Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(cli): add @coveo/search-token-server package #33

Merged
merged 13 commits into from
Feb 17, 2021
5 changes: 0 additions & 5 deletions packages/cli/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 14 additions & 0 deletions packages/search-token-server/.env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# The unique identifier of the organization in which to generate a search token.
# Example: ORGANIZATION_ID=mycoveoorganizationg8tp8wu3.
# See https://docs.coveo.com/en/148/manage-an-organization/retrieve-the-organization-id
ORGANIZATION_ID=<YOUR_ORGANIZATION_ID>

# An API key granting the impersonate privilege in your organization.
# The API key should have the impersonate privilege.
# See https://docs.coveo.com/en/1718/manage-an-organization/manage-api-keys#add-an-api-key
API_KEY=<YOUR_API_KEY>

# The name of the security identity to impersonate.
# Example: USER_EMAIL="alicesmith@example.com"
# See https://docs.coveo.com/en/56/#name-string-required.
USER_EMAIL=<YOUR_USER_EMAIL>
17 changes: 17 additions & 0 deletions packages/search-token-server/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@

# IDEs
.idea/
jsconfig.json
.vscode/

# Misc
node_modules/
npm-debug.log*
yarn-error.log*

# Mac OSX Finder files.
**/.DS_Store
.DS_Store

# Sensitive
.env
28 changes: 28 additions & 0 deletions packages/search-token-server/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Simple search token generation server

An [Express](https://www.npmjs.com/package/express) server to generate [Coveo search tokens](https://docs.coveo.com/en/1346/).

## Setup environment

Create the `.env` file at the root of this project using `.env.example` as starting point and make sure to replace all placeholder variables `<...>` by the proper information for your organization.

y-lakhdar marked this conversation as resolved.
Show resolved Hide resolved
## Installation

```bash
npm install
```

## Usage

```bash
npm start
```

This will start a server listening on port 3000. The app will return a [Coveo search token](https://docs.coveo.com/en/1346/) when you make a GET request to the [/token](http://localhost:3000/token) path. Every other path will respond by a **404 Not Found** error.

## Documentation

### Search Token Authentication

A search token is a special JSON web token typically used to temporarily grant the privilege to execute queries as a specific user and log usage analytics events.
To understand search tokens and how they work in more detail, visit the [Search Token Authentication](https://docs.coveo.com/en/56/build-a-search-ui/search-token-authentication) page.
19 changes: 19 additions & 0 deletions packages/search-token-server/middlewares/environmentCheck.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
import {Request, Response, NextFunction} from 'express';

export function environmentCheck(
req: Request,
res: Response,
next: NextFunction
) {
if (
process.env.ORGANIZATION_ID === undefined ||
process.env.API_KEY === undefined ||
process.env.USER_EMAIL === undefined
) {
const message =
'Make sure to configure the environment variables in the ".env" file. Refer to the README to set up the server.';
next({message});
} else {
next();
}
}
11 changes: 11 additions & 0 deletions packages/search-token-server/middlewares/errorHandler.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import {NextFunction, Request, Response} from 'express';

export function errorHandler(
err: any,
req: Request,
res: Response,
next: NextFunction
) {
console.error(err);
res.status(err.statusCode || 500).send(err.message || 'Something broke!');
}
89 changes: 89 additions & 0 deletions packages/search-token-server/middlewares/searchToken.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
require('isomorphic-fetch');
require('abortcontroller-polyfill');

import {Request, Response, NextFunction} from 'express';
import {
PlatformClient,
Environment,
Region,
RestUserIdType,
TokenModel,
} from '@coveord/platform-client';

export function ensureTokenGenerated(
req: Request,
res: Response,
next: NextFunction
) {
const platform: PlatformClient =
y-lakhdar marked this conversation as resolved.
Show resolved Hide resolved
req.app.locals.platform ||
new PlatformClient({
/**
* The target environment.
* The platform.cloud.coveo.com is the default target host.
* However, you can target a different host by changing the environment.
*
* Example:
* environment: Environment.hipaa will target the HIPAA host (platformhipaa.cloud.coveo.com)
*/
environment: Environment.prod,
/**
* The target region.
* See https://docs.coveo.com/en/2976/coveo-solutions/deployment-regions-and-strategies#data-residency
*/
region: Region.US,
/**
* The unique identifier of your Coveo organization.
* To retrieve your org ID, see https://docs.coveo.com/en/148/manage-an-organization/retrieve-the-organization-id
*/
organizationId: process.env.ORGANIZATION_ID,
/**
* An API key with the impersonate privilege in the target organization.
* See https://docs.coveo.com/en/1718/manage-an-organization/manage-api-keys#add-an-api-key
*/
accessToken: process.env.API_KEY!,
});

platform.search
.createToken({
/****** Mandatory parameters ******/
/**
* The security identities to impersonate when authenticating a query with this search token.
* The userIds array should contain at least one security indentity.
y-lakhdar marked this conversation as resolved.
Show resolved Hide resolved
*/
userIds: [
{
name: process.env.USER_EMAIL!,
provider: 'Email Security Provider',
type: RestUserIdType.User,
},
],

/****** Optional parameters ******/
/**
* The name of the search hub to enforce when authenticating a query with this search token.
* The search hub is a descriptive name of the search interface on which the token is to be used.
*
y-lakhdar marked this conversation as resolved.
Show resolved Hide resolved
* Example:
* searchHub: 'supporthub',
*/

/**
* The filter query expression to apply when authenticating a query with this search token.
*
y-lakhdar marked this conversation as resolved.
Show resolved Hide resolved
* Example:
* filter: 'NOT @source="my secured source"',
*/
})
.then((data: TokenModel) => {
req.token = data.token;
next();
})
.catch((err) => {
next(err);
});

if (!req.app.locals.platform) {
req.app.locals.platform = platform;
}
}
Loading