Adding items needed for GitPod

.gitpod.yml

@@ -0,0 +1,52 @@
+tasks:
+
+  # ------------------------------------
+  # Start FusionAuth in Docker
+  # ------------------------------------
+  - name: docker-compose
+    command: |
+      gp open README.md
+      bash /workspace/fusionauth-example-express-start-here/ports.sh
+      docker compose up
+  - name: terminal
+    command: |
+      bash /workspace/fusionauth-example-express-start-here/startup.sh
+      gp preview `gp url 9011`/admin
+
+ports:
+  - port: 9011
+    onOpen: ignore
+    visibility: public
+  - port: 3000
+    onOpen: open-preview
+    visibility: public
+  - port: 9012
+    onOpen: ignore
+    visibility: public
+  - port: 9020
+    onOpen: ignore
+    visibility: public
+  - port: 9021
+    onOpen: ignore
+    visibility: public
+  - port: 5432
+    onOpen: ignore
+    visibility: public
+  - port: 1025
+    onOpen: ignore
+    visibility: public
+  - port: 1080
+    onOpen: ignore
+    visibility: public
+  - port: 8080
+    onOpen: open-preview
+    visibility: public
+  - port: 9200
+    onOpen: ignore
+    visibility: public
+  - port: 9600
+    onOpen: ignore
+    visibility: public
+  - port: 33109
+    onOpen: ignore
+    visibility: public

.vscode/settings.json

@@ -0,0 +1,7 @@
+{
+    "workbench.startupEditor": "none",
+    "workbench.editorAssociations": 
+        {
+            "README.md": "vscode.markdown.preview.editor",
+        }
+}

GITPOD.md

@@ -0,0 +1,48 @@
+# Example Get Started Application in GitPod
+
+This repo holds an example Express.js application that uses FusionAuth as the identity provider. 
+This application will use an OAuth Authorization Code Grant workflow to log a user in and 
+get them access and refresh tokens.
+
+## Launch - GitPod
+
+The system is creating a fusionauth server, along with the backend containers needed to run it.  When it is done you will have a login for the system.
+
+Login to the server with '[email protected]' and password 'password' to verify that the installation has worked.  Once there, you can move on to the Delegate step.
+
+## Delegate Authentication
+
+The next step is to delegate authentication for your application, and verify that the change is applied.  For this you will:
+* Add the [email protected] user to the application
+* Logout from the administrative user
+* Go to the test application
+* Login as the administrative user
+
+### Bring up the administrative interface
+
+In the previous step, you logged in to the system as an admin user.  Go back to that browser screen, which should be showing the administrative interface for FusionAuth.
+* Navigate to "Applications" in the left-hand sidebar (you may need to use the hamburger icon at the top left of the screen to see all options)
+* Choose the "Start Here" application
+* Choose "Edit" from the list of actions
+
+### Authorization URL and Token Handling
+
+* Scroll down to the bottom of the user page and click "Add registration"
+* Choose the "Start Here" application (it may already be selected)
+* Click the blue save icon at the top of the screen
+
+### Open the Application
+
+In your shell, type the following to start up the application:
+
+```
+cd app; npm install; npm run dev
+```
+
+Point your browser to the application:
+
+```
+gp preview `gp url 8080`
+```
+
+Now, login to the application in your browser using [email protected] and 'password' to see the integration working.

README.md

@@ -1,65 +1,47 @@
 # Example Get Started Application
 
-This repo holds an example Express.js application that uses FusionAuth as the identity provider. 
-This application will use an OAuth Authorization Code Grant workflow to log a user in and 
-get them access and refresh tokens.
+You will follow the instructions on the [Start Here](https://fusionauth.io/docs/get-started/start-here) tutorial on the FusionAuth website.  All instructions for working with this repository are there, and this page will act as a cheat sheet so you know how to access the various pieces.
 
-## Project Contents
+## Starting the GitPod Environment
 
-The `docker-compose.yml` file and the `kickstart` directory are used to start and configure a local FusionAuth server.
+Click here to start the GitPod environment:
+[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/synedra/fusionauth-example-express-start-here)
 
-The `/app` directory contains the application.
 
-## Project Dependencies
+## GitPod Elements
 
-* Docker, for running FusionAuth
-* Node 22 or later, for running the application
+GitPod environments are free to use for people with GitHub, GitLab or BitBucket accounts, but their team does gather some demographic information.  The first time you use GitPod you will be asked to fill out a few forms with data, but once you've done that once you won't need to do it again.
 
-## FusionAuth Installation via Docker
+The GitPod environment has docker containers for the database, FusionAuth server, and an email server.  In any of the 'open' command lines listed below, you can add `--external` to the gp preview command to open the page in an external browser window.
 
-In the root of this project directory (next to this README) are two files [a Docker compose file](./docker-compose.yml) and an [environment variables configuration file](./.env). Assuming you have Docker installed on your machine, you can stand up FusionAuth up on your machine with:
+Note that GitPod does not allow pasting from the clipboard by default, but it will request your permission to perform that pasting, only once.
 
-```
-docker compose up -d
-```
-
-The FusionAuth configuration files also make use of a unique feature of FusionAuth, called [Kickstart](https://fusionauth.io/docs/v1/tech/installation-guide/kickstart): when FusionAuth comes up for the first time, it will look at the [Kickstart file](./kickstart/kickstart.json) and mimic API calls to configure FusionAuth for use when it is first run. 
-
-> **NOTE**: If you ever want to reset the FusionAuth system, delete the volumes created by docker compose by executing `docker compose down -v`. 
+## Opening the Admin UI 
 
-FusionAuth will be initially configured with these settings:
+In the terminal, to open the FusionAuth administrative UI:
 
-* Your client Id is: `e9fdb985-9173-4e01-9d73-ac2d60d1dc8e`
-* Your client secret is: `super-secret-secret-that-should-be-regenerated-for-production`
-* Your example username is `[email protected]` and your password is `password`.
-* Your admin username is `[email protected]` and your password is `password`.
-* Your fusionAuthBaseUrl is 'http://localhost:9011/'
 
-You can log into the [FusionAuth admin UI](http://localhost:9011/admin) and look around if you want, but with Docker/Kickstart you don't need to.
+## Starting the Start Here application
 
-## Running the Example App
-To run the application, first go into the project directory
+In the terminal, to start the Start Here application:
 
 ```shell
 cd app
-```
-
-Install dependencies
-
-```shell
 npm install
+npm run dev
 ```
 
-Start the application
+To access the running Start Here application:
 
-```shell
-npm run dev
+```
+gp preview `gp url 8080`
 ```
 
-Go to `https://localhost:8080` to log in and make some change.
+## Accessing the Email Catcher
 
-## Troubleshooting
+To access the running email catcher from the terminal:
 
-Magic links don't work on safari when using localhost.
+```
+gp preview `gp url 1080`
+```
 
-Use chrome or firefox instead.

app/.env

@@ -1,3 +1,4 @@
 clientId="e9fdb985-9173-4e01-9d73-ac2d60d1dc8e"
 clientSecret="super-secret-secret-that-should-be-regenerated-for-production"
-fusionAuthURL="http://localhost:9011"
+fusionAuthURL="http://localhost:9011"
+fusionAuthRedirectURL="http://localhost:8080"

app/src/index.ts

@@ -29,6 +29,7 @@ if (!process.env.fusionAuthURL) {
 const clientId = process.env.clientId;
 const clientSecret = process.env.clientSecret;
 const fusionAuthURL = process.env.fusionAuthURL;
+const fusionAuthRedirectURL = process.env.fusionAuthRedirectURL
 
 // Validate the token signature, make sure it wasn't expired
 const validateUser = async (userTokenCookie: { access_token: string }) => {
@@ -48,7 +49,6 @@ const validateUser = async (userTokenCookie: { access_token: string }) => {
   }
 }
 
-
 const getKey: GetPublicKeyOrSecret = async (header, callback) => {
   const jwks = jwksClient({
     jwksUri: `${fusionAuthURL}/.well-known/jwks.json`
@@ -97,15 +97,14 @@ app.get('/login', (req, res, next) => {
   if (!userSessionCookie?.stateValue || !userSessionCookie?.challenge) {
     res.redirect(302, '/');
   }
-
 //tag::login[]
   res.redirect(302, `${fusionAuthURL}/oauth2/authorize?client_id=${clientId}&`+
-                    `scope=profile%20email%20openid&`+
-                    `response_type=code&`+
-                    `redirect_uri=http://localhost:${port}/oauth-redirect&`+
-                    `state=${userSessionCookie?.stateValue}&`+
-                    `code_challenge=${userSessionCookie?.challenge}&`+
-                    `code_challenge_method=S256`)
+    `scope=profile%20email%20openid&`+
+    `response_type=code&`+
+    `redirect_uri=${fusionAuthRedirectURL}/oauth-redirect&`+
+    `state=${userSessionCookie?.stateValue}&`+
+    `code_challenge=${userSessionCookie?.challenge}&`+
+    `code_challenge_method=S256`)
 //end::login[]
 });
 
@@ -129,7 +128,7 @@ app.get('/oauth-redirect', async (req, res, next) => {
     const accessToken = (await client.exchangeOAuthCodeForAccessTokenUsingPKCE(authCode,
       clientId,
       clientSecret,
-      `http://localhost:${port}/oauth-redirect`,
+      `${fusionAuthRedirectURL}/oauth-redirect`,
       userSessionCookie.verifier)).response;
 
     if (!accessToken.access_token) {

docker-compose.yml

@@ -16,35 +16,6 @@ services:
     volumes:
       - db_data:/var/lib/postgresql/data
 
-  search:
-    image: opensearchproject/opensearch:2.11.0
-    environment:
-      cluster.name: fusionauth
-      discovery.type: single-node
-      node.name: search
-      plugins.security.disabled: true
-      bootstrap.memory_lock: true
-      OPENSEARCH_JAVA_OPTS: ${OPENSEARCH_JAVA_OPTS}
-    healthcheck:
-      interval: 10s
-      retries: 80
-      test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:9200/
-    restart: unless-stopped
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    ports:
-      - 9200:9200 # REST API
-      - 9600:9600 # Performance Analyzer
-    volumes:
-      - search_data:/usr/share/opensearch/data
-    networks:
-      - search_net
-
   mailcatcher:
     image: sj26/mailcatcher
     ports:
@@ -62,8 +33,6 @@ services:
     depends_on:
       db:
         condition: service_healthy
-      search:
-        condition: service_healthy
       mailcatcher:
         condition: service_healthy
     environment:
@@ -75,12 +44,10 @@ services:
       FUSIONAUTH_APP_MEMORY: ${FUSIONAUTH_APP_MEMORY}
       FUSIONAUTH_APP_RUNTIME_MODE: ${FUSIONAUTH_APP_RUNTIME_MODE}
       FUSIONAUTH_APP_URL: http://fusionauth:9011
-      SEARCH_SERVERS: http://search:9200
-      SEARCH_TYPE: elasticsearch
+      SEARCH_TYPE: database
       FUSIONAUTH_APP_KICKSTART_FILE: ${FUSIONAUTH_APP_KICKSTART_FILE}
     networks:
       - db_net
-      - search_net
       - mailcatcher_net
     restart: unless-stopped
     ports:
@@ -92,12 +59,9 @@ services:
 networks:
   db_net:
     driver: bridge
-  search_net:
-    driver: bridge
   mailcatcher_net:
     driver: bridge
 
 volumes:
   db_data:
   fusionauth_config:
-  search_data:

ports.sh

@@ -0,0 +1,28 @@
+#!/bin/env
+
+# This file is a simple regular expression engine that adjusts the URLs for fusionauth and the application.
+# In a "normal" docker environment on localhost, the URLs are:
+#   - http://localhost:9011 - FusionAuth Server
+#   - http://localhost:9012 - FusionAuth Auth server
+#   - http://localhost:3000 - Local application (express, react)
+#   - http://localhost:8080 - Sometimes we use 8080 for the local application
+#   - http://localhost:${port} - In some cases the string uses a variable for the port
+#
+# In github, there is a URL specific to the workspace that has been pulled.
+# You can get that URL by calling `gp url PORT` and it will return the correct URL for the server at that port
+# For example, a test workspace that I created is using https://synedra-fusionauthexamp-tpjajna9md7.ws-us117.gitpod.io as the server, so:
+# - `gp url 3000` returns https://3000-synedra-fusionauthexamp-tpjajna9md7.ws-us117.gitpod.io
+# - `gp url 9011` returns https://9011-synedra-fusionauthexamp-tpjajna9md7.ws-us117.gitpod.io
+#    Note that adding `admin` to the path points directly to the admin UI: `gp url 9011`/admin gives https://9011-synedra-fusionauthexamp-tpjajna9md7.ws-us117.gitpod.io/admin
+
+export REDIRECT_URL=`gp url 3000`
+export FUSIONAUTH_URL=`gp url 9011`
+export FUSIONAUTH_9012_URL=`gp url 9012`
+export FUSIONAUTH_8080=`gp url 8080`
+
+perl -pi -e 's#http://localhost:9011#$ENV{FUSIONAUTH_URL}#g' kickstart/kickstart.json app/src/index.ts app/.env kickstart/email-templates/*
+perl -pi -e 's#http://localhost:9012#$ENV{FUSIONAUTH_9012_URL}#g' kickstart/kickstart.json app/src/index.ts app/.env kickstart/email-templates/*
+perl -pi -e 's#http://localhost:3000#$ENV{REDIRECT_URL}#g' kickstart/kickstart.json app/src/index.ts app/.env kickstart/email-templates/*
+perl -pi -e 's#http://localhost:8080#$ENV{FUSIONAUTH_8080}#g' kickstart/kickstart.json app/src/index.ts app/.env kickstart/email-templates/*
+perl -pi -e 's#http://localhost:\{port\}#$ENV{FUSIONAUTH_8080}#g' kickstart/kickstart.json app/src/index.ts app/.env kickstart/email-templates/*
+

startup.sh

@@ -0,0 +1,8 @@
+#!/bin/env
+echo "Waiting for the FusionAuth server to start up on http://localhost:9011."
+echo "When the server has started up you will get a terminal prompt and see the administrative login in the left hand pane of the browser window."
+until curl --output /dev/null --silent --head --fail http://localhost:9011/api/health; do
+    printf "."
+    sleep 5
+done
+sleep 5