ||
| }) | ||
| .then((data: TokenModel) => { | ||
| req.token = data.token; | ||
| next(); | ||
| }) | ||
| .catch((err) => { | ||
| next(err); | ||
| }); | ||
|
|
||
| if (!req.app.locals.platform) { | ||
| req.app.locals.platform = platform; | ||
| } | ||
| } |
Oops, something went wrong.